124 lines
3.6 KiB
TypeScript
124 lines
3.6 KiB
TypeScript
import jwt from "jsonwebtoken";
|
|
import appEnv from "../appEnv";
|
|
|
|
// Environment variables for secrets, defaulting to a random secret if not set.
|
|
const accessTokenSecret = appEnv.ACCESS_TOKEN_SECRET;
|
|
const refreshTokenSecret = appEnv.REFRESH_TOKEN_SECRET;
|
|
const resetPasswordTokenSecret = appEnv.RESET_PASSWORD_TOKEN_SECRET;
|
|
|
|
// Algorithm to be used for JWT encoding.
|
|
const algorithm: jwt.Algorithm = "HS256";
|
|
|
|
// Expiry settings for tokens. 'null' signifies no expiry.
|
|
export const accessTokenExpiry: number | string | null = null;
|
|
export const refreshTokenExpiry: number | string | null = "30d";
|
|
export const resetPasswordTokenExpiry: number | string | null = null;
|
|
|
|
// Interfaces to describe the payload structure for access and refresh tokens.
|
|
interface AccessTokenPayload {
|
|
uid: string;
|
|
}
|
|
|
|
interface RefreshTokenPayload {
|
|
uid: string;
|
|
}
|
|
|
|
interface ResetPasswordTokenPayload {
|
|
uid: string;
|
|
}
|
|
|
|
/**
|
|
* Generates a JSON Web Token (JWT) for access control using a specified payload.
|
|
*
|
|
* @param payload - The payload containing user-specific data for the token.
|
|
* @returns A promise that resolves to the generated JWT string.
|
|
*/
|
|
export const generateAccessToken = async (payload: AccessTokenPayload) => {
|
|
const token = jwt.sign(payload, accessTokenSecret, {
|
|
algorithm,
|
|
...(accessTokenExpiry ? { expiresIn: accessTokenExpiry } : {}),
|
|
});
|
|
return token;
|
|
};
|
|
|
|
/**
|
|
* Generates a JSON Web Token (JWT) for refresh purposes using a specified payload.
|
|
*
|
|
* @param payload - The payload containing user-specific data for the token.
|
|
* @returns A promise that resolves to the generated JWT string.
|
|
*/
|
|
export const generateRefreshToken = async (payload: RefreshTokenPayload) => {
|
|
const token = jwt.sign(payload, refreshTokenSecret, {
|
|
algorithm,
|
|
...(refreshTokenExpiry ? { expiresIn: refreshTokenExpiry } : {}),
|
|
});
|
|
return token;
|
|
};
|
|
|
|
/**
|
|
* Verifies a given access token and decodes the payload if the token is valid.
|
|
*
|
|
* @param token - The JWT string to verify.
|
|
* @returns A promise that resolves to the decoded payload or null if verification fails.
|
|
*/
|
|
export const verifyAccessToken = async (token: string) => {
|
|
try {
|
|
const payload = jwt.verify(
|
|
token,
|
|
accessTokenSecret
|
|
) as AccessTokenPayload;
|
|
return payload;
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Verifies a given refresh token and decodes the payload if the token is valid.
|
|
*
|
|
* @param token - The JWT string to verify.
|
|
* @returns A promise that resolves to the decoded payload or null if verification fails.
|
|
*/
|
|
export const verifyRefreshToken = async (token: string) => {
|
|
try {
|
|
const payload = jwt.verify(
|
|
token,
|
|
refreshTokenSecret
|
|
) as RefreshTokenPayload;
|
|
return payload;
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Generates a JSON Web Token (JWT) for reset password using a specified payload.
|
|
*
|
|
* @param payload - The payload containing user-specific data for the token.
|
|
* @returns A promise that resolves to the generated JWT string.
|
|
*/
|
|
export const generateResetPasswordToken = async (payload: ResetPasswordTokenPayload) => {
|
|
const token = jwt.sign(payload, resetPasswordTokenSecret, {
|
|
algorithm,
|
|
...(resetPasswordTokenExpiry ? { expiresIn: resetPasswordTokenExpiry } : {}),
|
|
});
|
|
return token;
|
|
};
|
|
|
|
/**
|
|
* Verifies a given reset password token and decodes the payload if the token is valid.
|
|
*
|
|
* @param token - The JWT string to verify.
|
|
* @returns A promise that resolves to the decoded payload or null if verification fails.
|
|
*/
|
|
export const verifyResetPasswordToken = async (token: string) => {
|
|
try {
|
|
const payload = jwt.verify(
|
|
token,
|
|
resetPasswordTokenSecret
|
|
) as ResetPasswordTokenPayload;
|
|
return payload;
|
|
} catch {
|
|
return null;
|
|
}
|
|
}; |