npm - @nitrotool/jwt - Versions diffs - 0.0.8 → 1.0.1 - Mend

@nitrotool/jwt 0.0.8 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +115 -43
package/dist/core/index.d.mts +11 -0
package/dist/core/index.d.ts +11 -0
package/dist/core/index.mjs +26 -0
package/dist/{h3.d.mts → h3/index.d.mts} +4 -2
package/dist/{h3.d.ts → h3/index.d.ts} +4 -2
package/dist/{h3.mjs → h3/index.mjs} +9 -3
package/dist/index.d.mts +8 -3
package/dist/index.d.ts +8 -3
package/dist/index.mjs +7 -4
package/dist/module.d.mts +9 -0
package/dist/module.d.ts +9 -0
package/dist/module.mjs +72 -0
package/dist/runtime/server/index.d.mts +16 -0
package/dist/runtime/server/index.d.ts +16 -0
package/dist/runtime/server/index.mjs +17 -0
package/dist/runtime/server/nitro/plugin.d.mts +3 -0
package/dist/runtime/server/nitro/plugin.d.ts +3 -0
package/dist/runtime/server/nitro/plugin.mjs +10 -0
package/dist/runtime/server/nitro/utils/index.d.mts +6 -0
package/dist/runtime/server/nitro/utils/index.d.ts +6 -0
package/dist/runtime/server/nitro/utils/index.mjs +8 -0
package/dist/shared/jwt.Cd03UmUN.mjs +8 -0
package/dist/shared/jwt.Cgq_6NMU.mjs +16 -0
package/package.json +38 -7
package/dist/jwt.d.mts +0 -16
package/dist/jwt.d.ts +0 -16
package/dist/jwt.mjs +0 -52

