payload-auth-plugin
Version:
Authentication plugin for Payload CMS
65 lines (58 loc) • 1.9 kB
text/typescript
import * as jwt from "jose"
import { getCookieExpiration } from "payload"
export async function createSessionCookies(
name: string,
secret: string,
fieldsToSign: Record<string, unknown>,
expiration?: number,
) {
const tokenExpiration =
expiration ??
getCookieExpiration({
seconds: 7200,
}).getTime()
const secretKey = new TextEncoder().encode(secret)
const issuedAt = Math.floor(Date.now() / 1000)
const exp = issuedAt + tokenExpiration
const token = await new jwt.SignJWT(fieldsToSign)
.setProtectedHeader({ alg: "HS256", typ: "JWT" })
.setIssuedAt(issuedAt)
.setExpirationTime(exp)
.sign(secretKey)
const cookies: string[] = []
cookies.push(
`${name}=${token};Path=/;HttpOnly;SameSite=lax;Expires=${getCookieExpiration({ seconds: expiration! }).toUTCString()}`,
)
return cookies
}
export async function verifySessionCookie(token: string, secret: string) {
const secretKey = new TextEncoder().encode(secret)
return await jwt.jwtVerify<{
id: string
email: string
collection: string
iat: number
exp: number
}>(token, secretKey)
}
export function invalidateOAuthCookies(cookies: string[]) {
const expired = "Thu, 01 Jan 1970 00:00:00 GMT"
cookies.push(
`__session-oauth-state=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`,
)
cookies.push(
`__session-oauth-nonce=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`,
)
cookies.push(
`__session-code-verifier=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`,
)
cookies.push(
`__session-webpk-challenge=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`,
)
return cookies
}
export const invalidateSessionCookies = (name: string, cookies: string[]) => {
const expired = "Thu, 01 Jan 1970 00:00:00 GMT"
cookies.push(`${name}=; Path=/; HttpOnly; SameSite=Lax; Expires=${expired}`)
return cookies
}