janpeter/Scrum4Me
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
Scrum4Me/lib
History
Madhura68 b4813e6e54 feat(ST-1002): add pairing helpers, pre-auth cookie + paired-session guard 
lib/auth/pairing.ts: pure crypto-helpers voor de QR-pairing flow.
- generateMobileSecret() / generateDesktopToken() — beide 32 bytes base64url, los
  zodat ze elkaar niet onthullen
- hashToken(t) — sha256-hex
- verifyToken(t, hash) — timingSafeEqual met length-guard
- isPairedSessionExpired(session) — geëxtraheerde helper zodat de Server-
  Component-render Date.now() niet rechtstreeks aanroept (React Compiler-flag)

lib/auth/pair-cookie.ts: HttpOnly pre-auth cookie helpers (s4m_pair).
- Path=/api/auth/pair, Max-Age=120s (gelijk aan pending-TTL pairing),
  SameSite=Lax, Secure in productie

lib/session.ts: SessionData uitgebreid met optionele paired + pairedExpiresAt.

app/(app)/layout.tsx: guard die paired-sessies vernietigt zodra
pairedExpiresAt verstreken is en redirect naar /login.

Tests: 14 unit-tests in __tests__/lib/auth/pairing.test.ts dekken hash-
determinisme, timing-safe verify (true/false/length-mismatch), generator-
uniciteit en vier expiry-scenario's voor isPairedSessionExpired.

Quality gates: npm run lint (0 errors), tsc --noEmit clean, vitest 111/111.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 22:23:00 +02:00
..
auth feat(ST-1002): add pairing helpers, pre-auth cookie + paired-session guard 2026-04-27 22:23:00 +02:00
realtime feat(M8): Realtime Solo Paneel via Postgres LISTEN/NOTIFY (ST-801..ST-806) (#8) 2026-04-27 13:59:32 +02:00
api-auth.ts feat(M8): Realtime Solo Paneel via Postgres LISTEN/NOTIFY (ST-801..ST-806) (#8) 2026-04-27 13:59:32 +02:00
auth.ts feat(ST-350): add auth helpers — getSession, requireUser, requireWriter, requireProductAccess, requireProductWriter 2026-04-26 16:03:32 +02:00
code-server.ts Todo description, entity codes, REST API extensions and Claude Code hardening (ST-509/511/512/513) (#2) 2026-04-26 23:40:54 +02:00
code.ts fix(ST-507): split server-only code helpers into lib/code-server to keep client bundle clean 2026-04-26 20:42:55 +02:00
env.ts feat: ST-001–ST-005 foundation — scaffolding, Prisma, schema, seed, env 2026-04-22 21:04:48 +02:00
prisma.ts chore: SQLite verwijderd — alleen PostgreSQL via Neon 2026-04-25 12:15:19 +02:00
product-access.ts feat: show active product name in navbar, links to product page 2026-04-26 17:56:50 +02:00
rate-limit.ts feat: ST-601-ST-612 M6 polish, beveiliging en launch-ready 2026-04-24 12:36:23 +02:00
session.ts feat(ST-1002): add pairing helpers, pre-auth cookie + paired-session guard 2026-04-27 22:23:00 +02:00
task-status.ts Todo description, entity codes, REST API extensions and Claude Code hardening (ST-509/511/512/513) (#2) 2026-04-26 23:40:54 +02:00
utils.ts feat: ST-001–ST-005 foundation — scaffolding, Prisma, schema, seed, env 2026-04-22 21:04:48 +02:00