@nitrotool/jwt 0.0.9 → 1.0.2

package/README.md

@@ -1,12 +1,13 @@
 # @nitrotool/jwt
 
-Lightweight JWT utilities for Nitro/UnJS environments with optional h3 helpers.
+Lightweight JWT utilities for Nuxt/Nitro/UnJS environments **with built-in h3 helpers**.
 
 - Built on `@tsndr/cloudflare-worker-jwt`
 - Helpers that read `jwtSecret` from your Nitro runtime config
-- h3 utilities to extract tokens from requests and enforce authentication
+- Batteries included with h3 utilities to extract tokens from requests and enforce authentication
+
+Learn more about JWT and how it works:
 
-Learn more about JWT and how it works here:
 - [What is a JWT?](https://www.jwt.io/introduction#what-is-json-web-token)
 - [JWT.io](https://jwt.io/)
 
@@ -20,66 +21,129 @@ pnpm install @nitrotool/jwt
 npm install @nitrotool/jwt
 ```
 
-Peer dependency:
-- `h3` is required.
+Required peer dependency:
+
+- `h3` (this package expects `h3` to be present)
+
+## Nuxt setup
+
+```ts
+export default defineNuxtConfig({
+    modules: ['@nitrotool/jwt'],
+    //You can also 
+    jwt: {
+        //default secret (only use this locally, and override it in prod)
+        secret: 'some-random-secret-yes-it-is-not-very-secure',
+        // Alternatively also available as NUXT_JWT_SECRET env var
+    },
+});
+
+```
+
+### Usage with Nuxt 3/4
+
+> This is available all places where auto-imported can be used on the server-side.
+
+```ts
+type MyClaims = { tenantId: string };
+
+const token = await encodeJwt<MyClaims>({tenantId: '123', sub: '123'});
+
+// Later…
+const isValid = await verifyJwt(token);
+const payload = await decodeJwt<MyClaims>(token);
+
+
+// or
+export default defineEventHandler(async (event) => {
+    const jwt = await requireJwt(event);
+    // you now have access to a required JWT token via Authorization bearer header.
+})
+
+```
 
 ## Importing
 
-You can import from the main entry or subpath exports:
+Import from the main entry or subpaths:
+
+```ts
+// Node-only helpers
+import {encodeJwtRaw, verifyJwtRaw, decodeJwtRaw} from '@nitrotool/jwt/core';
+
+// h3-only helpers
+import {extractApiToken, requireApiToken} from '@nitrotool/jwt/h3';
+```
+
+## Quick Start Nitro
+
+### 1. Create plugin to load secret.
 
 ```ts
-// Main (all helpers)
-import { encodeJwt, verifyJwt, decodeJwt } from '@nitrotool/jwt';
+// plugins/0.jwt.ts
+import { defineNitroPlugin, useRuntimeConfig } from 'nitropack/runtime';
+import { configureJwtRuntime } from '@nitrotool/jwt';
 
-// Subpath (JWT-only)
-import { encodeJwtRaw, verifyJwtRaw, decodeJwtRaw } from '@nitrotool/jwt/core';
+export default defineNitroPlugin(() => {
+    configureJwtRuntime(() => useRuntimeConfig() as any);
+});
 
-// Subpath (h3 helpers)
-import { extractApiToken, requireApiToken } from '@nitrotool/jwt/h3';
 ```
 
-## Quick Start
+### 2. Basic usage
 
 ```ts
-import { encodeJwt, verifyJwt, decodeJwt } from '@nitrotool/jwt';
+import {encodeJwt, verifyJwt, decodeJwt} from '@nitrotool/jwt';
+
+type MyClaims = { tenantId: string };
 
-type MyClaims = { userId: string };
+const token = await encodeJwt<MyClaims>({tenantId: '123', sub: '123'});
 
