35 lines
1.6 KiB
JavaScript
35 lines
1.6 KiB
JavaScript
"use strict";
|
|
const crypto = require("node:crypto");
|
|
|
|
class SessionManager {
|
|
constructor({ absoluteTtl = 12 * 3600, idleTtl = 3600 } = {}) {
|
|
this.absoluteTtl = absoluteTtl;
|
|
this.idleTtl = idleTtl;
|
|
this.sessions = new Map();
|
|
}
|
|
create(identity, server, scopes, now = Date.now() / 1000) {
|
|
const token = crypto.randomBytes(32).toString("hex");
|
|
const hash = this.hash(token);
|
|
this.sessions.set(hash, { pid: identity.pid, name: identity.name, server, scopes: [...new Set(scopes)], created: now, last_used: now, expires: now + this.absoluteTtl });
|
|
return { token, expires_in: this.absoluteTtl, idle_timeout: this.idleTtl };
|
|
}
|
|
verify(token, identity, server, scope, now = Date.now() / 1000) {
|
|
const session = this.sessions.get(this.hash(token || ""));
|
|
if (!session) return { ok: false, reason: "session_not_found" };
|
|
if (now > session.expires || now - session.last_used > this.idleTtl) { this.sessions.delete(this.hash(token)); return { ok: false, reason: "session_expired" }; }
|
|
if (session.pid !== identity.pid || session.server !== server) return { ok: false, reason: "session_binding_mismatch" };
|
|
if (!session.scopes.includes(scope)) return { ok: false, reason: "session_scope_denied" };
|
|
session.last_used = now;
|
|
return { ok: true, session };
|
|
}
|
|
end(token, identity) {
|
|
const hash = this.hash(token || "");
|
|
const session = this.sessions.get(hash);
|
|
if (!session || session.pid !== identity.pid) return false;
|
|
this.sessions.delete(hash);
|
|
return true;
|
|
}
|
|
hash(token) { return crypto.createHash("sha256").update(token).digest("hex"); }
|
|
}
|
|
module.exports = { SessionManager };
|