{"version":3,"file":"session-auth.mjs","sources":["../../../../shared/utils/session-auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { Modules } from '@strapi/types';\n\nexport const REFRESH_COOKIE_NAME = 'strapi_admin_refresh';\n\nexport const DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN = 30 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;\nexport const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;\n\nexport const getRefreshCookieOptions = (secureRequest?: boolean) => {\n  const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n  const isProduction = process.env.NODE_ENV === 'production';\n\n  const domain: string | undefined =\n    strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');\n  const path: string = strapi.config.get('admin.auth.cookie.path', '/admin');\n\n  const sameSite: boolean | 'lax' | 'strict' | 'none' =\n    strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';\n\n  let isSecure: boolean;\n  if (typeof configuredSecure === 'boolean') {\n    isSecure = configuredSecure;\n  } else if (secureRequest !== undefined) {\n    isSecure = isProduction && secureRequest;\n  } else {\n    isSecure = isProduction;\n  }\n\n  return {\n    httpOnly: true,\n    secure: isSecure,\n    overwrite: true,\n    domain,\n    path,\n    sameSite,\n    maxAge: undefined,\n  };\n};\n\nconst getLifespansForType = (\n  type: 'refresh' | 'session'\n): { idleSeconds: number; maxSeconds: number } => {\n  if (type === 'refresh') {\n    const idleSeconds = Number(\n      strapi.config.get(\n        'admin.auth.sessions.idleRefreshTokenLifespan',\n        DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n      )\n    );\n    const maxSeconds = Number(\n      strapi.config.get(\n        'admin.auth.sessions.maxRefreshTokenLifespan',\n        DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN\n      )\n    );\n\n    return { idleSeconds, maxSeconds };\n  }\n\n  const idleSeconds = Number(\n    strapi.config.get('admin.auth.sessions.idleSessionLifespan', DEFAULT_IDLE_SESSION_LIFESPAN)\n  );\n  const maxSeconds = Number(\n    strapi.config.get('admin.auth.sessions.maxSessionLifespan', DEFAULT_MAX_SESSION_LIFESPAN)\n  );\n\n  return { idleSeconds, maxSeconds };\n};\n\nexport const buildCookieOptionsWithExpiry = (\n  type: 'refresh' | 'session',\n  absoluteExpiresAtISO?: string,\n  secureRequest?: boolean\n) => {\n  const base = getRefreshCookieOptions(secureRequest);\n  if (type === 'session') {\n    return base;\n  }\n\n  const { idleSeconds } = getLifespansForType('refresh');\n  const now = Date.now();\n  const idleExpiry = now + idleSeconds * 1000;\n  const absoluteExpiry = absoluteExpiresAtISO\n    ? new Date(absoluteExpiresAtISO).getTime()\n    : idleExpiry;\n  const chosen = new Date(Math.min(idleExpiry, absoluteExpiry));\n\n  return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };\n};\n\nexport const getSessionManager = (): Modules.SessionManager.SessionManagerService | null => {\n  const manager = strapi.sessionManager as Modules.SessionManager.SessionManagerService | undefined;\n  return manager ?? null;\n};\n\nexport const generateDeviceId = (): string => crypto.randomUUID();\n\nexport const extractDeviceParams = (\n  requestBody: unknown\n): { deviceId: string; rememberMe: boolean } => {\n  const body = (requestBody ?? {}) as { deviceId?: string; rememberMe?: boolean };\n  const deviceId = body.deviceId || generateDeviceId();\n  const rememberMe = Boolean(body.rememberMe);\n\n  return { deviceId, rememberMe };\n};\n"],"names":["REFRESH_COOKIE_NAME","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","getRefreshCookieOptions","secureRequest","configuredSecure","strapi","config","get","isProduction","process","env","NODE_ENV","domain","path","sameSite","isSecure","undefined","httpOnly","secure","overwrite","maxAge","getLifespansForType","type","idleSeconds","Number","maxSeconds","buildCookieOptionsWithExpiry","absoluteExpiresAtISO","base","now","Date","idleExpiry","absoluteExpiry","getTime","chosen","Math","min","expires","max","getSessionManager","manager","sessionManager","generateDeviceId","crypto","randomUUID","extractDeviceParams","requestBody","body","deviceId","rememberMe","Boolean"],"mappings":";;AAGO,MAAMA,sBAAsB;AAEtBC,MAAAA,kCAAAA,GAAqC,EAAK,GAAA,EAAA,GAAK,KAAK;AACpDC,MAAAA,mCAAAA,GAAsC,EAAK,GAAA,EAAA,GAAK,KAAK;AACrDC,MAAAA,4BAAAA,GAA+B,CAAI,GAAA,EAAA,GAAK,KAAK;AAC7CC,MAAAA,6BAAAA,GAAgC,CAAI,GAAA,EAAA,GAAK;AAE/C,MAAMC,0BAA0B,CAACC,aAAAA,GAAAA;AACtC,IAAA,MAAMC,gBAAmBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA;AAC3C,IAAA,MAAMC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;IAE9C,MAAMC,MAAAA,GACJP,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA,IAA+BF,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,mBAAA,CAAA;AACrE,IAAA,MAAMM,OAAeR,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,wBAA0B,EAAA,QAAA,CAAA;AAEjE,IAAA,MAAMO,WACJT,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,4BAAiC,CAAA,IAAA,KAAA;IAErD,IAAIQ,QAAAA;IACJ,IAAI,OAAOX,qBAAqB,SAAW,EAAA;QACzCW,QAAWX,GAAAA,gBAAAA;KACN,MAAA,IAAID,kBAAkBa,SAAW,EAAA;AACtCD,QAAAA,QAAAA,GAAWP,YAAgBL,IAAAA,aAAAA;KACtB,MAAA;QACLY,QAAWP,GAAAA,YAAAA;AACb;IAEA,OAAO;QACLS,QAAU,EAAA,IAAA;QACVC,MAAQH,EAAAA,QAAAA;QACRI,SAAW,EAAA,IAAA;AACXP,QAAAA,MAAAA;AACAC,QAAAA,IAAAA;AACAC,QAAAA,QAAAA;QACAM,MAAQJ,EAAAA;AACV,KAAA;AACF;AAEA,MAAMK,sBAAsB,CAC1BC,IAAAA,GAAAA;AAEA,IAAwB;AACtB,QAAA,MAAMC,cAAcC,MAClBnB,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,8CACAR,EAAAA,mCAAAA,CAAAA,CAAAA;AAGJ,QAAA,MAAM0B,aAAaD,MACjBnB,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,6CACAT,EAAAA,kCAAAA,CAAAA,CAAAA;QAIJ,OAAO;AAAEyB,YAAAA,WAAAA;AAAaE,YAAAA;AAAW,SAAA;AACnC;AAUF,CAAA;AAEaC,MAAAA,4BAAAA,GAA+B,CAC1CJ,IAAAA,EACAK,oBACAxB,EAAAA,aAAAA,GAAAA;AAEA,IAAA,MAAMyB,OAAO1B,uBAAwBC,CAAAA,aAAAA,CAAAA;AACrC,IAAA,IAAImB,SAAS,SAAW,EAAA;QACtB,OAAOM,IAAAA;AACT;AAEA,IAAA,MAAM,EAAEL,WAAW,EAAE,GAAGF,mBAAoB,CAAA,CAAA;IAC5C,MAAMQ,GAAAA,GAAMC,KAAKD,GAAG,EAAA;IACpB,MAAME,UAAAA,GAAaF,MAAMN,WAAc,GAAA,IAAA;AACvC,IAAA,MAAMS,iBAAiBL,oBACnB,GAAA,IAAIG,IAAKH,CAAAA,oBAAAA,CAAAA,CAAsBM,OAAO,EACtCF,GAAAA,UAAAA;AACJ,IAAA,MAAMG,SAAS,IAAIJ,IAAAA,CAAKK,IAAKC,CAAAA,GAAG,CAACL,UAAYC,EAAAA,cAAAA,CAAAA,CAAAA;IAE7C,OAAO;AAAE,QAAA,GAAGJ,IAAI;QAAES,OAASH,EAAAA,MAAAA;AAAQd,QAAAA,MAAAA,EAAQe,KAAKG,GAAG,CAAC,CAAGJ,EAAAA,MAAAA,CAAOD,OAAO,EAAKJ,GAAAA,GAAAA;AAAK,KAAA;AACjF;MAEaU,iBAAoB,GAAA,IAAA;IAC/B,MAAMC,OAAAA,GAAUnC,OAAOoC,cAAc;AACrC,IAAA,OAAOD,OAAW,IAAA,IAAA;AACpB;AAEaE,MAAAA,gBAAAA,GAAmB,IAAcC,MAAAA,CAAOC,UAAU;AAExD,MAAMC,sBAAsB,CACjCC,WAAAA,GAAAA;IAEA,MAAMC,IAAAA,GAAQD,eAAe,EAAC;IAC9B,MAAME,QAAAA,GAAWD,IAAKC,CAAAA,QAAQ,IAAIN,gBAAAA,EAAAA;IAClC,MAAMO,UAAAA,GAAaC,OAAQH,CAAAA,IAAAA,CAAKE,UAAU,CAAA;IAE1C,OAAO;AAAED,QAAAA,QAAAA;AAAUC,QAAAA;AAAW,KAAA;AAChC;;;;"}