shubhra.dev
Next.js 16 Auth Scaffold
Session auth wired from scratch. Server actions, signed JWT cookies, bcrypt, direct Postgres. No auth library, no magic.
josebcryptjspgserver actionsproxy.ts
lib/auth/session.ts
// lib/auth/session.ts
import { SignJWT, jwtVerify } from "jose";
import { cookies } from "next/headers";
export async function createSession(
userId: string,
email: string
): Promise<void> {
const token = await new SignJWT({ userId, email })
.setProtectedHeader({ alg: "HS256" })
.setExpirationTime("7d")
.sign(getSecretKey());
const cookieStore = await cookies();
cookieStore.set("session", token, {
httpOnly: true,
secure: process.env.NODE_ENV === "production",
sameSite: "lax",
});
}Need OAuth, email verification, roles, and an admin panel? See the full Auth Kit