@sigiljs-community/auth-plugin/dist/web-tokens-controller.js

Plugin for SigilJS framework that provides authentication with JWT-like tokens

"use strict";Object.defineProperties(exports,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}});const b=require("node:crypto");function h(n){if(n&&n.__esModule)return n;const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(n){for(const r in n)if(r!=="default"){const t=Object.getOwnPropertyDescriptor(n,r);Object.defineProperty(e,r,t.get?t:{enumerable:!0,get:()=>n[r]})}}return e.default=n,Object.freeze(e)}const f=h(b);class g{#e;constructor(e){this.#e=Buffer.isBuffer(e)?e:Buffer.from(e)}issueWebToken(e,r=5*60*1e3){const t=Date.now()+r,s=Buffer.from(JSON.stringify(e)).toString("base64url"),o=Buffer.from(JSON.stringify({exp:t,iat:Date.now()})).toString("base64url"),a=this.deriveMac(s,o);return`${o}.${s}.${a}`}verifyRefreshToken(e,r){const t=f.createHash("sha512").update(r).digest("base64url"),s=Buffer.from(t,"base64url"),o=Buffer.from(e,"base64url");return!(s.length!==o.length||!f.timingSafeEqual(s,o))}issueRefreshToken(){const e=f.randomBytes(64).toString("base64url"),r=f.createHash("sha512").update(e).digest("base64url");return{refreshToken:e,refreshTokenHash:r}}verifyWebToken(e,r=!1){try{const t=this.decodeWebToken(e);if(!t)return!1;const{header:s,b64_header:o,b64_payload:a,receivedMac:u}=t,l=60*1e3;if(Date.now()-l>s.exp&&!r)return!1;const d=this.deriveMac(a,o),c=Buffer.from(d,"utf8"),i=Buffer.from(u,"utf8");return!(c.length!==i.length||!f.timingSafeEqual(c,i))}catch{return!1}}decodeWebToken(e){const r=e.split(".");if(r.length!==3)return null;const[t,s,o]=r;try{const a=JSON.parse(Buffer.from(t,"base64url").toString("utf8")),u=JSON.parse(Buffer.from(s,"base64url").toString("utf8"));return{header:a,payload:u,b64_header:t,b64_payload:s,receivedMac:o}}catch{return null}}deriveMac(e,r){const t=`${e}.${r}`,s=f.createHmac("sha512",this.#e);return s.update(t),s.digest("base64url")}}exports.default=g;