src/lib/auth.ts

// Edge-compatible — no Node.js imports here (used in middleware)

export const AUTH_ENABLED = !!(process.env.AUTH_USER && process.env.AUTH_PASS)
export const COOKIE_NAME = "ds_session"

// HMAC-SHA256(user, key=pass) — deterministic, no in-memory state, survives restarts
// Works in both Edge (SubtleCrypto) and Node.js runtime
export async function computeSessionToken(): Promise<string> {
  const user = process.env.AUTH_USER ?? ""
  const pass = process.env.AUTH_PASS ?? ""
  const enc = new TextEncoder()
  const key = await globalThis.crypto.subtle.importKey(
    "raw", enc.encode(pass),
    { name: "HMAC", hash: "SHA-256" },
    false, ["sign"]
  )
  const sig = await globalThis.crypto.subtle.sign("HMAC", key, enc.encode(user))
  return Array.from(new Uint8Array(sig), b => b.toString(16).padStart(2, "0")).join("")
}
Adiciona autenticação opcional, VNC integrado, GPU por stream, proxy HLS e melhorias de segurança 2026-04-26 03:02:31 -03:00			`// Edge-compatible — no Node.js imports here (used in middleware)`

			`export const AUTH_ENABLED = !!(process.env.AUTH_USER && process.env.AUTH_PASS)`
			`export const COOKIE_NAME = "ds_session"`

			`// HMAC-SHA256(user, key=pass) — deterministic, no in-memory state, survives restarts`
			`// Works in both Edge (SubtleCrypto) and Node.js runtime`
			`export async function computeSessionToken(): Promise<string> {`
			`const user = process.env.AUTH_USER ?? ""`
			`const pass = process.env.AUTH_PASS ?? ""`
			`const enc = new TextEncoder()`
			`const key = await globalThis.crypto.subtle.importKey(`
			`"raw", enc.encode(pass),`
			`{ name: "HMAC", hash: "SHA-256" },`
			`false, ["sign"]`
			`)`
			`const sig = await globalThis.crypto.subtle.sign("HMAC", key, enc.encode(user))`
			`return Array.from(new Uint8Array(sig), b => b.toString(16).padStart(2, "0")).join("")`
			`}`