initial commit

2026-05-13 14:20:41 +00:00
commit 6e178d2012
6022 changed files with 399872 additions and 0 deletions
@@ -0,0 +1,55 @@
+import crypto from 'node:crypto';
+import jwt from 'jsonwebtoken';
+
+const ACCESS_TTL_SEC = Number(process.env.ACCESS_TOKEN_TTL_SEC || 900);
+
+export function hashToken(value) {
+  return crypto.createHash('sha256').update(value, 'utf8').digest('hex');
+}
+
+export function generateRefreshToken() {
+  return crypto.randomBytes(48).toString('base64url');
+}
+
+export function generateCsrfToken() {
+  return crypto.randomBytes(32).toString('base64url');
+}
+
+export function signAccessToken(user, sessionId) {
+  return jwt.sign(
+    {
+      sub: user.id,
+      email: user.email,
+      role: user.role,
+      sid: sessionId,
+    },
+    process.env.JWT_SECRET,
+    {
+      issuer: process.env.JWT_ISSUER || 'uno-click-bff',
+      audience: process.env.JWT_AUDIENCE || 'uno-click-web',
+      expiresIn: ACCESS_TTL_SEC,
+    }
+  );
+}
+
+export function verifyAccessToken(token) {
+  return jwt.verify(token, process.env.JWT_SECRET, {
+    issuer: process.env.JWT_ISSUER || 'uno-click-bff',
+    audience: process.env.JWT_AUDIENCE || 'uno-click-web',
+  });
+}
+
+export function verifyRefreshToken(token) {
+  return jwt.verify(token, process.env.JWT_SECRET, {
+    issuer: process.env.JWT_ISSUER || 'uno-click-bff',
+    audience: process.env.JWT_AUDIENCE || 'uno-click-web',
+  });
+}
+
+export function signRefreshToken(payload) {
+  return jwt.sign(payload, process.env.JWT_SECRET, {
+    issuer: process.env.JWT_ISSUER || 'uno-click-bff',
+    audience: process.env.JWT_AUDIENCE || 'uno-click-web',
+    expiresIn: '30d',
+  });
+}