UNPKG

next-auth

Version:

Authentication for Next.js

authjs.dev

nextauthjs/next-auth

45 lines (39 loc) 1.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import { createHash } from "crypto" import type { AuthOptions } from "../.." import type { InternalOptions } from "../types" import type { InternalUrl } from "../../utils/parse-url" /** * Takes a number in seconds and returns the date in the future. * Optionally takes a second date parameter. In that case * the date in the future will be calculated from that date instead of now. */ export function fromDate(time: number, date = Date.now()) { return new Date(date + time * 1000) } export function hashToken(token: string, options: InternalOptions<"email">) { const { provider, secret } = options return ( createHash("sha256") // Prefer provider specific secret, but use default secret if none specified .update(`${token}${provider.secret ?? secret}`) .digest("hex") ) } /** * Secret used salt cookies and tokens (e.g. for CSRF protection). * If no secret option is specified then it creates one on the fly * based on options passed here. If options contains unique data, such as * OAuth provider secrets and database credentials it should be sufficent. If no secret provided in production, we throw an error. */ export function createSecret(params: { authOptions: AuthOptions url: InternalUrl }) { const { authOptions, url } = params return ( authOptions.secret ?? // TODO: Remove falling back to default secret, and error in dev if one isn't provided createHash("sha256") .update(JSON.stringify({ ...url, ...authOptions })) .digest("hex") ) }