71 lines
1.7 KiB
TypeScript
71 lines
1.7 KiB
TypeScript
// JWT utilities using jose library
|
|
|
|
import { jwtVerify, SignJWT } from 'jose';
|
|
import type { Env } from '../types/env';
|
|
|
|
export interface JWTPayload {
|
|
userId: string;
|
|
username: string;
|
|
email?: string;
|
|
[key: string]: string | number | boolean | undefined;
|
|
}
|
|
|
|
/**
|
|
* Get JWT secret from environment
|
|
*/
|
|
function getJWTSecret(env?: Env): Uint8Array {
|
|
let secret: string | undefined;
|
|
|
|
if (typeof Bun !== 'undefined' && Bun.env.JWT_SECRET) {
|
|
// Bun runtime (local development)
|
|
secret = Bun.env.JWT_SECRET;
|
|
} else if (env?.JWT_SECRET) {
|
|
// Cloudflare Workers (from context.env)
|
|
secret = env.JWT_SECRET;
|
|
}
|
|
|
|
if (!secret) {
|
|
throw new Error('JWT_SECRET environment variable is required');
|
|
}
|
|
|
|
return new TextEncoder().encode(secret);
|
|
}
|
|
|
|
/**
|
|
* Sign a JWT token
|
|
*/
|
|
export async function signToken(payload: JWTPayload, expiresIn = '7d', env?: Env): Promise<string> {
|
|
const secret = getJWTSecret(env);
|
|
return await new SignJWT(payload)
|
|
.setProtectedHeader({ alg: 'HS256' })
|
|
.setIssuedAt()
|
|
.setExpirationTime(expiresIn)
|
|
.sign(secret);
|
|
}
|
|
|
|
/**
|
|
* Verify and decode a JWT token
|
|
*/
|
|
export async function verifyToken(token: string, env?: Env): Promise<JWTPayload | null> {
|
|
try {
|
|
const secret = getJWTSecret(env);
|
|
const { payload } = await jwtVerify(token, secret);
|
|
return payload as JWTPayload;
|
|
} catch (error) {
|
|
console.error('JWT verification failed:', error);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Extract token from Authorization header
|
|
*/
|
|
export function extractTokenFromHeader(authorization?: string): string | null {
|
|
if (!authorization) return null;
|
|
|
|
const parts = authorization.split(' ');
|
|
if (parts.length !== 2 || parts[0] !== 'Bearer') return null;
|
|
|
|
return parts[1];
|
|
}
|