import * as jose from "jose"; import { env } from "./lib/env"; export type SessionPayload = { unionId: string; clientId: string; }; const JWT_ALG = "HS256"; export async function signSessionToken( payload: SessionPayload, ): Promise { const secret = new TextEncoder().encode(env.appSecret); return new jose.SignJWT(payload) .setProtectedHeader({ alg: JWT_ALG }) .setIssuedAt() .setExpirationTime("1 year") .sign(secret); } export async function verifySessionToken( token: string, ): Promise { if (!token) { console.warn("[session] No token provided for verification."); return null; } try { const secret = new TextEncoder().encode(env.appSecret); const { payload } = await jose.jwtVerify(token, secret, { algorithms: [JWT_ALG], }); const { unionId, clientId } = payload; if (!unionId || !clientId) { console.warn("[session] JWT payload missing required fields."); return null; } return { unionId, clientId } as SessionPayload; } catch (error) { console.warn("[session] JWT verification failed:", error); return null; } }