From 36d40cbe4086783ed96228f93d06adc4f798866c Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Fri, 5 May 2023 17:19:15 +0200
Subject: [PATCH] new jwt functions

---
 backend/src/auth/CustomJwtPayload.ts |  4 ++--
 backend/src/auth/JWT.ts              | 25 ++++++++++++++++++-------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/backend/src/auth/CustomJwtPayload.ts b/backend/src/auth/CustomJwtPayload.ts
index 7966b413e..e20e5b272 100644
--- a/backend/src/auth/CustomJwtPayload.ts
+++ b/backend/src/auth/CustomJwtPayload.ts
@@ -1,5 +1,5 @@
-import { JwtPayload } from 'jsonwebtoken'
+import { JWTPayload } from 'jose'
 
-export interface CustomJwtPayload extends JwtPayload {
+export interface CustomJwtPayload extends JWTPayload {
   gradidoID: string
 }
diff --git a/backend/src/auth/JWT.ts b/backend/src/auth/JWT.ts
index 75a69cd0c..4f5d645c2 100644
--- a/backend/src/auth/JWT.ts
+++ b/backend/src/auth/JWT.ts
@@ -1,22 +1,33 @@
-import { verify, sign } from 'jsonwebtoken'
+import { SignJWT, jwtVerify } from 'jose'
 
 import { CONFIG } from '@/config/'
 import { LogError } from '@/server/LogError'
 
 import { CustomJwtPayload } from './CustomJwtPayload'
 
-export const decode = (token: string): CustomJwtPayload | null => {
+export const decode = async (token: string): Promise<CustomJwtPayload | null> => {
   if (!token) throw new LogError('401 Unauthorized')
+
   try {
-    return <CustomJwtPayload>verify(token, CONFIG.JWT_SECRET)
+    const secret = new TextEncoder().encode(CONFIG.JWT_SECRET)
+    const { payload } = await jwtVerify(token, secret, {
+      issuer: 'urn:example:issuer', // TODO urn
+      audience: 'urn:example:audience', // TODO urn
+    })
+    return payload as CustomJwtPayload
   } catch (err) {
     return null
   }
 }
 
-export const encode = (gradidoID: string): string => {
-  const token = sign({ gradidoID }, CONFIG.JWT_SECRET, {
-    expiresIn: CONFIG.JWT_EXPIRES_IN,
-  })
+export const encode = async (gradidoID: string): Promise<string> => {
+  const secret = new TextEncoder().encode(CONFIG.JWT_SECRET)
+  const token = await new SignJWT({ gradidoID, 'urn:example:claim': true }) // TODO urn
+    .setProtectedHeader({ alg: 'HS256' })
+    .setIssuedAt()
+    .setIssuer('urn:example:issuer') // TODO urn
+    .setAudience('urn:example:audience') // TODO urn
+    .setExpirationTime(CONFIG.JWT_EXPIRES_IN)
+    .sign(secret)
   return token
 }