-const token = await encodeJwt<MyClaims>({ userId: '123' });
 // Later…
 const isValid = await verifyJwt(token);
-const payload = await decodeJwt<MyClaims>(token); // { userId: '123', exp: ... }
+const payload = await decodeJwt<MyClaims>(token); // { sub: '123', tenantId: '123', exp: ... }
 ```
 
 By default, non-`Raw` helpers read the secret from your runtime config:
+
 - `useRuntimeConfig().jwtSecret`
 
 If you need to pass a secret explicitly, use the `*Raw` variants.
 
-## Usage with h3
+### 3. In a route handler
 
 Extract API tokens and enforce authentication in request handlers:
 
+#### Require a JWT token
+```ts
+import {defineEventHandler} from 'h3';
+import {requireJwt} from '@nitrotool/jwt';
+
+export default defineEventHandler(async (event) => {
+    const decodedJwt = await requireJwt(event)
+})
+```
+
+#### Extract a JWT token manually
 ```ts
 import { defineEventHandler } from 'h3';
-import { extractApiToken, requireApiToken } from '@nitrotool/jwt/h3';
-import { decodeJwt } from '@nitrotool/jwt';
+import { extractApiToken, requireApiToken, decodeJwt } from '@nitrotool/jwt';
 
 export default defineEventHandler(async (event) => {
-  // Try to read token (Authorization: Bearer <token> or ?token=<token>)
-  const token = extractApiToken(event);
+    // Try to read token (Authorization: Bearer <token> or ?<queryKey>=<token>)
+    const token = extractApiToken(event, {queryKey: 'token'}); // queryKey defaults to 'token'
 
-  // Or strictly require it (throws UnauthenticatedError if missing)
-  const requiredToken = requireApiToken(event);
+    // Or strictly require it (throws UnauthenticatedError if missing)
+    const requiredToken = requireApiToken(event);
 
-  // Optionally decode/verify
-  const claims = await decodeJwt<{ userId: string }>(requiredToken);
+    // Optionally decode/verify
+    const claims = await decodeJwt<{ userId: string }>(requiredToken);
 
-  return { ok: true, userId: claims.userId };
+    return { ok: true, userId: claims.userId };
 });
 ```
 
 Supported token locations:
+
 - Authorization header: `Authorization: Bearer <token>`
 - Query string: `?token=<token>`
 
@@ -88,11 +152,11 @@ Supported token locations:
 When using non-`Raw` helpers, ensure a secret is available at runtime:
 
 ```ts
-// Example: Nuxt/Nitro runtime config
+// nuxt.config.ts (Nuxt/Nitro runtime config)
 export default defineNuxtConfig({
-  runtimeConfig: {
-    jwtSecret: process.env.JWT_SECRET || 'super-secret',
-  },
+    runtimeConfig: {
+        jwtSecret: 'some-random-secret-yes-it-is-not-very-secure',
+    },
 });
 ```
 
@@ -101,27 +165,27 @@ export default defineNuxtConfig({
 Sign with custom TTL:
 
 ```ts
-import { encodeJwtRaw } from '@nitrotool/jwt';
+import {encodeJwtRaw} from '@nitrotool/jwt';
 
 const token = await encodeJwtRaw(
-  { userId: '123', role: 'admin' },
-  process.env.JWT_SECRET!,
-  60 * 10 // 10 minutes
+    {userId: '123', role: 'admin'},
+    process.env.JWT_SECRET!,
+    60 * 10 // 10 minutes
 );
 ```
 
 Decode without verifying signature (use only for non-sensitive scenarios):
 
 ```ts
-import { decodeJwt } from '@nitrotool/jwt';
+import {decodeJwt} from '@nitrotool/jwt';
 
-const payload = await decodeJwt<{ userId: string }>(token, { verify: false });
+const payload = await decodeJwt<{ userId: string }>(token, {verify: false});
 ```
 
 Verify with an explicit secret:
 
