| import { nanoid } from "nanoid"; | |
| import { createHmac } from "crypto"; | |
| import { env } from "../config.js"; | |
| const toBase64URL = (b) => Buffer.from(b).toString("base64url"); | |
| const fromBase64URL = (b) => Buffer.from(b, "base64url").toString(); | |
| const makeHmac = (header, payload) => | |
| createHmac("sha256", env.jwtSecret) | |
| .update(`${header}.${payload}`) | |
| .digest("base64url"); | |
| const generate = () => { | |
| const exp = Math.floor(new Date().getTime() / 1000) + env.jwtLifetime; | |
| const header = toBase64URL(JSON.stringify({ | |
| alg: "HS256", | |
| typ: "JWT" | |
| })); | |
| const payload = toBase64URL(JSON.stringify({ | |
| jti: nanoid(8), | |
| exp, | |
| })); | |
| const signature = makeHmac(header, payload); | |
| return { | |
| token: `${header}.${payload}.${signature}`, | |
| exp: env.jwtLifetime - 2, | |
| }; | |
| } | |
| const verify = (jwt) => { | |
| const [header, payload, signature] = jwt.split(".", 3); | |
| const timestamp = Math.floor(new Date().getTime() / 1000); | |
| if ([header, payload, signature].join('.') !== jwt) { | |
| return false; | |
| } | |
| const verifySignature = makeHmac(header, payload); | |
| if (verifySignature !== signature) { | |
| return false; | |
| } | |
| if (timestamp >= JSON.parse(fromBase64URL(payload)).exp) { | |
| return false; | |
| } | |
| return true; | |
| } | |
| export default { | |
| generate, | |
| verify, | |
| } | |