Ghost/ghost/magic-link/lib/JWTTokenProvider.js
Hannah Wolfe 3dcf85d5e4 Ensured correct usage of @tryghost/errors everywhere
refs: 23b383bedf

- @tryghost/error constructors take an object, not a string - the expectation is that message, context & help should all be set
- This does the bare minimum and just ensures message is set correctly
2022-02-15 12:30:36 +00:00

53 lines
1.1 KiB
JavaScript

const {UnauthorizedError} = require('@tryghost/errors');
const jwt = require('jsonwebtoken');
/**
* @typedef {import('jsonwebtoken').Secret} Secret
* @typedef {string} JSONWebToken
*/
/**
* @typedef {Object<string, any>} Data
*/
module.exports = class JWTTokenProvider {
/**
* @param {Secret} secret
*/
constructor(secret) {
this.secret = secret;
}
/**
* @param {Data} data
* @returns {Promise<JSONWebToken>}
*/
async create(data) {
const token = jwt.sign(data, this.secret, {
algorithm: 'HS256',
expiresIn: '10m'
});
return token;
}
/**
* @param {JSONWebToken} token
* @returns {Promise<Data>}
*/
async validate(token) {
/** @type any */
const claims = jwt.verify(token, this.secret, {
algorithms: ['HS256'],
maxAge: '10m'
});
if (!claims || typeof claims === 'string') {
// @TODO: throw a detailed error message here
throw new UnauthorizedError();
}
return claims;
}
};