UNPKG

payload-auth-plugin

Version:

Authentication plugin for Payload CMS

github.com/authsmith/payload-auth-plugin

authsmith/payload-auth-plugin

39 lines (38 loc) 1.73 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// src/core/utils/cookies.ts import * as jwt from "jose"; import { getCookieExpiration } from "payload"; async function createSessionCookies(name, secret, fieldsToSign, expiration) { const tokenExpiration = expiration ?? getCookieExpiration({ seconds: 7200 }).getTime(); const secretKey = new TextEncoder().encode(secret); const issuedAt = Math.floor(Date.now() / 1000); const exp = issuedAt + tokenExpiration; const token = await new jwt.SignJWT(fieldsToSign).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuedAt(issuedAt).setExpirationTime(exp).sign(secretKey); const cookies = []; cookies.push(`${name}=${token};Path=/;HttpOnly;SameSite=lax;Expires=${getCookieExpiration({ seconds: expiration }).toUTCString()}`); return cookies; } async function verifySessionCookie(token, secret) { const secretKey = new TextEncoder().encode(secret); return await jwt.jwtVerify(token, secretKey); } function invalidateOAuthCookies(cookies) { const expired = "Thu, 01 Jan 1970 00:00:00 GMT"; cookies.push(`__session-oauth-state=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`); cookies.push(`__session-oauth-nonce=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`); cookies.push(`__session-code-verifier=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`); cookies.push(`__session-webpk-challenge=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`); return cookies; } var invalidateSessionCookies = (name, cookies) => { const expired = "Thu, 01 Jan 1970 00:00:00 GMT"; cookies.push(`${name}=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`); return cookies; }; export { verifySessionCookie, invalidateSessionCookies, invalidateOAuthCookies, createSessionCookies };