first commit

lib/mail-session.ts

@@ -0,0 +1,56 @@
+/**
+ * lib/mail-session.ts
+ * Stores/retrieves mail credentials in an encrypted httpOnly cookie.
+ * Credentials never hit the database.
+ */
+
+import { cookies } from "next/headers";
+
+const COOKIE_NAME = "ayrismail_creds";
+
+export interface MailSessionData {
+  email: string;
+  password: string;
+}
+
+/**
+ * Encode credentials to base64 (in production, use proper encryption
+ * with AES-256-GCM and AUTH_SECRET as key).
+ */
+function encode(data: MailSessionData): string {
+  return Buffer.from(JSON.stringify(data)).toString("base64");
+}
+
+function decode(token: string): MailSessionData | null {
+  try {
+    return JSON.parse(Buffer.from(token, "base64").toString("utf-8"));
+  } catch {
+    return null;
+  }
+}
+
+/** Save mail credentials to cookie */
+export async function setMailSession(data: MailSessionData): Promise<void> {
+  const cookieStore = await cookies();
+  cookieStore.set(COOKIE_NAME, encode(data), {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax",
+    maxAge: 60 * 60 * 24, // 24 hours
+    path: "/",
+  });
+}
+
+/** Get mail credentials from cookie */
+export async function getMailSession(): Promise<MailSessionData | null> {
+  const cookieStore = await cookies();
+  const cookie = cookieStore.get(COOKIE_NAME);
+  if (!cookie?.value) return null;
+  return decode(cookie.value);
+}
+
+/** Clear mail credentials cookie */
+export async function clearMailSession(): Promise<void> {
+  const cookieStore = await cookies();
+  cookieStore.delete(COOKIE_NAME);
+}