package/README.md CHANGED Viewed

@@ -1,77 +1,149 @@
 # @nitrotool/jwt
-Lightweight JWT utilities for Nitro/UnJS environments with optional h3 helpers.
+Lightweight JWT utilities for Nuxt/Nitro/UnJS environments **with built-in h3 helpers**.
 - Built on `@tsndr/cloudflare-worker-jwt`
 - Helpers that read `jwtSecret` from your Nitro runtime config
-- h3 utilities to extract tokens from requests and enforce authentication
+- Batteries included with h3 utilities to extract tokens from requests and enforce authentication
+Learn more about JWT and how it works:
+- [What is a JWT?](https://www.jwt.io/introduction#what-is-json-web-token)
+- [JWT.io](https://jwt.io/)
 ## Installation
+```bash
+pnpm install @nitrotool/jwt
+```
 ```bash
 npm install @nitrotool/jwt
 ```
-Peer dependency:
-- `h3` is required only when using the h3 helpers.
+Required peer dependency:
+- `h3` (this package expects `h3` to be present)
+## Nuxt setup
+```ts
+export default defineNuxtConfig({
+    modules: ['@nitrotool/jwt'],
+    //You can also
+    jwt: {
+        //default secret (only use this locally, and override it in prod)
+        secret: 'some-random-secret-yes-it-is-not-very-secure',
+        // Alternatively also available as NUXT_JWT_SECRET env var
+    },
+});
+```
+### Usage with Nuxt 3/4
+> This is available all places where auto-imported can be used on the server-side.
+```ts
+type MyClaims = { tenantId: string };
+const token = await encodeJwt<MyClaims>({tenantId: '123', sub: '123'});
+// Later…
+const isValid = await verifyJwt(token);
+const payload = await decodeJwt<MyClaims>(token);
+// or
+export default defineEventHandler(async (event) => {
+    const jwt = await requireJwt(event);
+    // you now have access to a required JWT token via Authorization bearer header.
+})
+```
 ## Importing
-You can import from the main entry or subpath exports:
+Import from the main entry or subpaths:
 ```ts
-// Main (all helpers)
-import { encodeJwt, verifyJwt, decodeJwt } from '@nitrotool/jwt';
+// Node-only helpers
+import {encodeJwtRaw, verifyJwtRaw, decodeJwtRaw} from '@nitrotool/jwt/core';
+// h3-only helpers
+import {extractApiToken, requireApiToken} from '@nitrotool/jwt/h3';
+```
-// Subpath (JWT-only)
-import { encodeJwtRaw, verifyJwtRaw, decodeJwtRaw } from '@nitrotool/jwt/jwt';
+## Quick Start Nitro
+### 1. Create plugin to load secret.
+```ts
+// plugins/0.jwt.ts
+import { defineNitroPlugin, useRuntimeConfig } from 'nitropack/runtime';
+import { configureJwtRuntime } from '@nitrotool/jwt';
+export default defineNitroPlugin(() => {
+    configureJwtRuntime(() => useRuntimeConfig() as any);
+});
-// Subpath (h3 helpers)
-import { extractApiToken, requireApiToken } from '@nitrotool/jwt/h3';
 ```
-## Quick Start
+### 2. Basic usage
 ```ts
-import { encodeJwt, verifyJwt, decodeJwt } from '@nitrotool/jwt';
+import {encodeJwt, verifyJwt, decodeJwt} from '@nitrotool/jwt';
-type MyClaims = { userId: string };
+type MyClaims = { tenantId: string };
+const token = await encodeJwt<MyClaims>({tenantId: '123', sub: '123'});
-const token = await encodeJwt<MyClaims>({ userId: '123' });
 // Later…
 const isValid = await verifyJwt(token);
-const payload = await decodeJwt<MyClaims>(token); // { userId: '123', exp: ... }
+const payload = await decodeJwt<MyClaims>(token); // { sub: '123', tenantId: '123', exp: ... }
 ```
 By default, non-`Raw` helpers read the secret from your runtime config:
 - `useRuntimeConfig().jwtSecret`
 If you need to pass a secret explicitly, use the `*Raw` variants.
-## Usage with h3
+### 3. In a route handler
 Extract API tokens and enforce authentication in request handlers:
+#### Require a JWT token
+```ts
+import {defineEventHandler} from 'h3';
+import {requireJwt} from '@nitrotool/jwt';
+export default defineEventHandler(async (event) => {
+    const decodedJwt = await requireJwt(event)
+})
+```
+#### Extract a JWT token manually
 ```ts
 import { defineEventHandler } from 'h3';
-import { extractApiToken, requireApiToken } from '@nitrotool/jwt/h3';
-import { decodeJwt } from '@nitrotool/jwt';
+import { extractApiToken, requireApiToken, decodeJwt } from '@nitrotool/jwt';
 export default defineEventHandler(async (event) => {
-  // Try to read token (Authorization: Bearer <token> or ?token=<token>)
-  const token = extractApiToken(event);
+    // Try to read token (Authorization: Bearer <token> or ?<queryKey>=<token>)
+    const token = extractApiToken(event, {queryKey: 'token'}); // queryKey defaults to 'token'
-  // Or strictly require it (throws UnauthenticatedError if missing)
-  const requiredToken = requireApiToken(event);
+    // Or strictly require it (throws UnauthenticatedError if missing)
+    const requiredToken = requireApiToken(event);
-  // Optionally decode/verify
-  const claims = await decodeJwt<{ userId: string }>(requiredToken);
+    // Optionally decode/verify
+    const claims = await decodeJwt<{ userId: string }>(requiredToken);
-  return { ok: true, userId: claims.userId };
+    return { ok: true, userId: claims.userId };
 });
 ```
 Supported token locations:
 - Authorization header: `Authorization: Bearer <token>`
 - Query string: `?token=<token>`
@@ -80,11 +152,11 @@ Supported token locations:
 When using non-`Raw` helpers, ensure a secret is available at runtime:
 ```ts
-// Example: Nuxt/Nitro runtime config
+// nuxt.config.ts (Nuxt/Nitro runtime config)
 export default defineNuxtConfig({
-  runtimeConfig: {
-    jwtSecret: process.env.JWT_SECRET || 'super-secret',
-  },
+    runtimeConfig: {
+        jwtSecret: 'some-random-secret-yes-it-is-not-very-secure',
+    },
 });
 ```
@@ -93,27 +165,27 @@ export default defineNuxtConfig({
 Sign with custom TTL:
 ```ts
-import { encodeJwtRaw } from '@nitrotool/jwt';
+import {encodeJwtRaw} from '@nitrotool/jwt';
 const token = await encodeJwtRaw(
-  { userId: '123', role: 'admin' },
-  process.env.JWT_SECRET!,
-  60 * 10 // 10 minutes
+    {userId: '123', role: 'admin'},
+    process.env.JWT_SECRET!,
+    60 * 10 // 10 minutes
 );
 ```
 Decode without verifying signature (use only for non-sensitive scenarios):
 ```ts
-import { decodeJwt } from '@nitrotool/jwt';
+import {decodeJwt} from '@nitrotool/jwt';
-const payload = await decodeJwt<{ userId: string }>(token, { verify: false });
+const payload = await decodeJwt<{ userId: string }>(token, {verify: false});
 ```
 Verify with an explicit secret:
 ```ts
-import { verifyJwtRaw } from '@nitrotool/jwt';
+import {verifyJwtRaw} from '@nitrotool/jwt';
 const ok = await verifyJwtRaw(token, process.env.JWT_SECRET!);
 ```
@@ -139,9 +211,9 @@ All helpers are asynchronous.
 - `encodeJwtRaw<T>(payload, secret, ttl = 60): Promise<string>`
     - Signs a token with the provided `secret`.
     - `ttl` is in seconds. Default: `60`.
-    - `exp` is set automatically from `ttl`.
+    - `exp` is set **automagically** from `ttl`.
-- `encodeJwt<T>(payload): Promise<string>`
+- `encodeJwt<T>(payload, ttl = 60): Promise<string>`
     - Same as `encodeJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
 - `verifyJwtRaw(token, secret): Promise<boolean>`
@@ -160,14 +232,15 @@ All helpers are asynchronous.
     - Throws `UnauthorizedError('Invalid JWT token.')` if verification fails.
 Types:
 - `ExtendableJwtPayload<T>` lets you define custom claims merged with standard JWT claims.
-### h3 helpers
+### h3 helpers (required)
 - `extractBearerToken(event): string | undefined`
     - Reads `Authorization` header and returns the token without `Bearer `.
-- `extractQueryToken(event): string | undefined`
+- `extractQueryToken(event, key = 'token'): string | undefined`
     - Reads `token` from the query string.
 - `extractApiToken(event): string | undefined`
@@ -176,7 +249,6 @@ Types:
 - `requireApiToken(event): string`
     - Same as `extractApiToken`, but throws `UnauthenticatedError` if missing.
 ## License
-MIT
+MIT

