@sigiljs-community/auth-plugin
Version:
Plugin for SigilJS framework that provides authentication with JWT-like tokens
56 lines (55 loc) • 1.86 kB
JavaScript
import * as o from "node:crypto";
class h {
#e;
constructor(e) {
this.#e = Buffer.isBuffer(e) ? e : Buffer.from(e);
}
issueWebToken(e, t = 5 * 60 * 1e3) {
const s = Date.now() + t, r = Buffer.from(JSON.stringify(e)).toString("base64url"), a = Buffer.from(JSON.stringify({
exp: s,
iat: Date.now()
})).toString("base64url"), n = this.deriveMac(r, a);
return `${a}.${r}.${n}`;
}
verifyRefreshToken(e, t) {
const s = o.createHash("sha512").update(t).digest("base64url"), r = Buffer.from(s, "base64url"), a = Buffer.from(e, "base64url");
return !(r.length !== a.length || !o.timingSafeEqual(r, a));
}
issueRefreshToken() {
const e = o.randomBytes(64).toString("base64url"), t = o.createHash("sha512").update(e).digest("base64url");
return {
refreshToken: e,
refreshTokenHash: t
};
}
verifyWebToken(e, t = !1) {
try {
const s = this.decodeWebToken(e);
if (!s) return !1;
const { header: r, b64_header: a, b64_payload: n, receivedMac: f } = s, i = 60 * 1e3;
if (Date.now() - i > r.exp && !t) return !1;
const l = this.deriveMac(n, a), u = Buffer.from(l, "utf8"), c = Buffer.from(f, "utf8");
return !(u.length !== c.length || !o.timingSafeEqual(u, c));
} catch {
return !1;
}
}
decodeWebToken(e) {
const t = e.split(".");
if (t.length !== 3) return null;
const [s, r, a] = t;
try {
const n = JSON.parse(Buffer.from(s, "base64url").toString("utf8")), f = JSON.parse(Buffer.from(r, "base64url").toString("utf8"));
return { header: n, payload: f, b64_header: s, b64_payload: r, receivedMac: a };
} catch {
return null;
}
}
deriveMac(e, t) {
const s = `${e}.${t}`, r = o.createHmac("sha512", this.#e);
return r.update(s), r.digest("base64url");
}
}
export {
h as default
};