{ "version": 3, "sources": ["../src/JWT.ts"], "sourcesContent": ["import jsonwebtoken, { type JwtPayload, type Jwt, type VerifyOptions } from 'jsonwebtoken';\nimport { expressjwt } from 'express-jwt';\nimport { APIError, createMiddleware, type MiddlewareOptions, type MiddlewareInputContext } from '@colyseus/better-call';\nimport type { Request, Response, NextFunction } from 'express';\n\nexport type { VerifyOptions, Jwt, JwtPayload };\n\n/**\n * Type for the JWT auth middleware that works with both Express and better-call\n * Note: The better-call signature must be last for ReturnType to infer correctly\n */\nexport type JWTAuthMiddleware =\n ((req: Request, res: Response, next: NextFunction) => void) &\n { options: MiddlewareOptions } &\n ((ctx: MiddlewareInputContext) => Promise<{ auth: T }>);\n\nexport const JWT = {\n settings: {\n /**\n * The secret used to sign and verify the JWTs.\n */\n secret: undefined as jsonwebtoken.Secret,\n\n verify: {\n /**\n * The first algorithm in the list is used to sign new tokens.\n */\n algorithms: ['HS256'],\n } as VerifyOptions,\n },\n\n sign: function (payload: any, options: jsonwebtoken.SignOptions = {}) {\n return new Promise((resolve, reject) => {\n if (options.algorithm === undefined) {\n options.algorithm = JWT.settings.verify.algorithms[0];\n }\n\n jsonwebtoken.sign(payload, getJWTSecret(), options, (err, token) => {\n if (err) reject(err.message);\n resolve(token);\n });\n });\n },\n\n verify: function (token: string, options?: VerifyOptions) {\n return new Promise((resolve, reject) => {\n jsonwebtoken.verify(token, getJWTSecret(), options || JWT.settings.verify, function (err, decoded) {\n if (err) reject(err);\n resolve(decoded as T);\n });\n });\n },\n\n /**\n * Returns the decoded payload without verifying if the signature is valid\n */\n decode: jsonwebtoken.decode,\n\n /**\n * Middleware that verifies JsonWebTokens.\n * Works with both Express and better-call.\n *\n * Example (express):\n * app.get(\"/protected_route\", auth.middleware(), (req, res) => { ... });\n *\n * Example (better-call):\n * const protectedRoute = createEndpoint(\"/protected-route\", {\n * method: \"GET\",\n * use: [auth.middleware()],\n * }, async (ctx) => {\n * // ctx.context.auth contains the decoded JWT payload\n * });\n */\n middleware: function (options?: VerifyOptions): JWTAuthMiddleware {\n const expressjwtMiddleware = expressjwt(Object.assign({\n secret: getJWTSecret(),\n algorithms: JWT.settings.verify.algorithms,\n ...JWT.settings.verify,\n }, options)) as (req: Request, res: Response, next: NextFunction) => void;\n\n const betterCallMiddleware = createMiddleware<{}, { auth: T }>(async (ctx) => {\n const authHeader = ctx.getHeader('authorization');\n\n if (!authHeader) {\n throw new APIError(401, { message: 'No authorization header' });\n }\n\n const [scheme, token] = authHeader.split(' ');\n\n if (scheme?.toLowerCase() !