Home for your
coding sessions
Turn any Claude Code or Codex conversation into a decision trace. Browsable, searchable, and shareable.
curl -sSL https://install.replay.md | shHow it works
Install the CLI — One command. macOS & Linux.
Upload a session — Browse and pick from your sessions.
Share the link — Public or private. Claim your username.
Your data, your control. Private until you share. Delete anytime.
Open source. Inspect, fork, or self-host.
Refactor auth middleware for session validation
Nishant Joshi · @nishantjosh
I'll refactor validateSession to use the new verifySessionToken helper. This extracts the bearer token, validates expiry, and optionally refreshes the session.
14 14export async function validateSession(15 15request: NextRequest16 16) {17 -const token = request.cookies.get("session");18 -if (!token) return null;19 -const session = await db.sessions.findUnique({20 -where: { token: token.value },21 -});22 -return session?.expiresAt > new Date() ? session : null;17+const token = extractBearerToken(request);18+if (!token) return { valid: false, reason: "missing" };19+20+const result = await verifySessionToken(token, {21+maxAge: SESSION_MAX_AGE,22+refresh: true,23+});
I'll move the session configuration to src/lib/auth.config.ts and export the constants from there. This keeps the validation logic clean and makes the config easy to adjust per environment.
1+export const SESSION_MAX_AGE = 60 * 60 * 24 * 7; // 7 days2+export const SESSION_COOKIE_NAME = "session";3+4+export const sessionConfig = {5+maxAge: SESSION_MAX_AGE,6+refresh: true,7+secure: process.env.NODE_ENV === "production",8+} as const;
I'll add tests covering the main cases: valid bearer token, missing header, malformed token, and expired session. Let me create the test file with those scenarios...