ob/sprint
1
0
Fork 0
mirror of https://github.com/hex248/sprint.git synced 2026-02-08 02:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

use HS256 for JWT signing

Browse Source
This commit is contained in:
Oliver Bryan
2026-01-09 04:44:48 +00:00
parent 1603fc46ef
commit 21655c2b73
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
packages/backend/src/auth/utils.ts
View File

@@ -2,12 +2,16 @@ import bcrypt from "bcrypt";
import * as jwt from "jsonwebtoken"; import * as jwt from "jsonwebtoken";
const JWT_EXPIRES_IN = (process.env.JWT_EXPIRES_IN ?? "7d") as jwt.SignOptions["expiresIn"]; const JWT_EXPIRES_IN = (process.env.JWT_EXPIRES_IN ?? "7d") as jwt.SignOptions["expiresIn"];
const JWT_ALGORITHM = "HS256";
const requireJwtSecret = () => { const requireJwtSecret = () => {
const secret = process.env.JWT_SECRET; const secret = process.env.JWT_SECRET;
if (!secret) { if (!secret) {
throw new Error("JWT_SECRET is required"); throw new Error("JWT_SECRET is required");
} }
if (secret.length < 32) {
throw new Error("JWT_SECRET must be at least 32 characters");
}
return secret; return secret;
}; };
@@ -17,10 +21,15 @@ export const verifyPassword = (password: string, hash: string) => bcrypt.compare
export const generateToken = (userId: number) => { export const generateToken = (userId: number) => {
const secret = requireJwtSecret(); const secret = requireJwtSecret();
return jwt.sign({ userId }, secret, { expiresIn: JWT_EXPIRES_IN }); return jwt.sign({ userId }, secret, {
expiresIn: JWT_EXPIRES_IN,
algorithm: JWT_ALGORITHM,
});
}; };
export const verifyToken = (token: string) => { export const verifyToken = (token: string) => {
const secret = requireJwtSecret(); const secret = requireJwtSecret();
return jwt.verify(token, secret) as { userId: number }; return jwt.verify(token, secret, {
algorithms: [JWT_ALGORITHM],
}) as { userId: number };
}; };