feat: add jwt adapter

Author: Vicentesan

libs/jwt-adapter/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@palmares/jwt-auth",
+  "version": "0.0.0",
+  "description": "A robust and versatile JWT authentication module designed for seamless integration with Palmares applications",
+  "main": "./dist/src/index.cjs",
+  "module": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
+  "files": [
+    "dist",
+    "package.json",
+    "README.md",
+    "CHANGELOG.md"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js",
+      "require": "./dist/src/index.cjs"
+    }
+  },
+  "scripts": {
+    "clear": "rimraf ./dist",
+    "build:types": "tsc --project tsconfig.types.json",
+    "build:cjs:esm": "tsup ./src --out-dir ./dist/src --format cjs,esm --silent --no-splitting",
+    "build": "pnpm run clear && pnpm run build:cjs:esm && pnpm run build:types",
+    "build:types:watch": "tsc --project tsconfig.types.json --watch --preserveWatchOutput",
+    "build:cjs:esm:watch": "tsup ./src --out-dir ./dist/src --format cjs,esm --watch --silent --no-splitting",
+    "build:watch": "pnpm run build:types:watch & pnpm run build:cjs:esm:watch"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/palmaresHQ/palmares.git"
+  },
+  "keywords": [
+    "palmares",
+    "jwt",
+    "authentication"
+  ],
+  "type": "module",
+  "author": "Vicente Sanchez",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/palmaresHQ/palmares/issues"
+  },
+  "homepage": "https://github.com/palmaresHQ/palmares#readme",
+  "dependencies": {
+    "@palmares/auth": "workspace:*",
+    "@palmares/core": "workspace:*",
+    "@palmares/events": "workspace:*",
+    "@palmares/logging": "workspace:*"
+  },
+  "peerDependencies": {
+    "jose": "^6.0.8",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "devDependencies": {
+    "@types/jsonwebtoken": "^9.0.9"
+  }
+}

libs/jwt-adapter/src/adapter.ts

@@ -0,0 +1,100 @@
+import { authAdapter } from '@palmares/auth';
+
+import { sign } from './funcs/sign';
+import { verify } from './funcs/verify';
+
+export interface JWTPayload {
+  /**
+   * JWT Issuer
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1 RFC7519#section-4.1.1}
+   */
+  iss?: string;
+
+  /**
+   * JWT Subject
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2 RFC7519#section-4.1.2}
+   */
+  sub?: string;
+
+  /**
+   * JWT Audience
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3 RFC7519#section-4.1.3}
+   */
+  aud?: string | string[];
+
+  /**
+   * JWT ID
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7 RFC7519#section-4.1.7}
+   */
+  jti?: string;
+
+  /**
+   * JWT Not Before
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
+   */
+  nbf?: number;
+
+  /**
+   * JWT Expiration Time
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
+   */
+  exp?: number;
+
+  /**
+   * JWT Issued At
+   *
+   * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
+   */
+  iat?: number;
+
+  /** Any other JWT Claim Set member. */
+  [propName: string]: unknown;
+}
+
+export type JWTAlgorithm =
+  | 'HS256'
+  | 'HS384'
+  | 'HS512'
+  | 'RS256'
+  | 'RS384'
+  | 'RS512'
+  | 'ES256'
+  | 'ES384'
+  | 'ES512'
+  | 'PS256'
+  | 'PS384'
+  | 'PS512';
+
+export interface JWTOptions {
+  alg: JWTAlgorithm;
+  typ?: 'JWT';
+  exp: number; // in seconds
+}
+
+export const jwtAdapter = authAdapter(
+  ({ secret, library = 'jose' }: { secret: string; library?: 'jsonwebtoken' | 'jose' }) => ({
+    name: 'jwt',
+    methods: {
+      sign: (payload: JWTPayload, options: JWTOptions) =>
+        sign({
+          secret,
+          library,
+          payload,
+          options
+        }),
+      verify: (token: string, options: object) =>
+        verify({
+          secret,
+          library,
+          token,
+          options
+        })
+    }
+  })
+);

libs/jwt-adapter/src/funcs/sign.ts

@@ -0,0 +1,50 @@
+import * as jose from 'jose';
+import * as jwt from 'jsonwebtoken';
+
+import type { JWTOptions, JWTPayload } from '../adapter';
+
+export async function sign({
+  secret,
+  library,
+  payload,
+  options
+}: {
+  secret: string;
+  library: 'jsonwebtoken' | 'jose';
+  payload: JWTPayload;
+  options: JWTOptions;
+}): Promise<string> {
+  switch (library) {
+    case 'jsonwebtoken': {
+      const jwtOptions: jwt.SignOptions = {
+        algorithm: options.alg as jwt.Algorithm,
+        header: { alg: options.alg, typ: options.typ }
+      };
+      if (options.exp) {
+        jwtOptions.expiresIn = options.exp;
+      }
+
+      return new Promise((resolve, reject) => {
+        jwt.sign(payload, secret, jwtOptions, (err, token) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(token as string);
+          }
+        });
+      });
+    }
+
+    case 'jose': {
+      const encoder = new TextEncoder();
+      const jwtJose = await new jose.SignJWT(payload)
+        .setProtectedHeader({ alg: options.alg, typ: options.typ })
+        .setIssuedAt()
+        .setExpirationTime(options.exp)
+        .sign(encoder.encode(secret));
+      return jwtJose;
+    }
+    default:
+      throw new Error(`unsupported jwt library: ${library}`);
+  }
+}

libs/jwt-adapter/src/funcs/verify.ts

@@ -0,0 +1,36 @@
+import * as jose from 'jose';
+import * as jwt from 'jsonwebtoken';
+
+export async function verify({
+  secret,
+  library,
+  token,
+  options
+}: {
+  secret: string;
+  library: 'jsonwebtoken' | 'jose';
+  token: string;
+  options: object;
+}) {
+  switch (library) {
+    case 'jsonwebtoken':
+      return new Promise((resolve, reject) => {
+        jwt.verify(token, secret, options, (err, decoded) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(decoded);
+          }
+        });
+      });
+    case 'jose':
+      try {
+        const { payload } = await jose.jwtVerify(token, new TextEncoder().encode(secret), options);
+        return Promise.resolve(payload);
+      } catch (error) {
+        return Promise.reject(error);
+      }
+    default:
+      throw new Error(`Unsupported JWT library: ${library}`);
+  }
+}

libs/jwt-adapter/src/index.ts

@@ -0,0 +1,8 @@
+import { jwtAdapter } from './adapter';
+
+export { JWTAlgorithm, JWTOptions, JWTPayload } from './adapter';
+export { sign } from './funcs/sign';
+export { verify } from './funcs/verify';
+
+export { jwtAdapter };
+export { jwtAdapter as default };

libs/jwt-adapter/tsconfig.json

@@ -0,0 +1,11 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "declaration": true,
+    "noErrorTruncation": false,
+    "outDir": "./dist",
+    "types": ["node"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["**/*.spec.ts"]
+}

libs/jwt-adapter/tsconfig.types.json

@@ -0,0 +1,12 @@
+{
+  "extends": "../../build/tsconfig.types.json",
+  "compilerOptions": {
+    "declaration": true, /* Generate d.ts files */
+    "emitDeclarationOnly": true,
+    "module": "system",
+    "rootDir": "./src",
+    "outDir": "./dist/src",
+    "types": ["node"]
+  },
+  "include": ["src/**/*"]
+}