// server/api/auth/session.get.ts import type { SessionResponse } from '~/types/auth' export default defineEventHandler(async (event) => { console.log('๐Ÿ” Session endpoint called'); const sessionCookie = getCookie(event, 'user_session'); console.log('๐Ÿช Session cookie exists:', !!sessionCookie); if (!sessionCookie) { console.log('โŒ No session cookie found'); throw createError({ statusCode: 401, statusMessage: 'No session cookie found', }); } try { // Get session from store using session ID const { getSession } = await import('~/server/utils/sessionStore'); const session = getSession(sessionCookie); if (!session) { console.log('โŒ Session not found in store or expired'); deleteCookie(event, 'user_session'); throw createError({ statusCode: 401, statusMessage: 'Session not found or expired', }); } console.log('๐Ÿ“‹ Session retrieved from store successfully'); // Parse token payloads on-demand from tokens let accessTokenPayload = null; let idTokenPayload = null; try { if (session.accessToken) { const accessParts = session.accessToken.split('.'); if (accessParts.length >= 2) { accessTokenPayload = JSON.parse(Buffer.from(accessParts[1], 'base64').toString()); } } if (session.idToken) { const idParts = session.idToken.split('.'); if (idParts.length >= 2) { idTokenPayload = JSON.parse(Buffer.from(idParts[1], 'base64').toString()); } } } catch (parseError) { console.warn('โš ๏ธ Failed to parse token payloads:', parseError); } const isExpired = Date.now() > session.expiresAt; console.log(' Is Expired:', isExpired); // Check if the session has expired if (isExpired) { console.log('โฐ Session has expired, clearing cookie'); deleteCookie(event, 'user_session'); throw createError({ statusCode: 401, statusMessage: 'Session expired', }); } // Return the full session data (already includes parsed payloads) const sessionResponse: SessionResponse & { idTokenPayload?: any accessTokenPayload?: any fullSessionObject?: any status?: string remainingSeconds?: number idToken?: string scope?: string createdAt?: number } = { success: true, // Basic User Info user: session.user, // Raw Tokens accessToken: session.accessToken, refreshToken: session.refreshToken, idToken: session.idToken, // Session Timestamps expiresAt: session.expiresAt, createdAt: session.createdAt, remainingSeconds: Math.max(0, Math.floor((session.expiresAt - Date.now()) / 1000)), // Parsed token payloads (parsed on-demand, not stored in cookie) idTokenPayload: idTokenPayload, accessTokenPayload: accessTokenPayload, // Full session for debugging fullSessionObject: session, // OAuth metadata scope: session.scope, status: session.status || 'authenticated', }; console.log('โœ… Session is valid, returning full session data'); return sessionResponse; } catch (parseError: any) { console.error('โŒ Failed to parse session cookie:', parseError); // Check if this is an old session ID format (not base64 JSON) if (parseError.message?.includes('Unexpected token') || parseError.message?.includes('JSON')) { console.log('๐Ÿงน Detected old session format, clearing cookie...'); deleteCookie(event, 'user_session'); throw createError({ statusCode: 401, statusMessage: 'Old session format detected. Please login again.', }); } // If parsing fails, the session is invalid deleteCookie(event, 'user_session'); throw createError({ statusCode: 401, statusMessage: 'Invalid session data', }); } });