 ```ts
-import { verifyJwtRaw } from '@nitrotool/jwt';
+import {verifyJwtRaw} from '@nitrotool/jwt';
 
 const ok = await verifyJwtRaw(token, process.env.JWT_SECRET!);
 ```
@@ -147,9 +211,9 @@ All helpers are asynchronous.
 - `encodeJwtRaw<T>(payload, secret, ttl = 60): Promise<string>`
     - Signs a token with the provided `secret`.
     - `ttl` is in seconds. Default: `60`.
-    - `exp` is set automatically from `ttl`.
+    - `exp` is set **automagically** from `ttl`.
 
-- `encodeJwt<T>(payload): Promise<string>`
+- `encodeJwt<T>(payload, ttl = 60): Promise<string>`
     - Same as `encodeJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
 
 - `verifyJwtRaw(token, secret): Promise<boolean>`
@@ -168,9 +232,10 @@ All helpers are asynchronous.
     - Throws `UnauthorizedError('Invalid JWT token.')` if verification fails.
 
 Types:
+
 - `ExtendableJwtPayload<T>` lets you define custom claims merged with standard JWT claims.
 
-### h3 helpers
+### h3 helpers (required)
 
 - `extractBearerToken(event): string | undefined`
     - Reads `Authorization` header and returns the token without `Bearer `.
@@ -184,7 +249,6 @@ Types:
 - `requireApiToken(event): string`
     - Same as `extractApiToken`, but throws `UnauthenticatedError` if missing.
 
-
 ## License
 
-MIT
+MIT

package/dist/core/index.d.mts

@@ -0,0 +1,11 @@
+import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
+
+type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
+declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttlSec?: number) => Promise<string>;
+declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
+declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, opts?: {
+    verify?: boolean;
+}) => Promise<ExtendableJwtPayload<T>>;
+
+export { decodeJwtRaw, encodeJwtRaw, verifyJwtRaw };
+export type { ExtendableJwtPayload };

package/dist/core/index.d.ts

@@ -0,0 +1,11 @@
+import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
+
+type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
+declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttlSec?: number) => Promise<string>;
+declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
+declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, opts?: {
+    verify?: boolean;
+}) => Promise<ExtendableJwtPayload<T>>;
+
+export { decodeJwtRaw, encodeJwtRaw, verifyJwtRaw };
+export type { ExtendableJwtPayload };

package/dist/core/index.mjs

@@ -0,0 +1,26 @@
+import jwt from '@tsndr/cloudflare-worker-jwt';
+import { UnauthorizedError } from '@nitrotool/errors';
+
+const encodeJwtRaw = async (payload, secret, ttlSec = 60) => {
+  return jwt.sign(
+    { exp: Math.floor(Date.now() / 1e3) + ttlSec, ...payload },
+    secret
+  );
+};
+const verifyJwtRaw = async (token, secret) => {
+  return new Promise(async (resolve) => {
+    if (await jwt.verify(token, secret, { throwError: false })) {
+      return resolve(true);
+    }
+    return resolve(false);
+  });
+};
+const decodeJwtRaw = async (token, secret, opts = { verify: true }) => {
+  if (opts.verify) {
+    const ok = await verifyJwtRaw(token, secret);
+    if (!ok) throw UnauthorizedError("Invalid JWT token.");
+  }
+  return jwt.decode(token).payload;
+};
+
+export { decodeJwtRaw, encodeJwtRaw, verifyJwtRaw };

package/dist/{h3.d.mts → h3/index.d.mts}

@@ -1,8 +1,10 @@
 import { H3Event } from 'h3';
 
-declare const extractBearerToken: (event: H3Event) => string;
+declare const extractBearerToken: (event: H3Event) => string | undefined;
 declare const extractQueryToken: (event: H3Event, key?: string) => string | undefined;
-declare const extractApiToken: (event: H3Event) => string | undefined;
+declare const extractApiToken: (event: H3Event, opts?: {
+    queryKey: string;
+}) => string | undefined;
 declare const requireApiToken: (event: H3Event) => string;
 
