better-auth/dist/plugins/jwt/utils.mjs.map

The most comprehensive authentication framework for TypeScript.

{"version":3,"file":"utils.mjs","names":["jwk: Omit<Jwk, \"id\">"],"sources":["../../../src/plugins/jwt/utils.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { exportJWK, generateKeyPair } from \"jose\";\nimport { symmetricEncrypt } from \"../../crypto\";\nimport type { TimeString } from \"../../utils/time\";\nimport { sec } from \"../../utils/time\";\nimport { getJwksAdapter } from \"./adapter\";\nimport type { Jwk, JwtOptions } from \"./types\";\n\n/**\n * Converts an expirationTime to ISO seconds expiration time (the format of JWT exp)\n *\n * See https://github.com/panva/jose/blob/main/src/lib/jwt_claims_set.ts#L245\n *\n * @param expirationTime - see options.jwt.expirationTime\n * @param iat - the iat time to consolidate on\n * @returns\n */\nexport function toExpJWT(\n\texpirationTime: number | Date | string,\n\tiat: number,\n): number {\n\tif (typeof expirationTime === \"number\") {\n\t\treturn expirationTime;\n\t} else if (expirationTime instanceof Date) {\n\t\treturn Math.floor(expirationTime.getTime() / 1000);\n\t} else {\n\t\treturn iat + sec(expirationTime as TimeString);\n\t}\n}\n\nexport async function generateExportedKeyPair(\n\toptions?: JwtOptions | undefined,\n) {\n\tconst { alg, ...cfg } = options?.jwks?.keyPairConfig ?? {\n\t\talg: \"EdDSA\",\n\t\tcrv: \"Ed25519\",\n\t};\n\tconst { publicKey, privateKey } = await generateKeyPair(alg, {\n\t\t...cfg,\n\t\textractable: true,\n\t});\n\n\tconst publicWebKey = await exportJWK(publicKey);\n\tconst privateWebKey = await exportJWK(privateKey);\n\n\treturn { publicWebKey, privateWebKey, alg, cfg };\n}\n\n/**\n * Creates a Jwk on the database\n *\n * @param ctx\n * @param options\n * @returns\n */\nexport async function createJwk(\n\tctx: GenericEndpointContext,\n\toptions?: JwtOptions | undefined,\n) {\n\tconst { publicWebKey, privateWebKey, alg, cfg } =\n\t\tawait generateExportedKeyPair(options);\n\n\tconst stringifiedPrivateWebKey = JSON.stringify(privateWebKey);\n\tconst privateKeyEncryptionEnabled =\n\t\t!options?.jwks?.disablePrivateKeyEncryption;\n\tlet jwk: Omit<Jwk, \"id\"> = {\n\t\talg,\n\t\t...(cfg && \"crv\" in cfg\n\t\t\t? {\n\t\t\t\t\tcrv: (cfg as { crv: (typeof jwk)[\"crv\"] }).crv,\n\t\t\t\t}\n\t\t\t: {}),\n\t\tpublicKey: JSON.stringify(publicWebKey),\n\t\tprivateKey: privateKeyEncryptionEnabled\n\t\t\t? JSON.stringify(\n\t\t\t\t\tawait symmetricEncrypt({\n\t\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\t\tdata: stringifiedPrivateWebKey,\n\t\t\t\t\t}),\n\t\t\t\t)\n\t\t\t: stringifiedPrivateWebKey,\n\t\tcreatedAt: new Date(),\n\t\t...(options?.jwks?.rotationInterval\n\t\t\t? {\n\t\t\t\t\texpiresAt: new Date(\n\t\t\t\t\t\tDate.now() + options.jwks.rotationInterval * 1000,\n\t\t\t\t\t),\n\t\t\t\t}\n\t\t\t: {}),\n\t};\n\n\tconst adapter = getJwksAdapter(ctx.context.adapter, options);\n\tconst key = await adapter.createJwk(ctx, jwk as Jwk);\n\n\treturn key;\n}\n"],"mappings":";;;;;;;;;;;;;;;AAiBA,SAAgB,SACf,gBACA,KACS;AACT,KAAI,OAAO,mBAAmB,SAC7B,QAAO;UACG,0BAA0B,KACpC,QAAO,KAAK,MAAM,eAAe,SAAS,GAAG,IAAK;KAElD,QAAO,MAAM,IAAI,eAA6B;;AAIhD,eAAsB,wBACrB,SACC;CACD,MAAM,EAAE,KAAK,GAAG,QAAQ,SAAS,MAAM,iBAAiB;EACvD,KAAK;EACL,KAAK;EACL;CACD,MAAM,EAAE,WAAW,eAAe,MAAM,gBAAgB,KAAK;EAC5D,GAAG;EACH,aAAa;EACb,CAAC;AAKF,QAAO;EAAE,cAHY,MAAM,UAAU,UAAU;EAGxB,eAFD,MAAM,UAAU,WAAW;EAEX;EAAK;EAAK;;;;;;;;;AAUjD,eAAsB,UACrB,KACA,SACC;CACD,MAAM,EAAE,cAAc,eAAe,KAAK,QACzC,MAAM,wBAAwB,QAAQ;CAEvC,MAAM,2BAA2B,KAAK,UAAU,cAAc;CAC9D,MAAM,8BACL,CAAC,SAAS,MAAM;CACjB,IAAIA,MAAuB;EAC1B;EACA,GAAI,OAAO,SAAS,MACjB,EACA,KAAM,IAAqC,KAC3C,GACA,EAAE;EACL,WAAW,KAAK,UAAU,aAAa;EACvC,YAAY,8BACT,KAAK,UACL,MAAM,iBAAiB;GACtB,KAAK,IAAI,QAAQ;GACjB,MAAM;GACN,CAAC,CACF,GACA;EACH,2BAAW,IAAI,MAAM;EACrB,GAAI,SAAS,MAAM,mBAChB,EACA,WAAW,IAAI,KACd,KAAK,KAAK,GAAG,QAAQ,KAAK,mBAAmB,IAC7C,EACD,GACA,EAAE;EACL;AAKD,QAFY,MADI,eAAe,IAAI,QAAQ,SAAS,QAAQ,CAClC,UAAU,KAAK,IAAW"}