secure-express-setup/lib/jwtSecurity.js

Military-grade one-command security setup for Express.js applications

const jwt = require('jsonwebtoken');

function setupJwtSecurity(secret) {
  return {
    // Generate JWT with expiration
    sign: (payload, expiresIn = '1h') => {
      return jwt.sign(payload, secret, { 
        expiresIn,
        issuer: 'secure-express-setup',
        audience: 'api-users'
      });
    },

    // Verify JWT
    verify: (token) => {
      try {
        return jwt.verify(token, secret, {
          issuer: 'secure-express-setup',
          audience: 'api-users'
        });
      } catch (err) {
        throw new Error('Invalid token');
      }
    },

    // Middleware to protect routes
    protect: (req, res, next) => {
      const token = req.headers.authorization?.split(' ')[1];
      
      if (!token) {
        return res.status(401).json({ error: 'No token provided' });
      }

      try {
        const decoded = jwt.verify(token, secret);
        req.user = decoded;
        next();
      } catch (err) {
        return res.status(401).json({ error: 'Invalid or expired token' });
      }
    },

    // Refresh token
    refresh: (oldToken) => {
      try {
        const decoded = jwt.verify(oldToken, secret, { ignoreExpiration: true });
        delete decoded.iat;
        delete decoded.exp;
        return jwt.sign(decoded, secret, { expiresIn: '1h' });
      } catch (err) {
        throw new Error('Cannot refresh token');
      }
    }
  };
}

module.exports = setupJwtSecurity;