 export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken };

package/dist/{h3.d.ts → h3/index.d.ts}

@@ -1,8 +1,10 @@
 import { H3Event } from 'h3';
 
-declare const extractBearerToken: (event: H3Event) => string;
+declare const extractBearerToken: (event: H3Event) => string | undefined;
 declare const extractQueryToken: (event: H3Event, key?: string) => string | undefined;
-declare const extractApiToken: (event: H3Event) => string | undefined;
+declare const extractApiToken: (event: H3Event, opts?: {
+    queryKey: string;
+}) => string | undefined;
 declare const requireApiToken: (event: H3Event) => string;
 
 export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken };

package/dist/{h3.mjs → h3/index.mjs}

@@ -1,9 +1,15 @@
-import { getRequestHeader, getQuery } from 'h3';
+import { getQuery, getHeader } from 'h3';
 import { UnauthenticatedError } from '@nitrotool/errors';
 
-const extractBearerToken = (event) => getRequestHeader(event, "Authorization")?.replace("Bearer ", "") || void 0;
+const extractBearerToken = (event) => {
+  const auth = getHeader(event, "authorization");
+  if (!auth?.startsWith("Bearer ")) {
+    return void 0;
+  }
+  return auth.slice(7);
+};
 const extractQueryToken = (event, key = "token") => getQuery(event)?.[key] || void 0;
-const extractApiToken = (event) => extractBearerToken(event) || extractQueryToken(event);
+const extractApiToken = (event, opts = { queryKey: "token" }) => extractBearerToken(event) || extractQueryToken(event, opts.queryKey);
 const requireApiToken = (event) => {
   const token = extractApiToken(event);
   if (!token) {

package/dist/index.d.mts

@@ -1,4 +1,10 @@
-export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken } from './h3.mjs';
-export { ExtendableJwtPayload, decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw } from './jwt.mjs';
-import 'h3';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from './runtime/server/index.mjs';
+export { requireApiToken } from './h3/index.mjs';
+import { H3Event } from 'h3';
+import './core/index.mjs';
 import '@tsndr/cloudflare-worker-jwt';
+import 'nitropack/types';
+
+declare const requireJwt: <T extends Record<string, any> = {}>(event: H3Event) => Promise<any>;
+
+export { requireJwt };

package/dist/index.d.ts

@@ -1,4 +1,10 @@
-export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken } from './h3.js';
-export { ExtendableJwtPayload, decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw } from './jwt.js';
-import 'h3';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from './runtime/server/index.js';
+export { requireApiToken } from './h3/index.js';
+import { H3Event } from 'h3';
+import './core/index.js';
 import '@tsndr/cloudflare-worker-jwt';
+import 'nitropack/types';
+
+declare const requireJwt: <T extends Record<string, any> = {}>(event: H3Event) => Promise<any>;
+
+export { requireJwt };

package/dist/index.mjs

@@ -1,5 +1,8 @@
-export { extractApiToken, extractBearerToken, extractQueryToken, requireApiToken } from './h3.mjs';
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw } from './jwt.mjs';
-import 'h3';
-import '@nitrotool/errors';
+export { r as requireJwt } from './shared/jwt.Cd03UmUN.mjs';
+export { decodeJwt, encodeJwt, verifyJwt } from './runtime/server/index.mjs';
+export { requireApiToken } from './h3/index.mjs';
+export { c as configureJwtRuntime, g as getJwtSecret } from './shared/jwt.ftBB7-nW.mjs';
+import './core/index.mjs';
 import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+import 'h3';

package/dist/module.d.mts

@@ -0,0 +1,9 @@
+import * as _nuxt_schema from '@nuxt/schema';
+
+interface ModuleOptions {
+    secret?: string;
+}
+declare const _default: _nuxt_schema.NuxtModule<ModuleOptions, ModuleOptions, false>;
+
+export { _default as default };
