feat: deploy standalone Hono/Bun auth and API backend

2026-05-29 13:38:44 -07:00
parent 7c8def0aaa
commit 62e73eedd2
86 changed files with 16694 additions and 38 deletions
--- a/src/lib/jwt.ts
+++ b/src/lib/jwt.ts
@@ -0,0 +1,70 @@
+// JWT utilities using jose library
+
+import { jwtVerify, SignJWT } from 'jose';
+import type { Env } from '../types/env';
+
+export interface JWTPayload {
+  userId: string;
+  username: string;
+  email?: string;
+  [key: string]: string | number | boolean | undefined;
+}
+
+/**
+ * Get JWT secret from environment
+ */
+function getJWTSecret(env?: Env): Uint8Array {
+  let secret: string | undefined;
+
+  if (typeof Bun !== 'undefined' && Bun.env.JWT_SECRET) {
+    // Bun runtime (local development)
+    secret = Bun.env.JWT_SECRET;
+  } else if (env?.JWT_SECRET) {
+    // Cloudflare Workers (from context.env)
+    secret = env.JWT_SECRET;
+  }
+
+  if (!secret) {
+    throw new Error('JWT_SECRET environment variable is required');
+  }
+
+  return new TextEncoder().encode(secret);
+}
+
+/**
+ * Sign a JWT token
+ */
+export async function signToken(payload: JWTPayload, expiresIn = '7d', env?: Env): Promise<string> {
+  const secret = getJWTSecret(env);
+  return await new SignJWT(payload)
+    .setProtectedHeader({ alg: 'HS256' })
+    .setIssuedAt()
+    .setExpirationTime(expiresIn)
+    .sign(secret);
+}
+
+/**
+ * Verify and decode a JWT token
+ */
+export async function verifyToken(token: string, env?: Env): Promise<JWTPayload | null> {
+  try {
+    const secret = getJWTSecret(env);
+    const { payload } = await jwtVerify(token, secret);
+    return payload as JWTPayload;
+  } catch (error) {
+    console.error('JWT verification failed:', error);
+    return null;
+  }
+}
+
+/**
+ * Extract token from Authorization header
+ */
+export function extractTokenFromHeader(authorization?: string): string | null {
+  if (!authorization) return null;
+
+  const parts = authorization.split(' ');
+  if (parts.length !== 2 || parts[0] !== 'Bearer') return null;
+
+  return parts[1];
+}