Files
alrahma_sunday_school_api/apps/api/dist/security/tokens.js
T
2026-06-11 03:22:12 -04:00

51 lines
1.8 KiB
JavaScript

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.signActorToken = signActorToken;
exports.verifyActorToken = verifyActorToken;
exports.verifyAnyActorToken = verifyAnyActorToken;
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const ISSUER = 'rentaldrivego-api';
const ALG = ['HS256'];
function getJwtSecret() {
const secret = process.env.JWT_SECRET;
if (!secret)
throw new Error('JWT_SECRET is required');
return secret;
}
function signActorToken(actorId, actorType, options = {}) {
const { sessionVersion, last2faAt, ...signOptions } = options;
return jsonwebtoken_1.default.sign({
sub: actorId,
type: actorType,
...(sessionVersion === undefined ? {} : { sessionVersion }),
...(last2faAt === undefined ? {} : { last2faAt }),
}, getJwtSecret(), {
algorithm: 'HS256',
issuer: ISSUER,
audience: actorType,
expiresIn: signOptions.expiresIn ?? '8h',
});
}
function verifyActorToken(token, expectedType) {
const payload = jsonwebtoken_1.default.verify(token, getJwtSecret(), {
algorithms: ALG,
issuer: ISSUER,
audience: expectedType,
});
if (typeof payload.sub !== 'string' || payload.type !== expectedType) {
throw new Error('Invalid actor token');
}
return payload;
}
function verifyAnyActorToken(token) {
const decoded = jsonwebtoken_1.default.decode(token);
const actorType = decoded?.type;
if (actorType !== 'admin' && actorType !== 'employee' && actorType !== 'renter') {
throw new Error('Invalid actor token');
}
return verifyActorToken(token, actorType);
}
//# sourceMappingURL=tokens.js.map