diff --git a/package.json b/package.json index 0e86e55..0be169d 100644 --- a/package.json +++ b/package.json @@ -28,11 +28,11 @@ "@dnd-kit/utilities": "^3.2.2", "@tanstack/react-query-devtools": "^5.59.9", "@tanstack/react-router": "^1.64.0", + "@tsndr/cloudflare-worker-jwt": "^3.1.2", "@unocss/reset": "^0.63.4", "cheerio": "^1.0.0", "clsx": "^2.1.1", "consola": "^3.2.3", - "cookie-es": "^1.2.2", "dayjs": "1.11.13", "db0": "npm:@ourongxing/db0@0.1.6", "defu": "^6.1.4", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 1a1c52a..7aa1011 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -32,6 +32,9 @@ importers: '@tanstack/react-router': specifier: ^1.64.0 version: 1.64.0(@tanstack/router-generator@1.64.0)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + '@tsndr/cloudflare-worker-jwt': + specifier: ^3.1.2 + version: 3.1.2 '@unocss/reset': specifier: ^0.63.4 version: 0.63.4 @@ -44,9 +47,6 @@ importers: consola: specifier: ^3.2.3 version: 3.2.3 - cookie-es: - specifier: ^1.2.2 - version: 1.2.2 dayjs: specifier: 1.11.13 version: 1.11.13(patch_hash=vxjypqxmsykboavgqknf3tdbfa) @@ -1805,6 +1805,9 @@ packages: resolution: {integrity: sha512-soW+gE9QTmMaqXM17r7y1p8NiQVIIECjdTaYla8BKL5Flj030m3KuxEQoiG1XgjtA0O7ayznFz2YvPcXIy3qDg==} engines: {node: '>=12'} + '@tsndr/cloudflare-worker-jwt@3.1.2': + resolution: {integrity: sha512-PWYv1/D73ThLtOsiQojAoYreQqSaH4qOSEtDLREl9SCXrH2aIyyFNAl8uo+YrYEeiSgw7ZfO2/mQYoZQcxpz0A==} + '@types/babel__core@7.20.5': resolution: {integrity: sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==} @@ -6403,6 +6406,8 @@ snapshots: '@tanstack/virtual-file-routes@1.64.0': {} + '@tsndr/cloudflare-worker-jwt@3.1.2': {} + '@types/babel__core@7.20.5': dependencies: '@babel/parser': 7.25.8 diff --git a/server/middleware/auth.ts b/server/middleware/auth.ts index 19f7f3d..f9ce5c3 100644 --- a/server/middleware/auth.ts +++ b/server/middleware/auth.ts @@ -1,15 +1,13 @@ import process from "node:process" -import jwt from "jsonwebtoken" +import jwt from "@tsndr/cloudflare-worker-jwt" -export default defineEventHandler((event) => { +export default defineEventHandler(async (event) => { const token = getCookie(event, "jwt") if (token && process.env.JWT_SECRET) { - try { - const { id: userID, exp } = jwt.verify(token, process.env.JWT_SECRET) as { id: string, exp: number } - if (Date.now() < exp * 1000) { - event.context.user = userID - } - } catch { + const v = await jwt.verify(token, process.env.JWT_SECRET) as { preload?: { id: string, exp: number } } + if (v?.preload?.id) { + event.context.user = v.preload.id + } else { logger.error("JWT verification failed") } } diff --git a/server/routes/oauth-callback/github.ts b/server/routes/oauth-callback/github.ts index 1a13ec1..207bb08 100644 --- a/server/routes/oauth-callback/github.ts +++ b/server/routes/oauth-callback/github.ts @@ -1,5 +1,5 @@ import process from "node:process" -import jwt from "jsonwebtoken" +import jwt from "@tsndr/cloudflare-worker-jwt" import { UserTable } from "#/database/user" export default defineEventHandler(async (event) => { @@ -57,13 +57,17 @@ export default defineEventHandler(async (event) => { const userID = String(userInfo.id) await userTable.addUser(userID, emailinfo.find(item => item.primary)?.email || "", "github") - const jwtToken = jwt.sign({ id: userID, type: "github" }, process.env.JWT_SECRET!, { - expiresIn: "70d", - }) + const jwtToken = await jwt.sign({ + id: userID, + type: "github", + // seconds + exp: Math.floor(Date.now() / 1000 + 65 * 24 * 60 * 60), + }, process.env.JWT_SECRET!) - const expires = new Date(Date.now() + 60 * 24 * 60 * 60 * 1000) - setCookie(event, "jwt", jwtToken, { expires }) - setCookie(event, "avatar", userInfo.avatar_url, { expires }) - setCookie(event, "name", userInfo.name, { expires }) + // seconds + const maxAge = 60 * 24 * 60 * 60 + setCookie(event, "jwt", jwtToken, { maxAge }) + setCookie(event, "avatar", userInfo.avatar_url, { maxAge }) + setCookie(event, "name", userInfo.name, { maxAge }) return sendRedirect(event, `/?login=github`) })