== 'bearer' || !token) {\n throw new APIError(401, { message: 'Invalid authorization header format' });\n }\n\n try {\n const decoded = await JWT.verify(token, options);\n return { auth: decoded };\n } catch (err: any) {\n throw new APIError(401, { message: err.message || 'Invalid token' });\n }\n });\n\n // Create wrapper function that works with both Express and better-call\n const middleware = function (reqOrCtx: any, res?: Response, next?: NextFunction) {\n if (arguments.length === 3) {\n // Express middleware: (req, res, next)\n return expressjwtMiddleware(reqOrCtx, res!, next!);\n } else {\n // better-call middleware: (ctx)\n return betterCallMiddleware(reqOrCtx);\n }\n };\n\n // Copy over the options property for better-call middleware compatibility\n (middleware as any).options = (betterCallMiddleware as any).options;\n\n return middleware as JWTAuthMiddleware;\n },\n};\n\nfunction getJWTSecret() {\n JWT.settings.secret ||= process.env.JWT_SECRET;\n\n if (!JWT.settings.secret) {\n console.error(\"\u274C Please provide 'JWT_SECRET' environment variable, or set 'JWT.settings.secret'.\");\n }\n\n return JWT.settings.secret;\n}"], "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,0BAA4E;AAC5E,yBAA2B;AAC3B,yBAAgG;AAczF,IAAM,MAAM;AAAA,EACjB,UAAU;AAAA;AAAA;AAAA;AAAA,IAIR,QAAQ;AAAA,IAER,QAAQ;AAAA;AAAA;AAAA;AAAA,MAIN,YAAY,CAAC,OAAO;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,MAAM,SAAU,SAAc,UAAoC,CAAC,GAAG;AACpE,WAAO,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9C,UAAI,QAAQ,cAAc,QAAW;AACnC,gBAAQ,YAAY,IAAI,SAAS,OAAO,WAAW,CAAC;AAAA,MACtD;AAEA,0BAAAA,QAAa,KAAK,SAAS,aAAa,GAAG,SAAS,CAAC,KAAK,UAAU;AAClE,YAAI,IAAK,QAAO,IAAI,OAAO;AAC3B,gBAAQ,KAAK;AAAA,MACf,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EAEA,QAAQ,SAAyC,OAAe,SAAyB;AACvF,WAAO,IAAI,QAAW,CAAC,SAAS,WAAW;AACzC,0BAAAA,QAAa,OAAO,OAAO,aAAa,GAAG,WAAW,IAAI,SAAS,QAAQ,SAAU,KAAK,SAAS;AACjG,YAAI,IAAK,QAAO,GAAG;AACnB,gBAAQ,OAAY;AAAA,MACtB,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,QAAQ,oBAAAA,QAAa;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBrB,YAAY,SAA0B,SAA+C;AACnF,UAAM,2BAAuB,+BAAW,OAAO,OAAO;AAAA,MACpD,QAAQ,aAAa;AAAA,MACrB,YAAY,IAAI,SAAS,OAAO;AAAA,MAChC,GAAG,IAAI,SAAS;AAAA,IAClB,GAAG,OAAO,CAAC;AAEX,UAAM,2BAAuB,qCAAkC,OAAO,QAAQ;AAC5E,YAAM,aAAa,IAAI,UAAU,eAAe;AAEhD,UAAI,CAAC,YAAY;AACf,cAAM,IAAI,4BAAS,KAAK,EAAE,SAAS,0BAA0B,CAAC;AAAA,MAChE;AAEA,YAAM,CAAC,QAAQ,KAAK,IAAI,WAAW,MAAM,GAAG;AAE5C,UAAI,QAAQ,YAAY,MAAM,YAAY,CAAC,OAAO;AAChD,cAAM,IAAI,4BAAS,KAAK,EAAE,SAAS,sCAAsC,CAAC;AAAA,MAC5E;AAEA,UAAI;AACF,cAAM,UAAU,MAAM,IAAI,OAAU,OAAO,OAAO;AAClD,eAAO,EAAE,MAAM,QAAQ;AAAA,MACzB,SAAS,KAAU;AACjB,cAAM,IAAI,4BAAS,KAAK,EAAE,SAAS,IAAI,WAAW,gBAAgB,CAAC;AAAA,MACrE;AAAA,IACF,CAAC;AAGD,UAAM,aAAa,SAAU,UAAe,KAAgB,MAAqB;AAC/E,UAAI,UAAU,WAAW,GAAG;AAE1B,eAAO,qBAAqB,UAAU,KAAM,IAAK;AAAA,MACnD,OAAO;AAEL,eAAO,qBAAqB,QAAQ;AAAA,MACtC;AAAA,IACF;AAGA,IAAC,WAAmB,UAAW,qBAA6B;AAE5D,WAAO;AAAA,EACT;AACF;AAEA,SAAS,eAAe;AACtB,MAAI,SAAS,WAAW,QAAQ,IAAI;AAEpC,MAAI,CAAC,IAAI,SAAS,QAAQ;AACxB,YAAQ,MAAM,wFAAmF;AAAA,EACnG;AAEA,SAAO,IAAI,SAAS;AACtB;", "names": ["jsonwebtoken"] }