Implement JWT

2024-06-06 13:13:21 +02:00
parent c05f0536e2
commit 544a2a55a5
3 changed files with 176 additions and 0 deletions
@@ -0,0 +1,58 @@
+import * as jose from 'jose'
+import logger from 'log'
+
+const log = logger('crypto:jwt')
+
+export type Key = jose.KeyLike | Uint8Array
+
+export class JWTcontext {
+    private constructor(
+        private readonly key: Key,
+    ) {}
+
+    public static async gen_key(): Promise<Key> {
+        log.trace("generate key")
+        return jose.generateSecret("HS512")
+    }
+    public static new(key: Key) : JWTcontext {
+        return new JWTcontext(key)
+    }
+    public static async new_random() : Promise<JWTcontext> {
+        const k = await JWTcontext.gen_key()
+        return new JWTcontext(k)
+    }
+
+    public async sign<T>(message: T, set_issued: boolean = false, exp?: number | string | Date, audience?: string | string[], issuer?: string): Promise<string> {
+        log.trace('sign JWT')
+        log.trace('Config :', {
+            set_issued,
+            exp,
+            issuer,
+        })
+
+        let jwt = new jose.SignJWT({message}).setProtectedHeader({alg: "HS512"})
+
+        if (set_issued) jwt = jwt.setIssuedAt()
+        if (issuer !== undefined) jwt = jwt.setIssuer(issuer)
+        if (audience !== undefined) jwt = jwt.setAudience(audience)
+        if (exp !== undefined) jwt = jwt.setExpirationTime(exp)
+
+        return await jwt.sign(this.key)
+    }
+
+    public async verify<T>(jwt: string, audience?: string | string[], issuer?: string | string[]): Promise<T | null> {
+        log.debug('Verify JWT')
+        log.trace('Issuer :', issuer)
+        log.trace('Audience :', audience)
+
+        try {
+            let payload = await jose.jwtVerify(jwt, this.key, {audience, issuer})
+            return payload.payload.message as T
+        } catch (e) {
+            log.warn('JWT verification failed')
+            log.debug(`Error : ${e}`)
+        }
+
+        return null
+    }
+}