UNPKG

better-auth

Version:

The most comprehensive authentication framework for TypeScript.

better-auth.com

better-auth/better-auth

64 lines (62 loc) 2.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import { symmetricEncrypt } from "../../crypto/index.mjs"; import { sec } from "../../utils/time.mjs"; import { getJwksAdapter } from "./adapter.mjs"; import { exportJWK, generateKeyPair } from "jose"; //#region src/plugins/jwt/utils.ts /** * Converts an expirationTime to ISO seconds expiration time (the format of JWT exp) * * See https://github.com/panva/jose/blob/main/src/lib/jwt_claims_set.ts#L245 * * @param expirationTime - see options.jwt.expirationTime * @param iat - the iat time to consolidate on * @returns */ function toExpJWT(expirationTime, iat) { if (typeof expirationTime === "number") return expirationTime; else if (expirationTime instanceof Date) return Math.floor(expirationTime.getTime() / 1e3); else return iat + sec(expirationTime); } async function generateExportedKeyPair(options) { const { alg, ...cfg } = options?.jwks?.keyPairConfig ?? { alg: "EdDSA", crv: "Ed25519" }; const { publicKey, privateKey } = await generateKeyPair(alg, { ...cfg, extractable: true }); return { publicWebKey: await exportJWK(publicKey), privateWebKey: await exportJWK(privateKey), alg, cfg }; } /** * Creates a Jwk on the database * * @param ctx * @param options * @returns */ async function createJwk(ctx, options) { const { publicWebKey, privateWebKey, alg, cfg } = await generateExportedKeyPair(options); const stringifiedPrivateWebKey = JSON.stringify(privateWebKey); const privateKeyEncryptionEnabled = !options?.jwks?.disablePrivateKeyEncryption; let jwk = { alg, ...cfg && "crv" in cfg ? { crv: cfg.crv } : {}, publicKey: JSON.stringify(publicWebKey), privateKey: privateKeyEncryptionEnabled ? JSON.stringify(await symmetricEncrypt({ key: ctx.context.secret, data: stringifiedPrivateWebKey })) : stringifiedPrivateWebKey, createdAt: /* @__PURE__ */ new Date(), ...options?.jwks?.rotationInterval ? { expiresAt: new Date(Date.now() + options.jwks.rotationInterval * 1e3) } : {} }; return await getJwksAdapter(ctx.context.adapter, options).createJwk(ctx, jwk); } //#endregion export { createJwk, generateExportedKeyPair, toExpJWT }; //# sourceMappingURL=utils.mjs.map