This project uses JWT cookie session for authentication.
There is middleware that matches on the favorites path. Normally, I would match the opposite, so I would have to exclude any routes that need authentication. Since there is only one route, I decided to do it this way.
In the middleware, we check for if the JWT is valid on /favorites/:path*, if not then it redirects to /login.
Inside /src/lib/auth/index.ts it contains all functions involved with creating and verifying the JWT tokens.
Using the lightweight Jose package, JWTs are created using a secret key that comes from .env. This token is handed to the user on a valid login or signup, it is added as a cookie to the user's headers and returned back. By default the cookie expires in 1 hour and will not be refreshed.
The verifyJWT function is used in the middleware to verify a user is logged in.
After a user enters a valid email and password then it is hashed with a salt and stored in this format HASH.SALT. On login the salt is parsed out and the hash of the passwords are compared. When either of these processes are successful, then a JWT is set in the cookies for the user.