64 lines
1.4 KiB
TypeScript
64 lines
1.4 KiB
TypeScript
import jwt from "jsonwebtoken";
|
|
import type { JWTPayload, UserRole } from "../types/user.js";
|
|
import { logger } from "../monitoring/logger.js";
|
|
|
|
const JWT_SECRET =
|
|
process.env.JWT_SECRET || "your-secret-key-change-in-production";
|
|
const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "7d";
|
|
|
|
/**
|
|
* Erstellt ein JWT Token für einen User
|
|
*/
|
|
export function createToken(payload: JWTPayload): string {
|
|
return jwt.sign(payload, JWT_SECRET, {
|
|
expiresIn: JWT_EXPIRES_IN,
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Verifiziert ein JWT Token
|
|
*/
|
|
export function verifyToken(token: string): JWTPayload | null {
|
|
try {
|
|
const decoded = jwt.verify(token, JWT_SECRET) as JWTPayload;
|
|
return decoded;
|
|
} catch (error) {
|
|
logger.warn("JWT verification failed", { error });
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Extrahiert Token aus Authorization Header
|
|
*/
|
|
export function extractTokenFromHeader(
|
|
authHeader: string | null
|
|
): string | null {
|
|
if (!authHeader) return null;
|
|
|
|
// Format: "Bearer <token>"
|
|
const parts = authHeader.split(" ");
|
|
if (parts.length !== 2 || parts[0] !== "Bearer") {
|
|
return null;
|
|
}
|
|
|
|
return parts[1];
|
|
}
|
|
|
|
/**
|
|
* Prüft ob User eine bestimmte Rolle hat
|
|
*/
|
|
export function hasRole(
|
|
userRole: UserRole,
|
|
requiredRoles: UserRole[]
|
|
): boolean {
|
|
return requiredRoles.includes(userRole);
|
|
}
|
|
|
|
/**
|
|
* Prüft ob User Admin ist
|
|
*/
|
|
export function isAdmin(userRole: UserRole): boolean {
|
|
return userRole === UserRole.ADMIN;
|
|
}
|