@anteros/core 0.0.1-alpha.3 → 0.0.1-alpha.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/server/hono.ts +16 -10
  3. package/utils/func.ts +25 -18
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@anteros/core",
3
3
  "module": "index.ts",
4
- "version": "0.0.1-alpha.3",
4
+ "version": "0.0.1-alpha.5",
5
5
  "type": "module",
6
6
  "description": "Anteros Core",
7
7
  "private": false,
package/server/hono.ts CHANGED
@@ -129,16 +129,22 @@ function createApp(): Hono<{ Variables: HonoVariables }> {
129
129
  })
130
130
  const bearer = c.req.header('Authorization')?.replace('Bearer ', '');
131
131
  if (bearer) {
132
- const { value, error } = await jwt.verify(bearer);
133
- const isValid = !error && value != null;
134
- const isExpired = !!error && error.toLowerCase().includes('exp');
135
-
136
- const tokenData = {
137
- value: bearer,
138
- decoded: isValid ? (value as Record<string, unknown>) : null,
139
- provided: true,
140
- expired: isExpired || (value != null && typeof (value as any)?.exp === 'number' && (value as any).exp * 1000 < Date.now()),
141
- };
132
+ let tokenData: { value: string | null; decoded: Record<string, unknown> | null; provided: boolean; expired: boolean };
133
+ try {
134
+ const { value, error } = await jwt.verify(bearer);
135
+ const isValid = !error && value != null;
136
+ const isExpired = !!error && error.toLowerCase().includes('exp');
137
+
138
+ tokenData = {
139
+ value: bearer,
140
+ decoded: isValid ? (value as Record<string, unknown>) : null,
141
+ provided: true,
142
+ expired: isExpired || (value != null && typeof (value as any)?.exp === 'number' && (value as any).exp * 1000 < Date.now()),
143
+ };
144
+ } catch {
145
+ // Malformed token — treat as invalid, don't crash
146
+ tokenData = { value: null, decoded: null, provided: true, expired: true };
147
+ }
142
148
 
143
149
  requestCtxStorage.set('token', tokenData);
144
150
  c.set('token', tokenData);
package/utils/func.ts CHANGED
@@ -19,22 +19,29 @@ const jwt = {
19
19
  audience?: string | string[];
20
20
  subject?: string;
21
21
  }) => {
22
- let SECRET_ = cfg.server.jwt?.secret || Bun.env.JWT_SECRET
23
- if (!SECRET_) throw new Error('JWT_SECRET is not set');
24
- let EXPIRES_IN = cfg.server.jwt?.expiresIn || '1h'
25
-
26
- const secret = new TextEncoder().encode(SECRET_);
27
- const signer = new Jose.SignJWT(payload)
28
- .setProtectedHeader({ alg: 'HS256' })
29
- .setIssuedAt()
30
- .setExpirationTime(EXPIRES_IN || '1h')
31
-
32
- if (options?.issuer) signer.setIssuer(options.issuer)
33
- if (options?.audience) signer.setAudience(options.audience)
34
- if (options?.subject) signer.setSubject(options.subject)
35
-
36
- const token = await signer.sign(secret);
37
- return token;
22
+ try {
23
+ let SECRET_ = cfg.server.jwt?.secret || Bun.env.JWT_SECRET
24
+ if (!SECRET_) throw new Error('JWT_SECRET is not set');
25
+ let EXPIRES_IN = cfg.server.jwt?.expiresIn || '1h'
26
+
27
+ const secret = new TextEncoder().encode(SECRET_);
28
+ const signer = new Jose.SignJWT(payload)
29
+ .setProtectedHeader({ alg: 'HS256' })
30
+ .setIssuedAt()
31
+ .setExpirationTime(EXPIRES_IN || '1h')
32
+
33
+ if (options?.issuer) signer.setIssuer(options.issuer)
34
+ if (options?.audience) signer.setAudience(options.audience)
35
+ if (options?.subject) signer.setSubject(options.subject)
36
+
37
+ const token = await signer.sign(secret);
38
+ return token;
39
+ } catch (err: any) {
40
+ throw new AppError(err?.message || 'Failed to sign token', {
41
+ code: 'JWT_SIGN_ERROR',
42
+ status: 500,
43
+ });
44
+ }
38
45
  },
39
46
  verify: async (token: string): Promise<{ value: Record<string, unknown> | null, error: string | null }> => {
40
47
  try {
@@ -47,10 +54,10 @@ const jwt = {
47
54
  value: payload,
48
55
  error: null
49
56
  }
50
- } catch (error) {
57
+ } catch (err: any) {
51
58
  return {
52
59
  value: null,
53
- error: error instanceof Error ? error.message : 'Invalid token'
60
+ error: err instanceof Error ? err.message : String(err)
54
61
  }
55
62
  }
56
63
  }