51 lines
1.8 KiB
JavaScript
51 lines
1.8 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.signActorToken = signActorToken;
|
|
exports.verifyActorToken = verifyActorToken;
|
|
exports.verifyAnyActorToken = verifyAnyActorToken;
|
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
const ISSUER = 'rentaldrivego-api';
|
|
const ALG = ['HS256'];
|
|
function getJwtSecret() {
|
|
const secret = process.env.JWT_SECRET;
|
|
if (!secret)
|
|
throw new Error('JWT_SECRET is required');
|
|
return secret;
|
|
}
|
|
function signActorToken(actorId, actorType, options = {}) {
|
|
const { sessionVersion, last2faAt, ...signOptions } = options;
|
|
return jsonwebtoken_1.default.sign({
|
|
sub: actorId,
|
|
type: actorType,
|
|
...(sessionVersion === undefined ? {} : { sessionVersion }),
|
|
...(last2faAt === undefined ? {} : { last2faAt }),
|
|
}, getJwtSecret(), {
|
|
algorithm: 'HS256',
|
|
issuer: ISSUER,
|
|
audience: actorType,
|
|
expiresIn: signOptions.expiresIn ?? '8h',
|
|
});
|
|
}
|
|
function verifyActorToken(token, expectedType) {
|
|
const payload = jsonwebtoken_1.default.verify(token, getJwtSecret(), {
|
|
algorithms: ALG,
|
|
issuer: ISSUER,
|
|
audience: expectedType,
|
|
});
|
|
if (typeof payload.sub !== 'string' || payload.type !== expectedType) {
|
|
throw new Error('Invalid actor token');
|
|
}
|
|
return payload;
|
|
}
|
|
function verifyAnyActorToken(token) {
|
|
const decoded = jsonwebtoken_1.default.decode(token);
|
|
const actorType = decoded?.type;
|
|
if (actorType !== 'admin' && actorType !== 'employee' && actorType !== 'renter') {
|
|
throw new Error('Invalid actor token');
|
|
}
|
|
return verifyActorToken(token, actorType);
|
|
}
|
|
//# sourceMappingURL=tokens.js.map
|