Set a max age for the session cookie to prevent it from expiring when
the browser is closed. To prevent the age limit from being being
reached the session cookie is refreshed every time the session is
loaded. This should fix login being lost when the browser is stopped.
When correcting for a timezone being ahead of UTC the start has to be
moved backwards in time, not forward. Fixes the generated schodule
not using central european times.
To make it possible to render the timetable in the user's local time we
need to know the timezone to render it in on the server. Otherwise
there will be hydration errors and paint flashing as the client renders
a different timezone.
Add a server global default timezone that can be overriden on a
per-account bases to prepare for timezone handling the timetable.
If a user logs out from a device the expectation should be that device
no longer having any association with the user's account. Any existing
push notifications should thefore be removed on server. For this reason
tie push notifications to a session, and remove them when the session is
deleted.
Provide a basic account system with login and server side session store
identified by a cookie. Upon successful login a signed session cookie
is set by the server with the session stored on the server identifying
which account it is logged in as. The client uses a shared useFetch on
the session endpoint to identify if it's logged in and which account it
is logged in as, and refreshes this when loggin in or out.
Provide a convenient wrapper for setting SHA-256 HMAC signed cookies and
retreiving them with the signature validated. The secret key is
configured in the NUXT_COOKIE_SECRET_KEY environment variable.
