chore: improve TokenAndClaims

Author: mabels

core/protocols/dashboard/msg-types.ts

@@ -1,5 +1,5 @@
 import { JWKPublic } from "@fireproof/core-types-base";
-import { ReadWrite, Role, TenantLedger } from "@fireproof/core-types-protocols-cloud";
+import { FPCloudClaim, ReadWrite, Role, TenantLedger } from "@fireproof/core-types-protocols-cloud";
 import type { DeviceIdCA } from "@fireproof/core-device-id";
 
 export type AuthProvider = "github" | "google" | "fp" | "invite-per-email";
@@ -540,4 +540,5 @@ export interface ResEnsureCloudToken {
   readonly ledger: string;
   readonly expiresInSec: number;
   readonly expiresDate: string; // ISO string
+  readonly claims: FPCloudClaim;
 }

core/types/protocols/cloud/gateway-control.ts

@@ -7,13 +7,21 @@ export interface ToCloudAttachable extends Attachable {
   readonly opts: ToCloudOpts;
 }
 
+export interface ResEnsureCloudToken {
+  readonly type: "resEnsureCloudToken";
+  readonly cloudToken: string;
+  readonly appId: string;
+  readonly tenant: string;
+  readonly ledger: string;
+  readonly expiresInSec: number;
+  readonly expiresDate: string; // ISO string
+  readonly claims: FPCloudClaim;
+}
+
 export interface TokenAndClaims {
   readonly token: string;
-  readonly claims?: FPCloudClaim;
-  //   readonly exp: number;
-  //   readonly tenant?: string;
-  //   readonly ledger?: string;
-  // };
+  readonly claims: FPCloudClaim;
+  readonly res?: ResEnsureCloudToken;
 }
 
 export interface TokenStrategie {

core/types/protocols/cloud/msg-types.zod.ts

@@ -35,7 +35,7 @@ export const FPCloudClaimSchema = JWTPayloadSchema.extend({
   email: z.email(),
   nickname: z.string().optional(),
   provider: z.enum(["github", "google"]).optional(),
-  created: z.date(),
+  created: z.coerce.date(),
   tenants: z.array(TenantClaimSchema),
   ledgers: z.array(LedgerClaimSchema),
   selected: TenantLedgerSchema,

dashboard/backend/public/ensure-cloud-token.ts

@@ -1,6 +1,6 @@
 import { Result } from "@adviser/cement";
 import { DashAuthType, ReqEnsureCloudToken, ResEnsureCloudToken } from "@fireproof/core-protocols-dashboard";
-import { FPCloudClaim } from "@fireproof/core-types-protocols-cloud";
+import { FPCloudClaimSchema } from "@fireproof/core-types-protocols-cloud";
 import { eq, and, count } from "drizzle-orm";
 import { sqlAppIdBinding } from "../sql/app-id-bind.js";
 import { sqlLedgers, sqlLedgerUsers } from "../sql/ledgers.js";
@@ -9,6 +9,7 @@ import { getFPTokenContext, createFPToken, toProvider } from "../utils/index.js"
 import { createLedger } from "./create-ledger.js";
 import { ensureUser } from "./ensure-user.js";
 import { listLedgersByUser } from "./list-ledgers-by-user.js";
+import { decodeJwt } from "jose";
 
 function getAppIdBinding<T extends DashAuthType>(
   ctx: FPApiSQLCtx,
@@ -143,7 +144,8 @@ export async function ensureCloudToken(
       tenant: tenantId,
       ledger: ledgerId,
     },
-  } satisfies FPCloudClaim);
+  });
+  const claims = FPCloudClaimSchema.parse(decodeJwt(cloudToken.token));
   return Result.Ok({
     type: "resEnsureCloudToken",
     cloudToken: cloudToken.token,
@@ -152,5 +154,6 @@ export async function ensureCloudToken(
     ledger: ledgerId,
     expiresInSec: cloudToken.expiresInSec,
     expiresDate: cloudToken.expiresDate.toISOString(),
+    claims,
   });
 }