first commit

utils/jwt.js

@@ -0,0 +1,120 @@
+import jwt from "jsonwebtoken";
+import { config } from "../config/index.js";
+
+/**
+ * Generate an access token
+ * @param {Object} payload - The payload to encode in the token
+ * @returns {string} The generated access token
+ */
+export const generateAccessToken = (payload) => {
+  return jwt.sign(payload, config.jwt.accessSecret, {
+    expiresIn: config.jwt.accessExpiry,
+    issuer: "turbotrades",
+    audience: "turbotrades-api",
+  });
+};
+
+/**
+ * Generate a refresh token
+ * @param {Object} payload - The payload to encode in the token
+ * @returns {string} The generated refresh token
+ */
+export const generateRefreshToken = (payload) => {
+  return jwt.sign(payload, config.jwt.refreshSecret, {
+    expiresIn: config.jwt.refreshExpiry,
+    issuer: "turbotrades",
+    audience: "turbotrades-api",
+  });
+};
+
+/**
+ * Generate both access and refresh tokens
+ * @param {Object} user - The user object
+ * @returns {Object} Object containing both tokens
+ */
+export const generateTokenPair = (user) => {
+  const payload = {
+    userId: user._id.toString(),
+    steamId: user.steamId,
+    username: user.username,
+    avatar: user.avatar,
+    staffLevel: user.staffLevel || 0,
+  };
+
+  return {
+    accessToken: generateAccessToken(payload),
+    refreshToken: generateRefreshToken(payload),
+  };
+};
+
+/**
+ * Verify an access token
+ * @param {string} token - The token to verify
+ * @returns {Object} The decoded token payload
+ */
+export const verifyAccessToken = (token) => {
+  try {
+    return jwt.verify(token, config.jwt.accessSecret, {
+      issuer: "turbotrades",
+      audience: "turbotrades-api",
+    });
+  } catch (error) {
+    throw new Error(`Invalid access token: ${error.message}`);
+  }
+};
+
+/**
+ * Verify a refresh token
+ * @param {string} token - The token to verify
+ * @returns {Object} The decoded token payload
+ */
+export const verifyRefreshToken = (token) => {
+  try {
+    return jwt.verify(token, config.jwt.refreshSecret, {
+      issuer: "turbotrades",
+      audience: "turbotrades-api",
+    });
+  } catch (error) {
+    throw new Error(`Invalid refresh token: ${error.message}`);
+  }
+};
+
+/**
+ * Decode a token without verification (useful for debugging)
+ * @param {string} token - The token to decode
+ * @returns {Object|null} The decoded token or null if invalid
+ */
+export const decodeToken = (token) => {
+  try {
+    return jwt.decode(token);
+  } catch (error) {
+    return null;
+  }
+};
+
+/**
+ * Check if a token is expired
+ * @param {string} token - The token to check
+ * @returns {boolean} True if expired, false otherwise
+ */
+export const isTokenExpired = (token) => {
+  try {
+    const decoded = jwt.decode(token);
+    if (!decoded || !decoded.exp) {
+      return true;
+    }
+    return Date.now() >= decoded.exp * 1000;
+  } catch (error) {
+    return true;
+  }
+};
+
+export default {
+  generateAccessToken,
+  generateRefreshToken,
+  generateTokenPair,
+  verifyAccessToken,
+  verifyRefreshToken,
+  decodeToken,
+  isTokenExpired,
+};