basilic/apps/api/src/db/passkey-callback.ts at 06ce237deac71fcdd686deb670b795c2101c3dee · blockmatic/basilic · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import { decrypt, encrypt } from '../lib/crypto.js'
import type { PasskeyCallback } from './schema/tables/passkey-callback.js'

export function encryptPasskeyTokens(payload: { accessToken: string; refreshToken: string }): {
  accessToken: string
  refreshToken: string
} {
  const accessEncrypted = encrypt(payload.accessToken)
  const refreshEncrypted = encrypt(payload.refreshToken)
  if (!accessEncrypted || !refreshEncrypted) throw new Error('Passkey token encryption failed')
  return { accessToken: accessEncrypted, refreshToken: refreshEncrypted }
}

export function decryptPasskeyTokens(record: PasskeyCallback): PasskeyCallback {
  const accessDecrypted = decrypt(record.accessToken)
  const refreshDecrypted = decrypt(record.refreshToken)
  if (!accessDecrypted)
    throw new Error('Passkey token decryption failed: accessToken could not be decrypted')
  if (!refreshDecrypted)
    throw new Error('Passkey token decryption failed: refreshToken could not be decrypted')
  return {
    ...record,
    accessToken: accessDecrypted,
    refreshToken: refreshDecrypted,
  }
}