janpeter/Ops-dashboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: login page, session management, auth API routes en proxy guard

Browse source 
- lib/session.ts: token generatie, SHA-256 hashing, createSession/getCurrentUser/invalidateSession
- app/api/auth/login: bcrypt verificatie, session aanmaken, ops_session cookie (httpOnly, sameSite=strict, 24h TTL), rate-limit 5/min per IP
- app/api/auth/logout: session invalideren en cookie verwijderen
- app/login/page.tsx: login form (client component)
- proxy.ts: route-protectie – redirect naar /login zonder sessie (middleware.ts is deprecated in Next.js 16)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scrum4Me Agent 2026-05-13 17:10:07 +02:00
parent cce0f25419
commit be05724de0
5 changed files with 250 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
app/api/auth/logout/route.ts Normal file
View file

@ -0,0 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { cookies } from 'next/headers'
import { invalidateSession } from '@/lib/session'
export async function POST(_request: NextRequest) {
const cookieStore = await cookies()
const token = cookieStore.get('ops_session')?.value
if (token) {
await invalidateSession(token)
}
const response = NextResponse.json({ success: true })
response.cookies.delete('ops_session')
return response
}