package/dist/core/index.d.mts ADDED Viewed

@@ -0,0 +1,11 @@
+import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
+type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
+declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttlSec?: number) => Promise<string>;
+declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
+declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, opts?: {
+    verify?: boolean;
+}) => Promise<ExtendableJwtPayload<T>>;
+export { decodeJwtRaw, encodeJwtRaw, verifyJwtRaw };
+export type { ExtendableJwtPayload };

package/dist/core/index.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
+type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
+declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttlSec?: number) => Promise<string>;
+declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
+declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, opts?: {
+    verify?: boolean;
+}) => Promise<ExtendableJwtPayload<T>>;
+export { decodeJwtRaw, encodeJwtRaw, verifyJwtRaw };
+export type { ExtendableJwtPayload };

package/dist/core/index.mjs ADDED Viewed

@@ -0,0 +1,26 @@
+import jwt from '@tsndr/cloudflare-worker-jwt';
+import { UnauthorizedError } from '@nitrotool/errors';
+const encodeJwtRaw = async (payload, secret, ttlSec = 60) => {
+  return jwt.sign(
+    { exp: Math.floor(Date.now() / 1e3) + ttlSec, ...payload },
+    secret
+  );
+};
+const verifyJwtRaw = async (token, secret) => {
+  return new Promise(async (resolve) => {
+    if (await jwt.verify(token, secret, { throwError: false })) {
+      return resolve(true);
+    }
+    return resolve(false);
+  });
+};
+const decodeJwtRaw = async (token, secret, opts = { verify: true }) => {
+  if (opts.verify) {
+    const ok = await verifyJwtRaw(token, secret);
+    if (!ok) throw UnauthorizedError("Invalid JWT token.");
+  }
+  return jwt.decode(token).payload;
+};
+export { decodeJwtRaw, encodeJwtRaw, verifyJwtRaw };

