elpatron/kapteins-daagbok
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
ee94a5be10f6231a65d6a6458ad5029702fbd209
kapteins-daagbok/server/src/utils/challengeStore.ts
T
elpatron e138752dd3 feat(security): Sprint 1 hardening for production behind NPM 
Add trust proxy, WebAuthn challenge TTL, stricter public collaboration
rate limits, generic 500 responses, Docker POSTGRES_PASSWORD from env,
nginx security headers/CSP, and deployment documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-01 15:02:15 +02:00

77 lines
1.9 KiB
TypeScript
Raw Blame History

/** WebAuthn challenge TTL — align with sign route. */
export const CHALLENGE_TTL_MS = 5 * 60 * 1000
interface TimedValue<T> {
value: T
expiresAt: number
}
/** Challenge keyed by arbitrary string (e.g. username) with a string payload. */
export class ChallengeMap {
private readonly entries = new Map<string, TimedValue<string>>()
prune(): void {
const now = Date.now()
for (const [key, entry] of this.entries) {
if (entry.expiresAt <= now) this.entries.delete(key)
}
}
set(key: string, value: string): void {
this.prune()
this.entries.set(key, { value, expiresAt: Date.now() + CHALLENGE_TTL_MS })
}
get(key: string): string | undefined {
this.prune()
const entry = this.entries.get(key)
if (!entry) return undefined
if (entry.expiresAt <= Date.now()) {
this.entries.delete(key)
return undefined
}
return entry.value
}
delete(key: string): void {
this.entries.delete(key)
}
}
/** Challenge keyed by challenge id (login/reauth) with optional metadata. */
export class ChallengeSet<T = undefined> {
private readonly entries = new Map<string, TimedValue<T | undefined>>()
prune(): void {
const now = Date.now()
for (const [key, entry] of this.entries) {
if (entry.expiresAt <= now) this.entries.delete(key)
}
}
add(key: string, value?: T): void {
this.prune()
this.entries.set(key, { value, expiresAt: Date.now() + CHALLENGE_TTL_MS })
}
has(key: string): boolean {
this.prune()
const entry = this.entries.get(key)
if (!entry) return false
if (entry.expiresAt <= Date.now()) {
this.entries.delete(key)
return false
}
return true
}
get(key: string): T | undefined {
if (!this.has(key)) return undefined
return this.entries.get(key)?.value as T | undefined
}
delete(key: string): void {
this.entries.delete(key)
}
}
Reference in New Issue View Git Blame Copy Permalink