mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-26 12:21:36 +03:00
3dcf85d5e4
refs: 23b383bedf
- @tryghost/error constructors take an object, not a string - the expectation is that message, context & help should all be set
- This does the bare minimum and just ensures message is set correctly
53 lines
1.1 KiB
JavaScript
53 lines
1.1 KiB
JavaScript
const {UnauthorizedError} = require('@tryghost/errors');
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
/**
|
|
* @typedef {import('jsonwebtoken').Secret} Secret
|
|
* @typedef {string} JSONWebToken
|
|
*/
|
|
|
|
/**
|
|
* @typedef {Object<string, any>} Data
|
|
*/
|
|
|
|
module.exports = class JWTTokenProvider {
|
|
/**
|
|
* @param {Secret} secret
|
|
*/
|
|
constructor(secret) {
|
|
this.secret = secret;
|
|
}
|
|
|
|
/**
|
|
* @param {Data} data
|
|
* @returns {Promise<JSONWebToken>}
|
|
*/
|
|
async create(data) {
|
|
const token = jwt.sign(data, this.secret, {
|
|
algorithm: 'HS256',
|
|
expiresIn: '10m'
|
|
});
|
|
|
|
return token;
|
|
}
|
|
|
|
/**
|
|
* @param {JSONWebToken} token
|
|
* @returns {Promise<Data>}
|
|
*/
|
|
async validate(token) {
|
|
/** @type any */
|
|
const claims = jwt.verify(token, this.secret, {
|
|
algorithms: ['HS256'],
|
|
maxAge: '10m'
|
|
});
|
|
|
|
if (!claims || typeof claims === 'string') {
|
|
// @TODO: throw a detailed error message here
|
|
throw new UnauthorizedError();
|
|
}
|
|
|
|
return claims;
|
|
}
|
|
};
|