+export type { ModuleOptions };

package/dist/module.d.ts

@@ -0,0 +1,9 @@
+import * as _nuxt_schema from '@nuxt/schema';
+
+interface ModuleOptions {
+    secret?: string;
+}
+declare const _default: _nuxt_schema.NuxtModule<ModuleOptions, ModuleOptions, false>;
+
+export { _default as default };
+export type { ModuleOptions };

package/dist/module.mjs

@@ -0,0 +1,72 @@
+import fs from 'node:fs';
+import { defineNuxtModule, createResolver, addServerScanDir, addServerPlugin, addServerTemplate } from '@nuxt/kit';
+import { consola } from 'consola';
+import { join } from 'pathe';
+
+const version = "1.0.2";
+
+async function getFilesInDirectory(dir) {
+  const files = await fs.promises.readdir(dir);
+  const filePaths = [];
+  for (const file of files) {
+    const fullPath = join(dir, file);
+    const stat = await fs.promises.stat(fullPath);
+    if (stat.isFile()) {
+      filePaths.push(fullPath);
+    }
+  }
+  return filePaths;
+}
+async function getFilesInDirectoryRecursive(dir) {
+  const files = await fs.promises.readdir(dir);
+  const filePaths = [];
+  for (const file of files) {
+    const fullPath = join(dir, file);
+    const stat = await fs.promises.stat(fullPath);
+    if (stat.isFile()) {
+      filePaths.push(fullPath);
+    } else if (stat.isDirectory()) {
+      const subdirectoryFiles = await getFilesInDirectory(fullPath);
+      filePaths.push(...subdirectoryFiles);
+    }
+  }
+  return filePaths;
+}
+
+const module = defineNuxtModule({
+  meta: {
+    name: "@nitrotool/jwt",
+    configKey: "jwt",
+    version
+  },
+  async setup(options, nuxt) {
+    const logger = consola.withTag("jwt");
+    const resolver = createResolver(import.meta.url);
+    if (nuxt.options._prepare) {
+      logger.debug("Skipping module init due to nuxt.options._prepare = true");
+      return;
+    }
+    if (nuxt.options.runtimeConfig.jwtSecret) {
+      options.secret = nuxt.options.runtimeConfig.jwtSecret;
+    }
+    addServerScanDir([resolver.resolve("./runtime/server/nitro")]);
+    addServerPlugin(resolver.resolve("./runtime/server/nitro/plugin"));
+    const runtimeFiles = await getFilesInDirectoryRecursive(
+      resolver.resolve("./runtime/server")
+    );
+    for (const file of runtimeFiles) {
+      const relativeName = file.replace(
+        resolver.resolve("./runtime/server"),
+        ""
+      );
+      logger.debug(`Adding server template: ${relativeName}`);
+      addServerTemplate({
+        filename: relativeName,
+        getContents: () => fs.readFileSync(file, "utf-8")
+      });
+    }
+    nuxt.options.runtimeConfig.jwtSecret = options.secret;
+  }
+});
+
+export { module as default };

package/dist/runtime/server/index.d.mts

@@ -0,0 +1,17 @@
+import { ExtendableJwtPayload } from '../../core/index.mjs';
+import { NitroRuntimeConfig } from 'nitropack/types';
+import '@tsndr/cloudflare-worker-jwt';
+
+type JwtRuntimeConfig = NitroRuntimeConfig & {
+    jwtSecret?: string;
+};
+declare const configureJwtRuntime: (getter: () => JwtRuntimeConfig) => void;
+declare const getJwtSecret: () => string;
+
+declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, ttlSec?: number) => Promise<any>;
+declare const verifyJwt: (token: string) => Promise<any>;
+declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, opts?: {
+    verify?: boolean;
+}) => Promise<ExtendableJwtPayload<T>>;
+
+export { ExtendableJwtPayload, configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt };

package/dist/runtime/server/index.d.ts

@@ -0,0 +1,17 @@
+import { ExtendableJwtPayload } from '../../core/index.js';
+import { NitroRuntimeConfig } from 'nitropack/types';
+import '@tsndr/cloudflare-worker-jwt';
+
+type JwtRuntimeConfig = NitroRuntimeConfig & {
+    jwtSecret?: string;
+};
+declare const configureJwtRuntime: (getter: () => JwtRuntimeConfig) => void;
