wip

vercel-labs · Mar 13, 2024 · 785d16d · 785d16d
1 parent 6bd0c86
commit 785d16d
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 7 deletions.
diff --git a/drizzle/schema.ts b/drizzle/schema.ts
@@ -1,4 +1,12 @@
-import { serial, text, pgTable, uniqueIndex } from "drizzle-orm/pg-core"
+import {
+  serial,
+  text,
+  pgTable,
+  uniqueIndex,
+  integer,
+  timestamp,
+  time,
+} from "drizzle-orm/pg-core"
 import { InferInsertModel } from "drizzle-orm"
 
 export const users = pgTable(
@@ -16,4 +24,15 @@ export const users = pgTable(
   },
 )
 
+export const sessions = pgTable("sessions", {
+  id: serial("id").primaryKey(),
+  userId: integer("userId")
+    .references(() => users.id)
+    .notNull(),
+  token: text("token").unique().notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+  expiresAt: timestamp("expires_at").notNull(),
+})
+
 export type NewUser = InferInsertModel<typeof users>
+export type NewSession = InferInsertModel<typeof sessions>
diff --git a/lib/dal.ts b/lib/dal.ts
diff --git a/lib/session.ts b/lib/session.ts
@@ -1,17 +1,46 @@
-// this file includes the sessiong management logic for
-// creating, verifying, and deleting sessions with JWTs and server-side cookies.
+// this file includes the session management logic for
+// creating, verifying, and deleting sessions with server-side tokens.
 
-"use server"
+"server-only"
 
+import { db } from "@/drizzle/db"
+import { sessions } from "@/drizzle/schema"
 import jwt from "jsonwebtoken"
 import { cookies } from "next/headers"
 
 const secretKey = "yourSecretKey"
 
-export function createSession(id: number) {}
+export async function createSession(id: number) {
+  const token = jwt.sign({ id }, secretKey, {
+    expiresIn: "1h",
+  })
 
-export function deleteSesssion() {}
+  // Option 1: Storing server-side tokens
+  const expiresAt = new Date(Date.now() + 60 * 60 * 1000)
+
+  const serverToken = await db
+    .insert(sessions)
+    .values({
+      userId: id,
+      token,
+      expiresAt,
+    })
+    .returning({ token: sessions.token })
+
+  // Option 2: Stateless session
+  cookies().set("token", token, {
+    httpOnly: true,
+    secure: true,
+    expires: new Date(Date.now() + 3600),
+    sameSite: "lax",
+    path: "/",
+  })
+}
+
+export async function verifySession() {
+}
 
 export function updateSession() {}
 
-export function verifySession() {}
+export function deleteSesssion() {
+}