27147647689

Committed 08 Jun 2026 03:16PM UTC coverage: 67.223% (+0.2%) from 66.977%

Build # 27147647689

Build Type

Pull #641

github

Committed by

web-flow

Commit Message

Merge 4f7095a1a into 1295272c3

Pull Request Pull Request #641: feat: add admin backend foundation (login, session, health)

Coverage Stats

1953 of 3265 branches covered (59.82%)

Branch coverage included in aggregate %.

139 of 168 new or added lines in 14 files covered. (82.74%)

4489 of 6318 relevant lines covered (71.05%)

20.36 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.95

/src/utils/admin-session.ts

import { timingSafeEqual } from 'crypto'

import { deriveFromSecret, hmacSha256 } from './secret'

export const createAdminSessionToken = (expiresAt: number): string => {
  const signature = hmacSha256(deriveFromSecret('admin-session'), `${expiresAt}`).toString('hex')
  return `${expiresAt}.${signature}`
}

export const parseAdminSessionToken = (token: string): { expiresAt: number } | undefined => {
  const separatorIndex = token.indexOf('.')
  if (separatorIndex <= 0) {
    return undefined
  }

  const expiresAt = Number(token.slice(0, separatorIndex))
  if (!Number.isFinite(expiresAt)) {
    return undefined
  }

  return { expiresAt }
}

export const isValidAdminSessionToken = (token: string, nowSeconds = Math.floor(Date.now() / 1000)): boolean => {
  const separatorIndex = token.indexOf('.')
  if (separatorIndex <= 0) {
    return false
  }

  const expiresAt = Number(token.slice(0, separatorIndex))
  const signature = token.slice(separatorIndex + 1)

  if (!Number.isFinite(expiresAt) || expiresAt <= nowSeconds || !/^[0-9a-f]+$/.test(signature)) {
    return false
  }

  const expected = hmacSha256(deriveFromSecret('admin-session'), `${expiresAt}`).toString('hex')
  const expectedBuf = Buffer.from(expected, 'utf8')
  const actualBuf = Buffer.from(signature, 'utf8')

  if (expectedBuf.length !== actualBuf.length) {
    return false
  }

  return timingSafeEqual(expectedBuf, actualBuf)
}

export const getAdminSessionTokenFromRequest = (authorizationHeader?: string, cookieHeader?: string): string | undefined => {
  if (authorizationHeader?.startsWith('Bearer ')) {
    const token = authorizationHeader.slice('Bearer '.length).trim()
    return token.length > 0 ? token : undefined
  }

  if (!cookieHeader) {
    return undefined
  }

  for (const part of cookieHeader.split(';')) {
    const [name, ...valueParts] = part.trim().split('=')
    if (name === 'admin_session') {
      const value = valueParts.join('=').trim()
      return value.length > 0 ? value : undefined
    }
  }

  return undefined
}

1	import { timingSafeEqual } from 'crypto'	2✔
2
3	import { deriveFromSecret, hmacSha256 } from './secret'	2✔
4
5	export const createAdminSessionToken = (expiresAt: number): string => {	2✔
6	const signature = hmacSha256(deriveFromSecret('admin-session'), `${expiresAt}`).toString('hex')	3✔
7	return `${expiresAt}.${signature}`	3✔
8	}
9
10	export const parseAdminSessionToken = (token: string): { expiresAt: number } \| undefined => {	2✔
11	const separatorIndex = token.indexOf('.')	2✔
12	if (separatorIndex <= 0) {	2!
NEW 13	return undefined	×
14	}
15
16	const expiresAt = Number(token.slice(0, separatorIndex))	2✔
17	if (!Number.isFinite(expiresAt)) {	2!
NEW 18	return undefined	×
19	}
20
21	return { expiresAt }	2✔
22	}
23
24	export const isValidAdminSessionToken = (token: string, nowSeconds = Math.floor(Date.now() / 1000)): boolean => {	2✔
25	const separatorIndex = token.indexOf('.')	7✔
26	if (separatorIndex <= 0) {	7!
NEW 27	return false	×
28	}
29
30	const expiresAt = Number(token.slice(0, separatorIndex))	7✔
31	const signature = token.slice(separatorIndex + 1)	7✔
32
33	if (!Number.isFinite(expiresAt) \|\| expiresAt <= nowSeconds \|\| !/^[0-9a-f]+$/.test(signature)) {	7!
NEW 34	return false	×
35	}
36
37	const expected = hmacSha256(deriveFromSecret('admin-session'), `${expiresAt}`).toString('hex')	7✔
38	const expectedBuf = Buffer.from(expected, 'utf8')	7✔
39	const actualBuf = Buffer.from(signature, 'utf8')	7✔
40
41	if (expectedBuf.length !== actualBuf.length) {	7✔
42	return false	1✔
43	}
44
45	return timingSafeEqual(expectedBuf, actualBuf)	6✔
46	}
47
48	export const getAdminSessionTokenFromRequest = (authorizationHeader?: string, cookieHeader?: string): string \| undefined => {	2✔
49	if (authorizationHeader?.startsWith('Bearer ')) {	11✔
50	const token = authorizationHeader.slice('Bearer '.length).trim()	4✔
51	return token.length > 0 ? token : undefined	4!
52	}
53
54	if (!cookieHeader) {	7✔
55	return undefined	2✔
56	}
57
58	for (const part of cookieHeader.split(';')) {	5✔
59	const [name, ...valueParts] = part.trim().split('=')	5✔
60	if (name === 'admin_session') {	5!
61	const value = valueParts.join('=').trim()	5✔
62	return value.length > 0 ? value : undefined	5!
63	}
64	}
65
NEW 66	return undefined	×
67	}

cameri / nostream / 27147647689

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous