fix: lates

scripts/ops-session-check.mjs

@@ -0,0 +1,189 @@
+#!/usr/bin/env node
+
+const BASE_URL = [
+  process.env.OPS_BASE_URL,
+  process.env.APP_URL,
+  process.env.NEXT_PUBLIC_APP_URL
+].map((value) => value?.trim()).find(Boolean);
+
+const TEST_EMAIL = process.env.OPS_SESSION_CHECK_EMAIL?.trim();
+const TEST_PASSWORD = process.env.OPS_SESSION_CHECK_PASSWORD?.trim();
+const EXPECTED_TTL_SECONDS = resolveSessionTtl(process.env.SESSION_TTL_SECONDS);
+const SESSION_COOKIE_NAME = "wa_inbox_session";
+
+if (!BASE_URL) {
+  console.error("[ops-session-check] Missing OPS_BASE_URL / APP_URL / NEXT_PUBLIC_APP_URL");
+  process.exit(1);
+}
+
+if (!TEST_EMAIL || !TEST_PASSWORD) {
+  console.error("[ops-session-check] Missing OPS_SESSION_CHECK_EMAIL / OPS_SESSION_CHECK_PASSWORD. Test skipped.");
+  process.exit(1);
+}
+
+function resolveSessionTtl(value) {
+  if (!value) {
+    return 60 * 60 * 24 * 7;
+  }
+  const parsed = Number(value.trim());
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 60 * 60 * 24 * 7;
+  }
+  return Math.floor(parsed);
+}
+
+function readCookieLines(headers) {
+  const direct = [];
+  if (typeof headers.getSetCookie === "function") {
+    const lines = headers.getSetCookie();
+    if (Array.isArray(lines)) {
+      return lines;
+    }
+  }
+
+  headers.forEach((value, key) => {
+    if (key.toLowerCase() === "set-cookie") {
+      direct.push(value);
+    }
+  });
+
+  return direct;
+}
+
+function getCookieValue(cookieHeader, name) {
+  const prefix = `${name}=`;
+  const found = cookieHeader.find((entry) => entry.startsWith(prefix));
+  if (!found) {
+    return null;
+  }
+
+  const [value] = found.split(";")[0].split("=", 2).slice(1);
+  if (typeof value !== "string") {
+    return null;
+  }
+  return `${found.split(";")[0].slice(prefix.length)}`;
+}
+
+function getCookieTtlSeconds(cookieHeader, name) {
+  const prefix = `${name}=`;
+  const found = cookieHeader.find((entry) => entry.startsWith(prefix));
+  if (!found) {
+    return null;
+  }
+
+  const parts = found.split(";").map((part) => part.trim());
+  const attrs = new Map();
+  for (const part of parts.slice(1)) {
+    const [rawKey, rawValue] = part.split("=");
+    attrs.set(rawKey.toLowerCase(), rawValue ?? "");
+  }
+
+  const maxAgeRaw = attrs.get("max-age");
+  if (maxAgeRaw) {
+    const parsed = Number(maxAgeRaw);
+    if (Number.isFinite(parsed)) {
+      return Math.floor(parsed);
+    }
+  }
+
+  const expiresRaw = attrs.get("expires");
+  if (expiresRaw) {
+    const parsedDate = new Date(expiresRaw);
+    if (!Number.isNaN(parsedDate.getTime())) {
+      return Math.floor((parsedDate.getTime() - Date.now()) / 1000);
+    }
+  }
+
+  return null;
+}
+
+async function requestJson(url, options = {}) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), 12_000);
+
+  try {
+    const response = await fetch(url, {
+      ...options,
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    return response;
+  } catch (error) {
+    clearTimeout(timeout);
+    throw error;
+  }
+}
+
+async function main() {
+  const loginHeaders = {
+    "Content-Type": "application/x-www-form-urlencoded",
+    "User-Agent": "ops-session-check"
+  };
+  const loginBody = new URLSearchParams({
+    email: TEST_EMAIL,
+    password: TEST_PASSWORD,
+    next: "/super-admin"
+  }).toString();
+
+  const loginResponse = await requestJson(`${BASE_URL}/auth/login`, {
+    method: "POST",
+    redirect: "manual",
+    headers: loginHeaders,
+    body: loginBody
+  });
+
+  if (loginResponse.status !== 307 && loginResponse.status !== 302) {
+    console.error(`[ops-session-check] login status unexpected: ${loginResponse.status}`);
+    process.exit(1);
+  }
+
+  const setCookieLines = readCookieLines(loginResponse.headers);
+  const sessionCookieValue = getCookieValue(setCookieLines, SESSION_COOKIE_NAME);
+  if (!sessionCookieValue) {
+    console.error("[ops-session-check] session cookie not issued by /auth/login");
+    process.exit(1);
+  }
+
+  const ttl = getCookieTtlSeconds(setCookieLines, SESSION_COOKIE_NAME);
+  if (ttl === null) {
+    console.error("[ops-session-check] session cookie ttl missing");
+    process.exit(1);
+  }
+
+  if (Math.abs(ttl - EXPECTED_TTL_SECONDS) > 600) {
+    console.warn(
+      `[ops-session-check] session ttl unexpected: ${ttl}s (expected ${EXPECTED_TTL_SECONDS}s ±600s)`
+    );
+  } else {
+    console.log(`[ops-session-check] session ttl check OK: ${ttl}s`);
+  }
+
+  const protected = await requestJson(`${BASE_URL}/super-admin`, {
+    method: "GET",
+    redirect: "manual",
+    headers: {
+      Cookie: `${SESSION_COOKIE_NAME}=${sessionCookieValue}`
+    }
+  });
+
+  if (protected.status === 200) {
+    console.log("[ops-session-check] protected path access OK (HTTP 200).");
+    process.exit(0);
+  }
+
+  if (protected.status >= 300 && protected.status < 400) {
+    const location = protected.headers.get("location") || "";
+    if (location.includes("/login")) {
+      console.error("[ops-session-check] protected path redirected to login; session not accepted.");
+      process.exit(1);
+    }
+  }
+
+  console.error(`[ops-session-check] protected path check failed with status ${protected.status}`);
+  process.exit(1);
+}
+
+main().catch((error) => {
+  console.error("[ops-session-check] failed:", error instanceof Error ? error.message : String(error));
+  process.exit(1);
+});