v1.0
This commit is contained in:
@@ -0,0 +1,45 @@
|
||||
import * as jose from "jose";
|
||||
import { env } from "./lib/env";
|
||||
|
||||
export type SessionPayload = {
|
||||
unionId: string;
|
||||
clientId: string;
|
||||
};
|
||||
|
||||
const JWT_ALG = "HS256";
|
||||
|
||||
export async function signSessionToken(
|
||||
payload: SessionPayload,
|
||||
): Promise<string> {
|
||||
const secret = new TextEncoder().encode(env.appSecret);
|
||||
return new jose.SignJWT(payload)
|
||||
.setProtectedHeader({ alg: JWT_ALG })
|
||||
.setIssuedAt()
|
||||
.setExpirationTime("1 year")
|
||||
.sign(secret);
|
||||
}
|
||||
|
||||
export async function verifySessionToken(
|
||||
token: string,
|
||||
): Promise<SessionPayload | null> {
|
||||
if (!token) {
|
||||
console.warn("[session] No token provided for verification.");
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
const secret = new TextEncoder().encode(env.appSecret);
|
||||
const { payload } = await jose.jwtVerify(token, secret, {
|
||||
algorithms: [JWT_ALG],
|
||||
});
|
||||
const { unionId, clientId } = payload;
|
||||
if (!unionId || !clientId) {
|
||||
console.warn("[session] JWT payload missing required fields.");
|
||||
return null;
|
||||
}
|
||||
return { unionId, clientId } as SessionPayload;
|
||||
} catch (error) {
|
||||
console.warn("[session] JWT verification failed:", error);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user