fix: test jose to sign jwt

2025-01-19 03:09:14 +08:00 · 2024-10-14 01:20:43 +08:00 · 2024-10-14 01:20:43 +08:00 · e4b029e732
commit e4b029e732
parent 39ff4ded3d
4 changed files with 38 additions and 10 deletions
--- a/package.json
+++ b/package.json
@ -26,6 +26,7 @@
    "@dnd-kit/core": "^6.1.0",
    "@dnd-kit/sortable": "^8.0.0",
    "@dnd-kit/utilities": "^3.2.2",
+    "@oslojs/jwt": "^0.2.0",
    "@tanstack/react-query-devtools": "^5.59.9",
    "@tanstack/react-router": "^1.64.0",
    "@tsndr/cloudflare-worker-jwt": "^3.1.2",
@ -40,6 +41,7 @@
    "framer-motion": "^11.11.8",
    "h3": "^1.13.0",
    "iconv-lite": "^0.6.3",
+    "jose": "^5.9.4",
    "jotai": "^2.10.0",
    "jsonwebtoken": "^9.0.2",
    "libsql": "^0.4.6",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -26,6 +26,9 @@ importers:
      '@dnd-kit/utilities':
        specifier: ^3.2.2
        version: 3.2.2(react@18.3.1)
+      '@oslojs/jwt':
+        specifier: ^0.2.0
+        version: 0.2.0
      '@tanstack/react-query-devtools':
        specifier: ^5.59.9
        version: 5.59.9(@tanstack/react-query@5.59.9(react@18.3.1))(react@18.3.1)
@ -68,6 +71,9 @@ importers:
      iconv-lite:
        specifier: ^0.6.3
        version: 0.6.3
+      jose:
+        specifier: ^5.9.4
+        version: 5.9.4
      jotai:
        specifier: ^2.10.0
        version: 2.10.0(@types/react@18.3.11)(react@18.3.1)
@ -1336,6 +1342,12 @@ packages:
    resolution: {integrity: sha512-T8TbSnGsxo6TDBJx/Sgv/BlVJL3tshxZP7Aq5R1mSnM5OcHY2dQaxLMu2+E8u3gN0MLOzdjurqN4ZRVuzQycOQ==}
    engines: {node: '>=8.0'}

+  '@oslojs/encoding@0.4.1':
+    resolution: {integrity: sha512-hkjo6MuIK/kQR5CrGNdAPZhS01ZCXuWDRJ187zh6qqF2+yMHZpD9fAYpX8q2bOO6Ryhl3XpCT6kUX76N8hhm4Q==}
+
+  '@oslojs/jwt@0.2.0':
+    resolution: {integrity: sha512-bLE7BtHrURedCn4Mco3ma9L4Y1GR2SMBuIvjWr7rmQ4/W/4Jy70TIAgZ+0nIlk0xHz1vNP8x8DCns45Sb2XRbg==}
+
  '@ourongxing/db0@0.1.6':
    resolution: {integrity: sha512-FVrPq9quQjHyJ2qq1N11rcXKsIGqlV9M/XWkGGXZUhLsU3oC/op0xgd7WwAxAZdITFy2sLe2eWER5mLu8HBC8A==}
    peerDependencies:
@ -3496,6 +3508,9 @@ packages:
    resolution: {integrity: sha512-pmfRbVRs/7khFrSAYnSiJ8C0D5GvzkE4Ey2pAvUcJsw1ly/p+7ut27jbJrjY79BpAJQJ4gXYFtK6d1Aub+9baQ==}
    hasBin: true

+  jose@5.9.4:
+    resolution: {integrity: sha512-WBBl6au1qg6OHj67yCffCgFR3BADJBXN8MdRvCgJDuMv3driV2nHr7jdGvaKX9IolosAsn+M0XRArqLXUhyJHQ==}
+
  jotai@2.10.0:
    resolution: {integrity: sha512-8W4u0aRlOIwGlLQ0sqfl/c6+eExl5D8lZgAUolirZLktyaj4WnxO/8a0HEPmtriQAB6X5LMhXzZVmw02X0P0qQ==}
    engines: {node: '>=12.20.0'}
@ -6018,6 +6033,12 @@ snapshots:

  '@oozcitak/util@8.3.8': {}

+  '@oslojs/encoding@0.4.1': {}
+
+  '@oslojs/jwt@0.2.0':
+    dependencies:
+      '@oslojs/encoding': 0.4.1
+
  '@ourongxing/db0@0.1.6(@libsql/client@0.14.0)(libsql@0.4.6)':
    optionalDependencies:
      '@libsql/client': 0.14.0
@ -8470,6 +8491,8 @@ snapshots:

  jiti@2.0.0-beta.3: {}

+  jose@5.9.4: {}
+
  jotai@2.10.0(@types/react@18.3.11)(react@18.3.1):
    optionalDependencies:
      '@types/react': 18.3.11
--- a/server/middleware/auth.ts
+++ b/server/middleware/auth.ts
@ -1,13 +1,15 @@
 import process from "node:process"
-import jwt from "@tsndr/cloudflare-worker-jwt"
+import { jwtVerify } from "jose"

 export default defineEventHandler(async (event) => {
  const token = getCookie(event, "jwt")
  if (token && process.env.JWT_SECRET) {
-    const v = await jwt.verify(token, process.env.JWT_SECRET) as { preload?: { id: string, exp: number } }
-    if (v?.preload?.id) {
-      event.context.user = v.preload.id
-    } else {
+    try {
+      const { payload } = await jwtVerify(token, new TextEncoder().encode(process.env.JWT_SECRET)) as { payload?: { id: string, type: string } }
+      if (payload?.id) {
+        event.context.user = payload.id
+      }
+    } catch {
      logger.error("JWT verification failed")
    }
  }
--- a/server/routes/oauth-callback/github.ts
+++ b/server/routes/oauth-callback/github.ts
@ -1,5 +1,5 @@
 import process from "node:process"
-import jwt from "@tsndr/cloudflare-worker-jwt"
+import { SignJWT } from "jose"
 import { UserTable } from "#/database/user"

 export default defineEventHandler(async (event) => {
@ -57,12 +57,13 @@ export default defineEventHandler(async (event) => {
  const userID = String(userInfo.id)
  await userTable.addUser(userID, emailinfo.find(item => item.primary)?.email || "", "github")

-  const jwtToken = await jwt.sign({
+  const jwtToken = await new SignJWT({
    id: userID,
    type: "github",
-    // seconds
-    exp: Math.floor(Date.now() / 1000 + 65 * 24 * 60 * 60),
-  }, process.env.JWT_SECRET!)
+  })
+    .setExpirationTime("65d")
+    .setProtectedHeader({ alg: "HS256" })
+    .sign(new TextEncoder().encode(process.env.JWT_SECRET!))

  // seconds
  const maxAge = 60 * 24 * 60 * 60