Generate new session for mobile handoff

functions/api/auth/mobile/token.ts

@@ -1,4 +1,5 @@
 import { jsonError } from "../../../common.js";
+import tokenPrefixes from "../../../../data/token_prefixes.json";
 
 export async function onRequestGet(context: RequestContext) {
   const { current_user: currentUser } = context.data;
@@ -6,18 +7,43 @@ export async function onRequestGet(context: RequestContext) {
   if (!currentUser) return jsonError("Unauthorized", 401);
 
   const header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
+  const tokenStart =
+    tokenPrefixes[Math.round(Math.random() * (tokenPrefixes.length - 1))] + "_";
+  const tokenId =
+    tokenStart +
+    `${crypto.randomUUID()}${crypto.randomUUID()}${crypto.randomUUID()}${crypto.randomUUID()}`.replaceAll(
+      "-",
+      "",
+    );
 
-  const cookies = (context.request.headers.get("cookie") as string).split("; ");
+  await context.env.DATA.put(
-  const sessionCookie = cookies.find((c) => c.startsWith("_s=")) as string;
+    `auth_${btoa(
+      String.fromCharCode(
+        ...new Uint8Array(
+          await crypto.subtle.digest(
+            "SHA-512",
+            new TextEncoder().encode(tokenId),
+          ),
+        ),
+      ),
+    )
+      .replaceAll("+", "-")
+      .replaceAll("/", "_")
+      .replaceAll("=", "")}`,
+    JSON.stringify(currentUser),
+    {
+      expirationTtl: currentUser.expires_in + 1209600,
+    },
+  );
 
   const claimSet = btoa(
     JSON.stringify({
       email: currentUser.email,
       email_verified: true,
-      exp: Math.floor(currentUser.refresh_at / 1000),
+      exp: Math.floor(Date.now() / 1000) + currentUser.expires_in,
       iat: Math.floor(Date.now() / 1000),
       iss: "https://carcrushers.cc/auth/mobile/token",
-      jti: sessionCookie.replace("_s=", ""),
+      jti: tokenId,
       name: currentUser.username,
       permissions: currentUser.permissions,
       picture: currentUser.avatar ?? "https://carcrushers.cc/files/logo192.png",