import { env } from "@config/env.js";
import { vaultSecrets } from "@config/vault-secrets.js";
import jwt from "jsonwebtoken";
import { logger } from "../config/logger.js";
/**
* Utility functions for JWT token operations.
* @category Helpers
*/
export class JwtUtils {
/**
* Generate a JWT access token.
* @param {IUser} user User object containing user information.
* @returns {string} JWT access token.
*/
static generateAccessToken(user) {
try {
const JWT_SECRET = vaultSecrets.get("JWT_SECRET");
const payload = {
userId: user._id.toString(),
email: user.email,
name: user.name,
role: user.role,
avatar: user.avatar,
};
return jwt.sign(payload, JWT_SECRET, {
expiresIn: env.JWT_EXPIRES_IN,
});
}
catch (error) {
logger.error({
error,
message: "Access token generation failed",
});
throw error;
}
}
/**
* Generate a JWT refresh token.
* @param {string} userId User ID for the refresh token.
* @returns {string} JWT refresh token.
*/
static generateRefreshToken(userId) {
try {
return jwt.sign({ userId }, env.JWT_REFRESH_SECRET, {
expiresIn: env.JWT_REFRESH_EXPIRES_IN,
});
}
catch (error) {
logger.error({
error,
message: "Refresh token generation failed",
});
throw error;
}
}
/**
* Generate both access and refresh tokens.
* @param {IUser} user User object containing user information.
* @returns {{accessToken: string, refreshToken: string}} Object containing both tokens.
*/
static generateTokens(user) {
try {
const accessToken = this.generateAccessToken(user);
const refreshToken = this.generateRefreshToken(user._id.toString());
return { accessToken, refreshToken };
}
catch (error) {
logger.error({
error,
message: "Token generation failed",
});
throw error;
}
}
/**
* Verify a JWT access token.
* @param {string} token JWT access token to verify.
* @returns {jwt.JwtPayload} Decoded token payload.
*/
static verifyAccessToken(token) {
try {
const JWT_SECRET = vaultSecrets.get("JWT_SECRET");
const decoded = jwt.verify(token, JWT_SECRET);
if (typeof decoded === "string") {
throw new Error("Invalid token");
}
return decoded;
}
catch (error) {
logger.error({
error,
message: "Access token verification failed",
});
throw error;
}
}
/**
* Verify a JWT refresh token.
* @param {string} token JWT refresh token to verify.
* @returns {jwt.JwtPayload | string} Decoded token payload.
*/
static verifyRefreshToken(token) {
try {
return jwt.verify(token, env.JWT_REFRESH_SECRET);
}
catch (error) {
logger.error({
error,
message: "Refresh token verification failed",
});
throw error;
}
}
}
Source