🔒 Improve JWT system

vbetsch · Apr 8, 2024 · 5455f47 · 5455f47
1 parent 1f9c3fe
commit 5455f47
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/.env.local.example b/.env.local.example
@@ -1,4 +1,5 @@
 MONGODB_URI=
 MONGO_DATABASE=
 API_TOKEN=
+SECRET_JWT=
 REACT_EDITOR=
diff --git a/pages/api/auth/signin.ts b/pages/api/auth/signin.ts
@@ -96,7 +96,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
 			}
 
 			try {
-				token = await signJwt('SECRET_JWT', userFound);
+				token = await signJwt(userFound);
 			} catch (e) {
 				const errorMessage: string = 'Unable to create jwt';
 				console.error(`ERROR: ${errorMessage} -> ${e instanceof Error ? e.message : e}`);

diff --git a/src/services/jsonwebtoken.ts b/src/services/jsonwebtoken.ts
@@ -1,11 +1,13 @@
-import jwt from 'jsonwebtoken';
-
-const signJwt = async (
-	key: string,
-	value: string | object,
-	options: jwt.SignOptions | undefined = undefined,
-): Promise<string> => {
-	return jwt.sign(value, key, options);
+import jwt, { JwtPayload } from 'jsonwebtoken';
+
+const SECRET_JWT: string = process.env.SECRET_JWT || 'SECRET_JWT';
+
+const signJwt = async (value: string | object, options: jwt.SignOptions | undefined = undefined): Promise<string> => {
+	return jwt.sign(value, SECRET_JWT, options);
+};
+
+const verifyJwt = async (token: string): Promise<JwtPayload | string> => {
+	return jwt.verify(token, SECRET_JWT);
 };
 
-export { signJwt };
+export { signJwt, verifyJwt };