JSON Web Tokens
We'll be using JWT's for auth. Let's create some methods for handling them in the same /lib/auth.ts.
Create a JWT:
export const createJWT = (user) => {
// return jwt.sign({ id: user.id }, 'cookies')
const iat = Math.floor(Date.now() / 1000);
const exp = iat + 60 * 60 * 24 * 7;
return new SignJWT({ payload: { id: user.id, email: user.email } })
.setProtectedHeader({ alg: "HS256", typ: "JWT" })
.setExpirationTime(exp)
.setIssuedAt(iat)
.setNotBefore(iat)
.sign(new TextEncoder().encode(process.env.JWT_SECRET));
};
Validate a JWT:
export const validateJWT = async (jwt) => {
const { payload } = await jwtVerify(
jwt,
new TextEncoder().encode(process.env.JWT_SECRET)
);
return payload.payload as any;
};
Getting the JWT from cookies:
export const getUserFromCookie = async (cookies) => {
const jwt = cookies.get(process.env.COOKIE_NAME);
const { id } = await validateJWT(jwt.value);
const user = await db.user.findUnique({
where: {
id: id as string,
},
});
return user;
};