From 8cc70db676f74f0af008a7b9abf4299975a50675 Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Sun, 15 Feb 2026 14:16:49 -0800 Subject: [PATCH] =?UTF-8?q?refactor(platform-service):=20auth/jwt.ts=20?= =?UTF-8?q?=E2=80=94=20productId=20from=20caller,=20issuer=20=E2=86=92=20'?= =?UTF-8?q?bytelyst-platform'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - createAccessToken() and createRefreshToken() now require productId parameter - Issuer changed from PRODUCT_ID env var to generic 'bytelyst-platform' - verifyToken() validates against 'bytelyst-platform' issuer - auth/routes.ts callers updated to pass productId (still from PRODUCT_ID env var for now) - Refresh endpoint reads productId from user doc --- .../platform-service/src/modules/auth/jwt.ts | 17 ++++++++++------- .../platform-service/src/modules/auth/routes.ts | 7 +++++-- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/services/platform-service/src/modules/auth/jwt.ts b/services/platform-service/src/modules/auth/jwt.ts index 4ca42e84..2428224a 100644 --- a/services/platform-service/src/modules/auth/jwt.ts +++ b/services/platform-service/src/modules/auth/jwt.ts @@ -4,7 +4,6 @@ */ import { SignJWT, jwtVerify } from 'jose'; -import { PRODUCT_ID } from '../../lib/product-config.js'; function getSecret(): Uint8Array { const secret = process.env.JWT_SECRET; @@ -16,21 +15,25 @@ export async function createAccessToken(payload: { sub: string; email: string; role: string; + productId: string; }): Promise { - return new SignJWT({ ...payload, productId: PRODUCT_ID, type: 'access' }) + return new SignJWT({ ...payload, type: 'access' }) .setProtectedHeader({ alg: 'HS256' }) .setIssuedAt() .setExpirationTime('1h') - .setIssuer(PRODUCT_ID) + .setIssuer('bytelyst-platform') .sign(getSecret()); } -export async function createRefreshToken(payload: { sub: string }): Promise { - return new SignJWT({ sub: payload.sub, productId: PRODUCT_ID, type: 'refresh' }) +export async function createRefreshToken(payload: { + sub: string; + productId: string; +}): Promise { + return new SignJWT({ sub: payload.sub, productId: payload.productId, type: 'refresh' }) .setProtectedHeader({ alg: 'HS256' }) .setIssuedAt() .setExpirationTime('7d') - .setIssuer(PRODUCT_ID) + .setIssuer('bytelyst-platform') .sign(getSecret()); } @@ -42,7 +45,7 @@ export async function verifyToken(token: string): Promise<{ type?: string; }> { const { payload } = await jwtVerify(token, getSecret(), { - issuer: PRODUCT_ID, + issuer: 'bytelyst-platform', }); return payload as { sub: string; diff --git a/services/platform-service/src/modules/auth/routes.ts b/services/platform-service/src/modules/auth/routes.ts index 7680a577..65d61b8b 100644 --- a/services/platform-service/src/modules/auth/routes.ts +++ b/services/platform-service/src/modules/auth/routes.ts @@ -36,8 +36,9 @@ export async function authRoutes(app: FastifyInstance) { sub: user.id, email: user.email, role: user.role, + productId: PRODUCT_ID, }); - const refreshToken = await jwt.createRefreshToken({ sub: user.id }); + const refreshToken = await jwt.createRefreshToken({ sub: user.id, productId: PRODUCT_ID }); return { accessToken, @@ -76,8 +77,9 @@ export async function authRoutes(app: FastifyInstance) { sub: user.id, email: user.email, role: user.role, + productId: PRODUCT_ID, }); - const refreshToken = await jwt.createRefreshToken({ sub: user.id }); + const refreshToken = await jwt.createRefreshToken({ sub: user.id, productId: PRODUCT_ID }); reply.code(201); return { @@ -104,6 +106,7 @@ export async function authRoutes(app: FastifyInstance) { sub: user.id, email: user.email, role: user.role, + productId: user.productId, }); return { accessToken }; } catch {