• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

cameri / nostream / 28786781914

06 Jul 2026 11:01AM UTC coverage: 67.635% (-0.1%) from 67.747%
28786781914

Pull #666

github

web-flow
Merge 9228c2439 into 237b1a427
Pull Request #666: feat(admin): add observability dashboard UI with Grafana embeds

2111 of 3495 branches covered (60.4%)

Branch coverage included in aggregate %.

138 of 208 new or added lines in 15 files covered. (66.35%)

4827 of 6763 relevant lines covered (71.37%)

19.59 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.46
/src/utils/admin-session.ts
1
import { timingSafeEqual } from 'crypto'
2✔
2
import { IncomingMessage } from 'http'
3

4
import { Settings } from '../@types/settings'
5
import { getPublicPathPrefix, isSecureRequest, joinPathPrefix } from './http'
2✔
6
import { deriveFromSecret, hmacSha256 } from './secret'
2✔
7

8
export const DEFAULT_ADMIN_SESSION_TTL_SECONDS = 86400
2✔
9

10
export const resolveAdminSessionTtlSeconds = (
2✔
11
  sessionTtlSeconds: number | undefined,
12
  defaultTtlSeconds = DEFAULT_ADMIN_SESSION_TTL_SECONDS,
8✔
13
): number => {
14
  if (typeof sessionTtlSeconds === 'number' && Number.isFinite(sessionTtlSeconds) && sessionTtlSeconds > 0) {
8✔
15
    return Math.floor(sessionTtlSeconds)
3✔
16
  }
17

18
  return defaultTtlSeconds
5✔
19
}
20

21
export const buildAdminSessionCookieHeader = (
2✔
22
  request: IncomingMessage,
23
  settings: Settings,
24
  token: string,
25
  maxAgeSeconds: number,
26
): string => {
27
  const cookiePath = joinPathPrefix(getPublicPathPrefix(request, settings), '/admin')
4✔
28
  const secure = isSecureRequest(request, settings) ? '; Secure' : ''
4✔
29

30
  return `admin_session=${token}; Path=${cookiePath}; HttpOnly; SameSite=Strict; Max-Age=${maxAgeSeconds}${secure}`
4✔
31
}
32

33
export const buildAdminSessionClearCookieHeader = (request: IncomingMessage, settings: Settings): string => {
2✔
NEW
34
  const cookiePath = joinPathPrefix(getPublicPathPrefix(request, settings), '/admin')
×
NEW
35
  const secure = isSecureRequest(request, settings) ? '; Secure' : ''
×
36

NEW
37
  return `admin_session=; Path=${cookiePath}; HttpOnly; SameSite=Strict; Max-Age=0${secure}`
×
38
}
39

40
export const createAdminSessionToken = (expiresAt: number): string => {
2✔
41
  const signature = hmacSha256(deriveFromSecret('admin-session'), `${expiresAt}`).toString('hex')
4✔
42
  return `${expiresAt}.${signature}`
3✔
43
}
44

45
export const parseAdminSessionToken = (token: string): { expiresAt: number } | undefined => {
2✔
46
  const separatorIndex = token.indexOf('.')
2✔
47
  if (separatorIndex <= 0) {
2!
48
    return undefined
×
49
  }
50

51
  const expiresAt = Number(token.slice(0, separatorIndex))
2✔
52
  if (!Number.isFinite(expiresAt)) {
2!
53
    return undefined
×
54
  }
55

56
  return { expiresAt }
2✔
57
}
58

59
export const isValidAdminSessionToken = (token: string, nowSeconds = Math.floor(Date.now() / 1000)): boolean => {
2✔
60
  const separatorIndex = token.indexOf('.')
7✔
61
  if (separatorIndex <= 0) {
7!
62
    return false
×
63
  }
64

65
  const expiresAt = Number(token.slice(0, separatorIndex))
7✔
66
  const signature = token.slice(separatorIndex + 1)
7✔
67

68
  if (!Number.isFinite(expiresAt) || expiresAt <= nowSeconds || !/^[0-9a-f]+$/.test(signature)) {
7!
69
    return false
×
70
  }
71

72
  const expected = hmacSha256(deriveFromSecret('admin-session'), `${expiresAt}`).toString('hex')
7✔
73
  const expectedBuf = Buffer.from(expected, 'utf8')
6✔
74
  const actualBuf = Buffer.from(signature, 'utf8')
6✔
75

76
  if (expectedBuf.length !== actualBuf.length) {
6✔
77
    return false
1✔
78
  }
79

80
  return timingSafeEqual(expectedBuf, actualBuf)
5✔
81
}
82

83
export const getAdminSessionTokenFromRequest = (authorizationHeader?: string, cookieHeader?: string): string | undefined => {
2✔
84
  if (authorizationHeader?.startsWith('Bearer ')) {
12✔
85
    const token = authorizationHeader.slice('Bearer '.length).trim()
3✔
86
    return token.length > 0 ? token : undefined
3!
87
  }
88

89
  if (!cookieHeader) {
9✔
90
    return undefined
3✔
91
  }
92

93
  for (const part of cookieHeader.split(';')) {
6✔
94
    const [name, ...valueParts] = part.trim().split('=')
6✔
95
    if (name === 'admin_session') {
6!
96
      const value = valueParts.join('=').trim()
6✔
97
      return value.length > 0 ? value : undefined
6!
98
    }
99
  }
100

101
  return undefined
×
102
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc