Add encryptedSession for separate auth tokens for Onboarding API and MCPs (#156)

Co-authored-by: Copilot <[email protected]>

Author: enrico-kaack-comp

.env.template

@@ -16,3 +16,4 @@ API_BACKEND_URL=
 # Replace this value with a strong, randomly generated string (at least 32 characters).
 # Example for generation in Node.js: require('crypto').randomBytes(32).toString('hex')
 COOKIE_SECRET=
+SESSION_SECRET=

package-lock.json

@@ -25,6 +25,7 @@
     "@fastify/env": "^5.0.2",
     "@fastify/http-proxy": "^11.1.2",
     "@fastify/sensible": "^6.0.3",
+    "@fastify/secure-session": "^8.2.0",
     "@fastify/session": "^11.1.0",
     "@fastify/static": "^8.1.1",
     "@fastify/vite": "^8.1.3",
@@ -83,4 +84,4 @@
     "vite": "^6.3.4",
     "vitest": "^3.1.4"
   }
-}
+}

package.json

@@ -2,14 +2,18 @@ import path, { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 import AutoLoad from "@fastify/autoload";
 import envPlugin from "./config/env.js";
+import encryptedSession from "./encrypted-session.js";
 
 export const options = {};
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
-export default async function(fastify, opts) {
+export default async function (fastify, opts) {
   await fastify.register(envPlugin);
+  fastify.register(encryptedSession, {
+    ...opts,
+  });
 
   await fastify.register(AutoLoad, {
     dir: join(__dirname, "plugins"),
@@ -20,4 +24,6 @@ export default async function(fastify, opts) {
     dir: join(__dirname, "routes"),
     options: { ...opts },
   });
-}
+
+
+}

server/app.js

@@ -11,6 +11,7 @@ const schema = {
     'OIDC_SCOPES',
     'POST_LOGIN_REDIRECT',
     'COOKIE_SECRET',
+    'SESSION_SECRET',
     'API_BACKEND_URL',
   ],
   properties: {
@@ -22,6 +23,7 @@ const schema = {
     OIDC_SCOPES: { type: 'string' },
     POST_LOGIN_REDIRECT: { type: 'string' },
     COOKIE_SECRET: { type: 'string' },
+    SESSION_SECRET: { type: 'string' },
     API_BACKEND_URL: { type: 'string' },
 
     // System variables