From 1dce64ecfcbdecd3da99a88e42201d67987a4d6b Mon Sep 17 00:00:00 2001
From: Richard Ward <JohnDoe6345789@gmail.com>
Date: Tue, 30 Dec 2025 22:53:22 +0000
Subject: [PATCH] code: user,session,nextjs (1 files)

---
 .../src/lib/routing/auth/get-session-user.ts  | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 frontends/nextjs/src/lib/routing/auth/get-session-user.ts

diff --git a/frontends/nextjs/src/lib/routing/auth/get-session-user.ts b/frontends/nextjs/src/lib/routing/auth/get-session-user.ts
new file mode 100644
index 000000000..716ce4359
--- /dev/null
+++ b/frontends/nextjs/src/lib/routing/auth/get-session-user.ts
@@ -0,0 +1,79 @@
+/**
+ * Server-side session validation for API routes
+ * Extracts and validates session from request cookies
+ */
+
+import { cookies } from 'next/headers'
+
+import { AUTH_COOKIE_NAME } from '@/lib/auth/session-constants'
+import { getSessionByToken } from '@/lib/db/sessions/get-session-by-token'
+import { getUserById } from '@/lib/db/users/get-user-by-id'
+
+export interface SessionUser {
+  id: string
+  username: string
+  email: string
+  level: number
+  tenantId: string | null
+  role?: string
+}
+
+export interface SessionResult {
+  user: SessionUser | null
+  error?: string
+}
+
+/**
+ * Get the current session user from request cookies
+ * Returns null if no valid session exists
+ */
+export const getSessionUser = async (): Promise<SessionResult> => {
+  try {
+    const cookieStore = await cookies()
+    const token = cookieStore.get(AUTH_COOKIE_NAME)?.value
+
+    if (!token) {
+      return { user: null, error: 'No session token' }
+    }
+
+    const session = await getSessionByToken(token)
+    if (!session) {
+      return { user: null, error: 'Invalid session' }
+    }
+
+    // Check session expiry
+    if (session.expiresAt && session.expiresAt < Date.now()) {
+      return { user: null, error: 'Session expired' }
+    }
+
+    const user = await getUserById(session.userId)
+    if (!user) {
+      return { user: null, error: 'User not found' }
+    }
+
+    return {
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email || '',
+        level: user.level,
+        tenantId: user.tenantId,
+        role: user.role,
+      },
+    }
+  } catch (error) {
+    console.error('Session validation error:', error)
+    return { user: null, error: 'Session validation failed' }
+  }
+}
+
+/**
+ * Require authenticated session - throws if not logged in
+ */
+export const requireSession = async (): Promise<SessionUser> => {
+  const { user, error } = await getSessionUser()
+  if (!user) {
+    throw new Error(error || 'Authentication required')
+  }
+  return user
+}