bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(platform-service): auth/jwt.ts — productId from caller, issuer → 'bytelyst-platform'

Browse Source 
- createAccessToken() and createRefreshToken() now require productId parameter
- Issuer changed from PRODUCT_ID env var to generic 'bytelyst-platform'
- verifyToken() validates against 'bytelyst-platform' issuer
- auth/routes.ts callers updated to pass productId (still from PRODUCT_ID env var for now)
- Refresh endpoint reads productId from user doc
This commit is contained in:
saravanakumardb1 2026-02-15 14:16:49 -08:00
parent 465d429e09
commit 8cc70db676
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
services/platform-service/src/modules/auth/jwt.ts
View File

@ -4,7 +4,6 @@
*/ */
import { SignJWT, jwtVerify } from 'jose'; import { SignJWT, jwtVerify } from 'jose';
import { PRODUCT_ID } from '../../lib/product-config.js';
function getSecret(): Uint8Array { function getSecret(): Uint8Array {
const secret = process.env.JWT_SECRET; const secret = process.env.JWT_SECRET;
@ -16,21 +15,25 @@ export async function createAccessToken(payload: {
sub: string; sub: string;
email: string; email: string;
role: string; role: string;
productId: string;
}): Promise<string> { }): Promise<string> {
return new SignJWT({ ...payload, productId: PRODUCT_ID, type: 'access' }) return new SignJWT({ ...payload, type: 'access' })
.setProtectedHeader({ alg: 'HS256' }) .setProtectedHeader({ alg: 'HS256' })
.setIssuedAt() .setIssuedAt()
.setExpirationTime('1h') .setExpirationTime('1h')
.setIssuer(PRODUCT_ID) .setIssuer('bytelyst-platform')
.sign(getSecret()); .sign(getSecret());
} }
export async function createRefreshToken(payload: { sub: string }): Promise<string> { export async function createRefreshToken(payload: {
return new SignJWT({ sub: payload.sub, productId: PRODUCT_ID, type: 'refresh' }) sub: string;
productId: string;
}): Promise<string> {
return new SignJWT({ sub: payload.sub, productId: payload.productId, type: 'refresh' })
.setProtectedHeader({ alg: 'HS256' }) .setProtectedHeader({ alg: 'HS256' })
.setIssuedAt() .setIssuedAt()
.setExpirationTime('7d') .setExpirationTime('7d')
.setIssuer(PRODUCT_ID) .setIssuer('bytelyst-platform')
.sign(getSecret()); .sign(getSecret());
} }
@ -42,7 +45,7 @@ export async function verifyToken(token: string): Promise<{
type?: string; type?: string;
}> { }> {
const { payload } = await jwtVerify(token, getSecret(), { const { payload } = await jwtVerify(token, getSecret(), {
issuer: PRODUCT_ID, issuer: 'bytelyst-platform',
}); });
return payload as { return payload as {
sub: string; sub: string;

7
services/platform-service/src/modules/auth/routes.ts
View File

@ -36,8 +36,9 @@ export async function authRoutes(app: FastifyInstance) {
sub: user.id, sub: user.id,
email: user.email, email: user.email,
role: user.role, role: user.role,
productId: PRODUCT_ID,
}); });
const refreshToken = await jwt.createRefreshToken({ sub: user.id }); const refreshToken = await jwt.createRefreshToken({ sub: user.id, productId: PRODUCT_ID });
return { return {
accessToken, accessToken,
@ -76,8 +77,9 @@ export async function authRoutes(app: FastifyInstance) {
sub: user.id, sub: user.id,
email: user.email, email: user.email,
role: user.role, role: user.role,
productId: PRODUCT_ID,
}); });
const refreshToken = await jwt.createRefreshToken({ sub: user.id }); const refreshToken = await jwt.createRefreshToken({ sub: user.id, productId: PRODUCT_ID });
reply.code(201); reply.code(201);
return { return {
@ -104,6 +106,7 @@ export async function authRoutes(app: FastifyInstance) {
sub: user.id, sub: user.id,
email: user.email, email: user.email,
role: user.role, role: user.role,
productId: user.productId,
}); });
return { accessToken }; return { accessToken };
} catch { } catch {