package/dist/{h3.d.mts → h3/index.d.mts} RENAMED Viewed

@@ -1,8 +1,10 @@
 import { H3Event } from 'h3';
-declare const extractBearerToken: (event: H3Event) => string;
+declare const extractBearerToken: (event: H3Event) => string | undefined;
 declare const extractQueryToken: (event: H3Event, key?: string) => string | undefined;
-declare const extractApiToken: (event: H3Event) => string | undefined;
+declare const extractApiToken: (event: H3Event, opts?: {
+    queryKey: string;
+}) => string | undefined;
 declare const requireApiToken: (event: H3Event) => string;
 export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken };

package/dist/{h3.d.ts → h3/index.d.ts} RENAMED Viewed

@@ -1,8 +1,10 @@
 import { H3Event } from 'h3';
-declare const extractBearerToken: (event: H3Event) => string;
+declare const extractBearerToken: (event: H3Event) => string | undefined;
 declare const extractQueryToken: (event: H3Event, key?: string) => string | undefined;
-declare const extractApiToken: (event: H3Event) => string | undefined;
+declare const extractApiToken: (event: H3Event, opts?: {
+    queryKey: string;
+}) => string | undefined;
 declare const requireApiToken: (event: H3Event) => string;
 export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken };

package/dist/{h3.mjs → h3/index.mjs} RENAMED Viewed

@@ -1,9 +1,15 @@
-import { getRequestHeader, getQuery } from 'h3';
+import { getQuery, getHeader } from 'h3';
 import { UnauthenticatedError } from '@nitrotool/errors';
-const extractBearerToken = (event) => getRequestHeader(event, "Authorization")?.replace("Bearer ", "") || void 0;
+const extractBearerToken = (event) => {
+  const auth = getHeader(event, "authorization");
+  if (!auth?.startsWith("Bearer ")) {
+    return void 0;
+  }
+  return auth.slice(7);
+};
 const extractQueryToken = (event, key = "token") => getQuery(event)?.[key] || void 0;
-const extractApiToken = (event) => extractBearerToken(event) || extractQueryToken(event);
+const extractApiToken = (event, opts = { queryKey: "token" }) => extractBearerToken(event) || extractQueryToken(event, opts.queryKey);
 const requireApiToken = (event) => {
   const token = extractApiToken(event);
   if (!token) {

package/dist/index.d.mts CHANGED Viewed

@@ -1,4 +1,9 @@
-export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken } from './h3.mjs';
-export { ExtendableJwtPayload, decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw } from './jwt.mjs';
-import 'h3';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from './runtime/server/index.mjs';
+export { requireApiToken } from './h3/index.mjs';
+import { H3Event } from 'h3';
+import './core/index.mjs';
 import '@tsndr/cloudflare-worker-jwt';
+declare const requireJwt: <T extends Record<string, any> = {}>(event: H3Event) => Promise<any>;
+export { requireJwt };

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,9 @@
-export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken } from './h3.js';
-export { ExtendableJwtPayload, decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw } from './jwt.js';
-import 'h3';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from './runtime/server/index.js';
+export { requireApiToken } from './h3/index.js';
+import { H3Event } from 'h3';
+import './core/index.js';
 import '@tsndr/cloudflare-worker-jwt';
+declare const requireJwt: <T extends Record<string, any> = {}>(event: H3Event) => Promise<any>;
+export { requireJwt };

package/dist/index.mjs CHANGED Viewed

@@ -1,5 +1,8 @@
-export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken } from './h3.mjs';
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw } from './jwt.mjs';
-import 'h3';
-import '@nitrotool/errors';
+export { r as requireJwt } from './shared/jwt.Cd03UmUN.mjs';
+export { decodeJwt, encodeJwt, verifyJwt } from './runtime/server/index.mjs';
+export { requireApiToken } from './h3/index.mjs';
+export { c as configureJwtRuntime, g as getJwtSecret } from './shared/jwt.Cgq_6NMU.mjs';
+import './core/index.mjs';
 import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+import 'h3';

package/dist/module.d.mts ADDED Viewed

@@ -0,0 +1,9 @@
+import * as _nuxt_schema from '@nuxt/schema';
+interface ModuleOptions {
+    secret?: string;
+}
+declare const _default: _nuxt_schema.NuxtModule<ModuleOptions, ModuleOptions, false>;
+export { _default as default };
+export type { ModuleOptions };

