Make Smapi responsible for turning app token into encrypted jwt (#71)

2025-12-22 01:43:29 +01:00 · 2021-11-04 14:04:56 +11:00
parent 2d4f201d08
commit 9d76c92e69
10 changed files with 638 additions and 584 deletions
--- a/src/encryption.ts
+++ b/src/encryption.ts
@@ -1,33 +1,89 @@
-import { createCipheriv, createDecipheriv, randomBytes, createHash } from "crypto";
+import {
+  createCipheriv,
+  createDecipheriv,
+  randomBytes,
+  createHash,
+} from "crypto";
+import jwt from "jsonwebtoken";

-const ALGORITHM = "aes-256-cbc"
+const ALGORITHM = "aes-256-cbc";
 const IV = randomBytes(16);

+export type Signer = {
+  sign: (value: string) => string;
+  verify: (token: string) => string;
+};
+
+export const pSigner = (signer: Signer) => ({
+  sign: (value: string): Promise<string> => {
+    return new Promise((resolve, reject) => {
+      try {
+        return resolve(signer.sign(value));
+      } catch(e) {
+        reject(`Failed to sign value: ${e}`);
+      }
+    });
+  },
+  verify: (token: string): Promise<string> => {
+    return new Promise((resolve, reject) => {
+      try {
+        return resolve(signer.verify(token));
+      }catch(e) {
+        reject(`Failed to verify value: ${e}`);
+      }
+    });
+  }
+ });
+
+export const jwtTokenSigner = (secret: string) => ({
+  sign: (value: string) => jwt.sign(value, secret),
+  verify: (token: string) => {
+    try {
+      return jwt.verify(token, secret) as string;
+    } catch (e) {
+      throw `Failed to decode jwt, try re-authorising account`;
+    }
+  },
+});
+
 export type Hash = {
-  iv: string,
-  encryptedData: string
-}
+  iv: string;
+  encryptedData: string;
+};

 export type Encryption = {
-  encrypt: (value:string) => Hash
-  decrypt: (hash: Hash) => string
-}
+  encrypt: (value: string) => Hash;
+  decrypt: (hash: Hash) => string;
+};

 const encryption = (secret: string): Encryption => {
-  const key = createHash('sha256').update(String(secret)).digest('base64').substr(0, 32);
+  const key = createHash("sha256")
+    .update(String(secret))
+    .digest("base64")
+    .substr(0, 32);
  return {
    encrypt: (value: string) => {
      const cipher = createCipheriv(ALGORITHM, key, IV);
-      return { 
-        iv: IV.toString("hex"), 
-        encryptedData: Buffer.concat([cipher.update(value), cipher.final()]).toString("hex") 
+      return {
+        iv: IV.toString("hex"),
+        encryptedData: Buffer.concat([
+          cipher.update(value),
+          cipher.final(),
+        ]).toString("hex"),
      };
    },
    decrypt: (hash: Hash) => {
-      const decipher = createDecipheriv(ALGORITHM, key, Buffer.from(hash.iv, 'hex'));
-      return Buffer.concat([decipher.update(Buffer.from(hash.encryptedData, 'hex')), decipher.final()]).toString();
-    }
-  }
-}
+      const decipher = createDecipheriv(
+        ALGORITHM,
+        key,
+        Buffer.from(hash.iv, "hex")
+      );
+      return Buffer.concat([
+        decipher.update(Buffer.from(hash.encryptedData, "hex")),
+        decipher.final(),
+      ]).toString();
+    },
+  };
+};

 export default encryption;