Reorganize server files and address TODO comments
Changes:
- Remove unneeded dependencies from package.json
- Remove unneeded async build() methods from services
- Use constructor as often as possible
- Rename and move storage services for clarity
- creds.ts -> accounts.ts, and creds.json -> accounts.json
- admin-config.ts -> admin-account.ts
- vault.ts -> signing-keys.ts
- Rename ws.ts to websocket-server.ts for clarity and consistency
- Make WebSocketServer initialize using constructor and bind server upgrade to WebSocketServer.upgrade
- Remove unused send-account-message endpoint from account-router.ts
- Set issuer and audience claims for JWT
- Create new utils/jwt.ts file to remove code duplication for JWT signing and verifying
- Delete utils.ts and merge it with jami-swig.ts
- Handle potentially undefined types in jami-swig.ts
- Replace hard to read one-liners with functions in jami-swig.ts
- Rename types in jami-swig.ts for consistency with daemon
- Remove handled/answered TODO comments
- Remove TODO comment about using .env for jamid.node as it does not work for require()
GitLab: #87
Change-Id: I1e5216ffa79ea34dd7e9b61540fb7e37d1f66c9f
diff --git a/server/src/utils/jwt.ts b/server/src/utils/jwt.ts
new file mode 100644
index 0000000..672c5c3
--- /dev/null
+++ b/server/src/utils/jwt.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2022 Savoir-faire Linux Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation; either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this program. If not, see
+ * <https://www.gnu.org/licenses/>.
+ */
+import { jwtVerify, JWTVerifyResult, SignJWT } from 'jose';
+import { Container } from 'typedi';
+
+import { SigningKeys } from '../storage/signing-keys.js';
+
+const jwtIssuer = 'https://jami.net/';
+const jwtAudience = 'https://jami.net/';
+
+const signingKeys = Container.get(SigningKeys);
+
+export async function signJwt(accountId: string): Promise<string> {
+ return new SignJWT({ accountId })
+ .setProtectedHeader({ alg: 'EdDSA' })
+ .setIssuedAt()
+ .setIssuer(jwtIssuer)
+ .setAudience(jwtAudience)
+ .setExpirationTime('2h')
+ .sign(signingKeys.privateKey);
+}
+
+export async function verifyJwt(token: string): Promise<JWTVerifyResult> {
+ return jwtVerify(token, signingKeys.publicKey, {
+ issuer: jwtIssuer,
+ audience: jwtAudience,
+ });
+}