refactor: implement centralized auth middleware and standardize cross-subdomain session management

auth/src/tools/security.js

@@ -1,54 +1,22 @@
 const bcrypt = require('bcrypt');
 const crypto = require('crypto');
 
-const saltRounds = 12;
+const SALT_ROUNDS = 12;
 
-/**
- * Genera un hash di una password
- * @param {string} password - Password da hashare
- * @returns {string} - Hash della password
- */
 async function hashPassword(password) {
-    return bcrypt.hash(password, saltRounds);
+    return bcrypt.hash(password, SALT_ROUNDS);
 }
 
-/**
- * Verifica una password
- * @param {string} password - Password da verificare
- * @param {string} hash - Hash della password
- * @returns {boolean} - True se la password è corretta, false altrimenti
- */
 async function verifyPassword(password, hash) {
     return bcrypt.compare(password, hash);
 }
 
-/**
- * Create a session token from code and username
- * Format: XXXXXXXX-base64_username
- * @param {string} sessionCode 
- * @param {string} username 
- * @returns {string} Session token
- */
-function generateSessionCode() {
+function sessionCode() {
     return crypto.randomBytes(32).toString('base64url');
 }
 
-/**
- * Parse a session token
- * @param {string} token 
- * @returns {string|null} The session token itself if valid
- */
-function parseSessionToken(token) {
-    if (!token || typeof token !== 'string' || token.length < 32 || token.length > 64) {
-        return null;
-    }
-
-    return token;
+function csrfToken() {
+    return crypto.randomBytes(32).toString('hex');
 }
 
-module.exports = {
-    hashPassword,
-    verifyPassword,
-    generateSessionCode,
-    parseSessionToken
-};
+module.exports = { hashPassword, verifyPassword, sessionCode, csrfToken };