package/dist/module.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import * as _nuxt_schema from '@nuxt/schema';
+interface ModuleOptions {
+    secret?: string;
+}
+declare const _default: _nuxt_schema.NuxtModule<ModuleOptions, ModuleOptions, false>;
+export { _default as default };
+export type { ModuleOptions };

package/dist/module.mjs ADDED Viewed

@@ -0,0 +1,72 @@
+import fs from 'node:fs';
+import { defineNuxtModule, createResolver, addServerScanDir, addServerPlugin, addServerTemplate } from '@nuxt/kit';
+import { consola } from 'consola';
+import { join } from 'pathe';
+const version = "1.0.1";
+async function getFilesInDirectory(dir) {
+  const files = await fs.promises.readdir(dir);
+  const filePaths = [];
+  for (const file of files) {
+    const fullPath = join(dir, file);
+    const stat = await fs.promises.stat(fullPath);
+    if (stat.isFile()) {
+      filePaths.push(fullPath);
+    }
+  }
+  return filePaths;
+}
+async function getFilesInDirectoryRecursive(dir) {
+  const files = await fs.promises.readdir(dir);
+  const filePaths = [];
+  for (const file of files) {
+    const fullPath = join(dir, file);
+    const stat = await fs.promises.stat(fullPath);
+    if (stat.isFile()) {
+      filePaths.push(fullPath);
+    } else if (stat.isDirectory()) {
+      const subdirectoryFiles = await getFilesInDirectory(fullPath);
+      filePaths.push(...subdirectoryFiles);
+    }
+  }
+  return filePaths;
+}
+const module = defineNuxtModule({
+  meta: {
+    name: "@nitrotool/jwt",
+    configKey: "jwt",
+    version
+  },
+  async setup(options, nuxt) {
+    const logger = consola.withTag("jwt");
+    const resolver = createResolver(import.meta.url);
+    if (nuxt.options._prepare) {
+      logger.debug("Skipping module init due to nuxt.options._prepare = true");
+      return;
+    }
+    if (nuxt.options.runtimeConfig.jwtSecret) {
+      options.secret = nuxt.options.runtimeConfig.jwtSecret;
+    }
+    addServerScanDir([resolver.resolve("./runtime/server/nitro")]);
+    addServerPlugin(resolver.resolve("./runtime/server/nitro/plugin"));
+    const runtimeFiles = await getFilesInDirectoryRecursive(
+      resolver.resolve("./runtime/server")
+    );
+    for (const file of runtimeFiles) {
+      const relativeName = file.replace(
+        resolver.resolve("./runtime/server"),
+        ""
+      );
+      logger.debug(`Adding server template: ${relativeName}`);
+      addServerTemplate({
+        filename: relativeName,
+        getContents: () => fs.readFileSync(file, "utf-8")
+      });
+    }
+    nuxt.options.runtimeConfig.jwtSecret = options.secret;
+  }
+});
+export { module as default };

package/dist/runtime/server/index.d.mts ADDED Viewed

@@ -0,0 +1,16 @@
+import { ExtendableJwtPayload } from '../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+type JwtRuntimeConfig = {
+    jwtSecret?: string;
+};
+declare const configureJwtRuntime: (getter: () => JwtRuntimeConfig) => void;
+declare const getJwtSecret: () => string;
+declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, ttlSec?: number) => Promise<any>;
+declare const verifyJwt: (token: string) => Promise<any>;
+declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, opts?: {
+    verify?: boolean;
+}) => Promise<any>;
+export { ExtendableJwtPayload, configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt };

package/dist/runtime/server/index.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { ExtendableJwtPayload } from '../../core/index.js';
+import '@tsndr/cloudflare-worker-jwt';
+type JwtRuntimeConfig = {
+    jwtSecret?: string;
+};
+declare const configureJwtRuntime: (getter: () => JwtRuntimeConfig) => void;
+declare const getJwtSecret: () => string;
+declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, ttlSec?: number) => Promise<any>;
+declare const verifyJwt: (token: string) => Promise<any>;
+declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, opts?: {
+    verify?: boolean;
+}) => Promise<any>;
+export { ExtendableJwtPayload, configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt };

package/dist/runtime/server/index.mjs ADDED Viewed

@@ -0,0 +1,17 @@
+import { g as getJwtSecret } from '../../shared/jwt.Cgq_6NMU.mjs';
+export { c as configureJwtRuntime } from '../../shared/jwt.Cgq_6NMU.mjs';
+import { encodeJwtRaw, decodeJwtRaw, verifyJwtRaw } from '../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+const encodeJwt = async (payload, ttlSec = 60) => {
+  return encodeJwtRaw(payload, getJwtSecret(), ttlSec);
+};
+const verifyJwt = async (token) => {
+  return verifyJwtRaw(token, getJwtSecret());
+};
+const decodeJwt = async (token, opts = { verify: true }) => {
+  return decodeJwtRaw(token, getJwtSecret(), opts);
+};
+export { decodeJwt, encodeJwt, getJwtSecret, verifyJwt };

package/dist/runtime/server/nitro/plugin.d.mts ADDED Viewed

@@ -0,0 +1,3 @@
+declare const _default: any;
+export { _default as default };

package/dist/runtime/server/nitro/plugin.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+declare const _default: any;
+export { _default as default };

package/dist/runtime/server/nitro/plugin.mjs ADDED Viewed

@@ -0,0 +1,10 @@
+import { defineNitroPlugin, useRuntimeConfig } from 'nitropack/runtime';
+import { c as configureJwtRuntime } from '../../../shared/jwt.Cgq_6NMU.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+const plugin = defineNitroPlugin(() => {
+  configureJwtRuntime(() => useRuntimeConfig());
+});
+export { plugin as default };

package/dist/runtime/server/nitro/utils/index.d.mts ADDED Viewed

@@ -0,0 +1,6 @@
+export { requireJwt } from '../../../../index.mjs';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from '../../index.mjs';
+export { requireApiToken } from '../../../../h3/index.mjs';
+import 'h3';
+import '../../../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';

package/dist/runtime/server/nitro/utils/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export { requireJwt } from '../../../../index.js';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from '../../index.js';
+export { requireApiToken } from '../../../../h3/index.js';
+import 'h3';
+import '../../../../core/index.js';
+import '@tsndr/cloudflare-worker-jwt';

package/dist/runtime/server/nitro/utils/index.mjs ADDED Viewed

@@ -0,0 +1,8 @@
+export { r as requireJwt } from '../../../../shared/jwt.Cd03UmUN.mjs';
+export { decodeJwt, encodeJwt, verifyJwt } from '../../index.mjs';
+export { requireApiToken } from '../../../../h3/index.mjs';
+export { c as configureJwtRuntime, g as getJwtSecret } from '../../../../shared/jwt.Cgq_6NMU.mjs';
+import '../../../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+import 'h3';

package/dist/shared/jwt.Cd03UmUN.mjs ADDED Viewed

@@ -0,0 +1,8 @@
+import { decodeJwt } from '../runtime/server/index.mjs';
+import { requireApiToken } from '../h3/index.mjs';
+const requireJwt = async (event) => {
+  return decodeJwt(requireApiToken(event));
+};
+export { requireJwt as r };

package/dist/shared/jwt.Cgq_6NMU.mjs ADDED Viewed

@@ -0,0 +1,16 @@
+let getRuntimeConfig = () => ({});
+const configureJwtRuntime = (getter) => {
+  getRuntimeConfig = getter;
+};
+const getJwtSecret = () => {
+  const cfg = getRuntimeConfig();
+  if (cfg?.jwtSecret) return cfg.jwtSecret;
+  if (process?.env?.NUXT_JWT_SECRET) return process?.env?.NUXT_JWT_SECRET;
+  if (process?.env?.NITRO_JWT_SECRET) return process?.env?.NITRO_JWT_SECRET;
+  if (process?.env?.JWT_SECRET) return process.env.JWT_SECRET;
+  throw new Error(
+    "jwtSecret is not configured. configure using NUXT_JWT_SECRET or jwt.secret"
+  );
+};
+export { configureJwtRuntime as c, getJwtSecret as g };

