Merge pull request #14 from blinkafrica/ref/jwt-handler

ref: jwt handler
blinkafrica · May 22, 2024 · 65f7084 · 65f7084
2 parents f098418 + ba40685
commit 65f7084
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 11 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@blinkclaud/octobus",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "A toolkit for Blink HQ's microservices",
   "author": "Blink HQ",
   "private": false,
@@ -38,7 +38,7 @@
     "@faker-js/faker": "^8.4.1",
     "@nestjs/cache-manager": "^2.2.1",
     "@nestjs/common": "^10.0.0",
-    "@nestjs/config": "^3.2.0",
+    "@nestjs/config": "^3.2.2",
     "@nestjs/core": "^10.0.0",
     "@nestjs/jwt": "^10.2.0",
     "@nestjs/mapped-types": "*",
@@ -56,6 +56,8 @@
     "bunyan": "^1.8.15",
     "cache-manager": "^5.4.0",
     "helmet": "^7.1.0",
+    "jose": "^5.3.0",
+    "jsonwebtoken": "^9.0.2",
     "moment": "^2.30.1",
     "mongoose": "^8.1.1",
     "nanoid": "3.3.4",

diff --git a/src/http/jwt.ts b/src/http/jwt.ts
@@ -1,3 +1,4 @@
+import { EncryptJWT, jwtDecrypt } from 'jose';
 import { sign, verify } from 'jsonwebtoken';
 
 /**
@@ -20,6 +21,39 @@ export const encode = async (secret: string, timeout: string, payload: any) => {
  * @param token token to be verified
  * @returns the claims
  */
-export const decode = async (secret: string, token: string) => {
-  return verify(token, secret);
+export const decode = async <T>(secret: string, token: string): Promise<T> => {
+  return verify(token, secret) as T;
 };
+
+/**
+ * Sign and encrypt data as a JWT token
+ * @param secret secret for signing and encrypting
+ * @param timeout how long before the JWT expires. This is intentionally required
+ * @param data data to encoode and encrypt
+ * @returns encrypted JWT token
+ */
+export function encodeJose(
+  secret: Uint8Array,
+  timeout: string,
+  data: any
+): Promise<string> {
+  return new EncryptJWT({ 'urn:custom:claim': data })
+    .setProtectedHeader({ alg: 'dir', enc: 'A256GCM' })
+    .setIssuedAt()
+    .setExpirationTime(timeout)
+    .encrypt(secret);
+}
+
+/**
+ * Decrypts and decodes tokens signed using `encode`.
+ * @param secret secret used to `encode`
+ * @param token token to be verified
+ * @returns the claims
+ */
+export async function decodeJose<T = any>(
+  secret: Uint8Array,
+  token: string
+): Promise<T> {
+  const { payload } = await jwtDecrypt(token, secret);
+  return payload['urn:custom:claim'] as T;
+}
diff --git a/yarn.lock b/yarn.lock
@@ -994,12 +994,12 @@
     iterare "1.2.1"
     tslib "2.6.2"
 
-"@nestjs/config@^3.2.0":
-  version "3.2.0"
-  resolved "https://registry.yarnpkg.com/@nestjs/config/-/config-3.2.0.tgz#4ca70f88b0636f86741ba192dd51dd2f01eaa7c1"
-  integrity sha512-BpYRn57shg7CH35KGT6h+hT7ZucB6Qn2B3NBNdvhD4ApU8huS5pX/Wc2e/aO5trIha606Bz2a9t9/vbiuTBTww==
+"@nestjs/config@^3.2.2":
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/@nestjs/config/-/config-3.2.2.tgz#7e895edb2878564e0a7fc411614902b0330ca940"
+  integrity sha512-vGICPOui5vE6kPz1iwQ7oCnp3qWgqxldPmBQ9onkVoKlBtyc83KJCr7CjuVtf4OdovMAVcux1d8Q6jglU2ZphA==
   dependencies:
-    dotenv "16.4.1"
+    dotenv "16.4.5"
     dotenv-expand "10.0.0"
     lodash "4.17.21"
     uuid "9.0.1"
@@ -2822,7 +2822,12 @@ dotenv-expand@10.0.0:
   resolved "https://registry.yarnpkg.com/dotenv-expand/-/dotenv-expand-10.0.0.tgz#12605d00fb0af6d0a592e6558585784032e4ef37"
   integrity sha512-GopVGCpVS1UKH75VKHGuQFqS1Gusej0z4FyQkPdwjil2gNIv+LNsqBlboOzpJFZKVT95GkCyWJbBSdFEFUWI2A==
 
-dotenv@16.4.1, dotenv@^16.0.3:
+dotenv@16.4.5:
+  version "16.4.5"
+  resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.5.tgz#cdd3b3b604cb327e286b4762e13502f717cb099f"
+  integrity sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==
+
+dotenv@^16.0.3:
   version "16.4.1"
   resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.1.tgz#1d9931f1d3e5d2959350d1250efab299561f7f11"
   integrity sha512-CjA3y+Dr3FyFDOAMnxZEGtnW9KBR2M0JvvUtXNW+dYJL5ROWxP9DUHCwgFqpMk0OXCc0ljhaNTr2w/kutYIcHQ==
@@ -4567,6 +4572,11 @@ jest@^29.5.0:
     import-local "^3.0.2"
     jest-cli "^29.7.0"
 
+jose@^5.3.0:
+  version "5.3.0"
+  resolved "https://registry.yarnpkg.com/jose/-/jose-5.3.0.tgz#61dadf6399e0141d621ad18c1b36a0d6ab17a972"
+  integrity sha512-IChe9AtAE79ru084ow8jzkN2lNrG3Ntfiv65Cvj9uOCE2m5LNsdHG+9EbxWxAoWRF9TgDOqLN5jm08++owDVRg==
+
 js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
@@ -4643,7 +4653,7 @@ jsonfile@^6.0.1:
   optionalDependencies:
     graceful-fs "^4.1.6"
 
-jsonwebtoken@9.0.2, jsonwebtoken@^9.0.0:
+jsonwebtoken@9.0.2, jsonwebtoken@^9.0.0, jsonwebtoken@^9.0.2:
   version "9.0.2"
   resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz#65ff91f4abef1784697d40952bb1998c504caaf3"
   integrity sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==