| Misha Krieger-Raynauld | b933fbb | 2022-11-15 15:11:09 -0500 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2022 Savoir-faire Linux Inc. |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU Affero General Public License as |
| 6 | * published by the Free Software Foundation; either version 3 of the |
| 7 | * License, or (at your option) any later version. |
| 8 | * |
| 9 | * This program is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU Affero General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU Affero General Public |
| 15 | * License along with this program. If not, see |
| 16 | * <https://www.gnu.org/licenses/>. |
| 17 | */ |
| 18 | import { jwtVerify, JWTVerifyResult, SignJWT } from 'jose'; |
| 19 | import { Container } from 'typedi'; |
| 20 | |
| 21 | import { SigningKeys } from '../storage/signing-keys.js'; |
| 22 | |
| 23 | const jwtIssuer = 'https://jami.net/'; |
| 24 | const jwtAudience = 'https://jami.net/'; |
| 25 | |
| 26 | const signingKeys = Container.get(SigningKeys); |
| 27 | |
| 28 | export async function signJwt(accountId: string): Promise<string> { |
| 29 | return new SignJWT({ accountId }) |
| 30 | .setProtectedHeader({ alg: 'EdDSA' }) |
| 31 | .setIssuedAt() |
| 32 | .setIssuer(jwtIssuer) |
| 33 | .setAudience(jwtAudience) |
| 34 | .setExpirationTime('2h') |
| 35 | .sign(signingKeys.privateKey); |
| 36 | } |
| 37 | |
| 38 | export async function verifyJwt(token: string): Promise<JWTVerifyResult> { |
| 39 | return jwtVerify(token, signingKeys.publicKey, { |
| 40 | issuer: jwtIssuer, |
| 41 | audience: jwtAudience, |
| 42 | }); |
| 43 | } |