package/package.json CHANGED Viewed

@@ -1,17 +1,35 @@
 {
   "name": "@nitrotool/jwt",
-  "version": "0.0.8",
-  "main": "dist/index.mjs",
+  "version": "1.0.1",
   "type": "module",
+  "main": "dist/index.mjs",
+  "types": "./dist/index.d.ts",
   "exports": {
-    ".": "./dist/index.mjs",
-    "./jwt": "./dist/jwt.mjs",
-    "./h3": "./dist/h3.mjs"
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs"
+    },
+    "./module": {
+      "types": "./dist/module.d.ts",
+      "import": "./dist/module.mjs"
+    },
+    "./core": {
+      "types": "./dist/core/index.d.ts",
+      "import": "./dist/core/index.mjs"
+    },
+    "./h3": {
+      "types": "./dist/h3/index.d.ts",
+      "import": "./dist/h3/index.mjs"
+    }
   },
-  "types": "./dist/index.d.ts",
   "dependencies": {
     "@tsndr/cloudflare-worker-jwt": "^3.2.0",
-    "@nitrotool/errors": "0.0.8"
+    "@nitrotool/errors": "1.0.1",
+    "@nuxt/kit": "latest",
+    "pathe": "^2.0.3",
+    "@nuxt/schema": "^4.2.2",
+    "consola": "^3.4.2",
+    "nitropack": "^2.13.1"
   },
   "peerDependencies": {
     "h3": "^1.15.3"
@@ -19,6 +37,19 @@
   "devDependencies": {
     "unbuild": "^3.5.0"
   },
+  "unbuild": {
+    "entries": [
+      "src/index",
+      "src/module",
+      "src/core/index",
+      "src/h3/index",
+      "src/runtime/server/index",
+      "src/runtime/server/nitro/plugin",
+      "src/runtime/server/nitro/utils/index"
+    ],
+    "declaration": true,
+    "clean": true
+  },
   "scripts": {
     "build": "unbuild ."
   }

package/dist/jwt.d.mts DELETED Viewed

@@ -1,16 +0,0 @@
-import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
-type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
-declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttl?: number) => Promise<string>;
-declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>) => Promise<string>;
-declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
-declare const verifyJwt: (token: string) => Promise<boolean>;
-declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw };
-export type { ExtendableJwtPayload };

package/dist/jwt.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
-type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
-declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttl?: number) => Promise<string>;
-declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>) => Promise<string>;
-declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
-declare const verifyJwt: (token: string) => Promise<boolean>;
-declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw };
-export type { ExtendableJwtPayload };

package/dist/jwt.mjs DELETED Viewed

@@ -1,52 +0,0 @@
-import jwt from '@tsndr/cloudflare-worker-jwt';
-import { UnauthorizedError } from '@nitrotool/errors';
-const encodeJwtRaw = async (payload, secret, ttl = 60) => {
-  return await jwt.sign(
-    {
-      exp: Date.now() / 1e3 + ttl,
-      ...payload
-    },
-    secret
-  );
-};
-const encodeJwt = async (payload) => {
-  const secret = (
-    //@ts-expect-error Expected.
-    typeof useRuntimeConfig === "function" ? useRuntimeConfig()?.jwtSecret : ""
-  );
-  return encodeJwtRaw(payload, secret);
-};
-const verifyJwtRaw = async (token, secret) => {
-  return new Promise(async (resolve) => {
-    if (await jwt.verify(token, secret, { throwError: false })) {
-      return resolve(true);
-    }
-    return resolve(false);
-  });
-};
-const verifyJwt = async (token) => {
-  const secret = (
-    //@ts-expect-error Expected.
-    typeof useRuntimeConfig === "function" ? useRuntimeConfig()?.jwtSecret : ""
-  );
-  return verifyJwtRaw(token, secret);
-};
-const decodeJwtRaw = async (token, secret, { verify } = { verify: true }) => {
-  if (!secret && verify)
-    throw new Error("Cannot check signature without secret.");
-  if (secret && verify && !await verifyJwtRaw(token, secret)) {
-    throw UnauthorizedError("Invalid JWT token.");
-  }
-  const { payload } = jwt.decode(token);
-  return payload;
-};
-const decodeJwt = async (token, { verify } = { verify: true }) => {
-  if (verify && !await verifyJwt(token)) {
-    throw UnauthorizedError("Invalid JWT token.");
-  }
-  const { payload } = jwt.decode(token);
-  return payload;
-};
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw };