mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 11:55:03 +03:00
55 lines
1.4 KiB
JavaScript
55 lines
1.4 KiB
JavaScript
|
const jose = require('node-jose');
|
||
|
const jwt = require('jsonwebtoken');
|
||
|
|
||
|
module.exports = class TokenService {
|
||
|
constructor({
|
||
|
privateKey,
|
||
|
publicKey,
|
||
|
issuer
|
||
|
}) {
|
||
|
this._keyStore = jose.JWK.createKeyStore();
|
||
|
this._keyStoreReady = this._keyStore.add(privateKey, 'pem');
|
||
|
this._privateKey = privateKey;
|
||
|
this._publicKey = publicKey;
|
||
|
this._issuer = issuer;
|
||
|
}
|
||
|
|
||
|
encodeAPIToken({sub, aud = this._issuer, plans, exp}) {
|
||
|
return this._keyStoreReady.then(jwk => jwt.sign({
|
||
|
sub,
|
||
|
plans,
|
||
|
kid: jwk.kid
|
||
|
}, this._privateKey, {
|
||
|
algorithm: 'RS512',
|
||
|
audience: aud,
|
||
|
expiresIn: exp,
|
||
|
issuer: this._issuer
|
||
|
}));
|
||
|
}
|
||
|
|
||
|
encodeIdentityToken({sub}) {
|
||
|
return this._keyStoreReady.then(jwk => jwt.sign({
|
||
|
sub,
|
||
|
kid: jwk.kid
|
||
|
}, this._privateKey, {
|
||
|
algorithm: 'RS512',
|
||
|
audience: this._issuer,
|
||
|
expiresIn: '10m',
|
||
|
issuer: this._issuer
|
||
|
}));
|
||
|
}
|
||
|
|
||
|
decodeToken(token) {
|
||
|
return this._keyStoreReady.then(jwk => jwt.verify(token, this._publicKey, {
|
||
|
algorithm: 'RS512',
|
||
|
kid: jwk.kid,
|
||
|
issuer: this._issuer
|
||
|
})).then(() => jwt.decode(token));
|
||
|
}
|
||
|
|
||
|
getPublicKeys() {
|
||
|
return this._keyStoreReady.then(() => {
|
||
|
this._keyStore.toJSON();
|
||
|
});
|
||
|
}
|
||
|
};
|