fix: use @tsndr/cloudflare-worker-jwt

package.json

@@ -28,11 +28,11 @@
     "@dnd-kit/utilities": "^3.2.2",
     "@tanstack/react-query-devtools": "^5.59.9",
     "@tanstack/react-router": "^1.64.0",
+    "@tsndr/cloudflare-worker-jwt": "^3.1.2",
     "@unocss/reset": "^0.63.4",
     "cheerio": "^1.0.0",
     "clsx": "^2.1.1",
     "consola": "^3.2.3",
-    "cookie-es": "^1.2.2",
     "dayjs": "1.11.13",
     "db0": "npm:@ourongxing/db0@0.1.6",
     "defu": "^6.1.4",

pnpm-lock.yaml

@@ -32,6 +32,9 @@ importers:
       '@tanstack/react-router':
         specifier: ^1.64.0
         version: 1.64.0(@tanstack/router-generator@1.64.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      '@tsndr/cloudflare-worker-jwt':
+        specifier: ^3.1.2
+        version: 3.1.2
       '@unocss/reset':
         specifier: ^0.63.4
         version: 0.63.4
@@ -44,9 +47,6 @@ importers:
       consola:
         specifier: ^3.2.3
         version: 3.2.3
-      cookie-es:
-        specifier: ^1.2.2
-        version: 1.2.2
       dayjs:
         specifier: 1.11.13
         version: 1.11.13(patch_hash=vxjypqxmsykboavgqknf3tdbfa)
@@ -1805,6 +1805,9 @@ packages:
     resolution: {integrity: sha512-soW+gE9QTmMaqXM17r7y1p8NiQVIIECjdTaYla8BKL5Flj030m3KuxEQoiG1XgjtA0O7ayznFz2YvPcXIy3qDg==}
     engines: {node: '>=12'}
 
+  '@tsndr/cloudflare-worker-jwt@3.1.2':
+    resolution: {integrity: sha512-PWYv1/D73ThLtOsiQojAoYreQqSaH4qOSEtDLREl9SCXrH2aIyyFNAl8uo+YrYEeiSgw7ZfO2/mQYoZQcxpz0A==}
+
   '@types/babel__core@7.20.5':
     resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==}
 
@@ -6403,6 +6406,8 @@ snapshots:
 
   '@tanstack/virtual-file-routes@1.64.0': {}
 
+  '@tsndr/cloudflare-worker-jwt@3.1.2': {}
+
   '@types/babel__core@7.20.5':
     dependencies:
       '@babel/parser': 7.25.8

server/middleware/auth.ts

@@ -1,15 +1,13 @@
 import process from "node:process"
-import jwt from "jsonwebtoken"
+import jwt from "@tsndr/cloudflare-worker-jwt"
 
-export default defineEventHandler((event) => {
+export default defineEventHandler(async (event) => {
   const token = getCookie(event, "jwt")
   if (token && process.env.JWT_SECRET) {
-    try {
-      const { id: userID, exp } = jwt.verify(token, process.env.JWT_SECRET) as { id: string, exp: number }
-      if (Date.now() < exp * 1000) {
-        event.context.user = userID
-      }
-    } catch {
+    const v = await jwt.verify(token, process.env.JWT_SECRET) as { preload?: { id: string, exp: number } }
+    if (v?.preload?.id) {
+      event.context.user = v.preload.id
+    } else {
       logger.error("JWT verification failed")
     }
   }

server/routes/oauth-callback/github.ts

@@ -1,5 +1,5 @@
 import process from "node:process"
-import jwt from "jsonwebtoken"
+import jwt from "@tsndr/cloudflare-worker-jwt"
 import { UserTable } from "#/database/user"
 
 export default defineEventHandler(async (event) => {
@@ -57,13 +57,17 @@ export default defineEventHandler(async (event) => {
   const userID = String(userInfo.id)
   await userTable.addUser(userID, emailinfo.find(item => item.primary)?.email || "", "github")
 
-  const jwtToken = jwt.sign({ id: userID, type: "github" }, process.env.JWT_SECRET!, {
-    expiresIn: "70d",
-  })
+  const jwtToken = await jwt.sign({
+    id: userID,
+    type: "github",
+    // seconds
+    exp: Math.floor(Date.now() / 1000 + 65 * 24 * 60 * 60),
+  }, process.env.JWT_SECRET!)
 
-  const expires = new Date(Date.now() + 60 * 24 * 60 * 60 * 1000)
-  setCookie(event, "jwt", jwtToken, { expires })
-  setCookie(event, "avatar", userInfo.avatar_url, { expires })
-  setCookie(event, "name", userInfo.name, { expires })
+  // seconds
+  const maxAge = 60 * 24 * 60 * 60
+  setCookie(event, "jwt", jwtToken, { maxAge })
+  setCookie(event, "avatar", userInfo.avatar_url, { maxAge })
+  setCookie(event, "name", userInfo.name, { maxAge })
   return sendRedirect(event, `/?login=github`)
 })