+declare const getJwtSecret: () => string;
+
+declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, ttlSec?: number) => Promise<any>;
+declare const verifyJwt: (token: string) => Promise<any>;
+declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, opts?: {
+    verify?: boolean;
+}) => Promise<ExtendableJwtPayload<T>>;
+
+export { ExtendableJwtPayload, configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt };

package/dist/runtime/server/index.mjs

@@ -0,0 +1,17 @@
+import { g as getJwtSecret } from '../../shared/jwt.ftBB7-nW.mjs';
+export { c as configureJwtRuntime } from '../../shared/jwt.ftBB7-nW.mjs';
+import { encodeJwtRaw, decodeJwtRaw, verifyJwtRaw } from '../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+
+const encodeJwt = async (payload, ttlSec = 60) => {
+  return encodeJwtRaw(payload, getJwtSecret(), ttlSec);
+};
+const verifyJwt = async (token) => {
+  return verifyJwtRaw(token, getJwtSecret());
+};
+const decodeJwt = async (token, opts = { verify: true }) => {
+  return decodeJwtRaw(token, getJwtSecret(), opts);
+};
+
+export { decodeJwt, encodeJwt, getJwtSecret, verifyJwt };

package/dist/runtime/server/nitro/plugin.d.mts

@@ -0,0 +1,3 @@
+declare const _default: any;
+
+export { _default as default };

package/dist/runtime/server/nitro/plugin.d.ts

@@ -0,0 +1,3 @@
+declare const _default: any;
+
+export { _default as default };

package/dist/runtime/server/nitro/plugin.mjs

@@ -0,0 +1,10 @@
+import { defineNitroPlugin, useRuntimeConfig } from 'nitropack/runtime';
+import { c as configureJwtRuntime } from '../../../shared/jwt.ftBB7-nW.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+
+const plugin = defineNitroPlugin(() => {
+  configureJwtRuntime(() => useRuntimeConfig());
+});
+
+export { plugin as default };

package/dist/runtime/server/nitro/utils/index.d.mts

@@ -0,0 +1,7 @@
+export { requireJwt } from '../../../../index.mjs';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from '../../index.mjs';
+export { requireApiToken } from '../../../../h3/index.mjs';
+import 'h3';
+import '../../../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import 'nitropack/types';

package/dist/runtime/server/nitro/utils/index.d.ts

@@ -0,0 +1,7 @@
+export { requireJwt } from '../../../../index.js';
+export { configureJwtRuntime, decodeJwt, encodeJwt, getJwtSecret, verifyJwt } from '../../index.js';
+export { requireApiToken } from '../../../../h3/index.js';
+import 'h3';
+import '../../../../core/index.js';
+import '@tsndr/cloudflare-worker-jwt';
+import 'nitropack/types';

package/dist/runtime/server/nitro/utils/index.mjs

@@ -0,0 +1,8 @@
+export { r as requireJwt } from '../../../../shared/jwt.Cd03UmUN.mjs';
+export { decodeJwt, encodeJwt, verifyJwt } from '../../index.mjs';
+export { requireApiToken } from '../../../../h3/index.mjs';
+export { c as configureJwtRuntime, g as getJwtSecret } from '../../../../shared/jwt.ftBB7-nW.mjs';
+import '../../../../core/index.mjs';
+import '@tsndr/cloudflare-worker-jwt';
+import '@nitrotool/errors';
+import 'h3';

package/dist/shared/jwt.Cd03UmUN.mjs

@@ -0,0 +1,8 @@
+import { decodeJwt } from '../runtime/server/index.mjs';
+import { requireApiToken } from '../h3/index.mjs';
+
+const requireJwt = async (event) => {
+  return decodeJwt(requireApiToken(event));
+};
+
+export { requireJwt as r };

package/dist/shared/jwt.ftBB7-nW.mjs

@@ -0,0 +1,14 @@
+let getRuntimeConfig = () => ({});
+const configureJwtRuntime = (getter) => {
+  getRuntimeConfig = getter;
+};
+const getJwtSecret = () => {
+  const cfg = getRuntimeConfig();
+  if (cfg?.jwtSecret) return cfg.jwtSecret;
+  if (process?.env?.JWT_SECRET) return process.env.JWT_SECRET;
+  throw new Error(
+    "jwtSecret is not configured. configure using NUXT_JWT_SECRET or jwt.secret"
+  );
+};
+
+export { configureJwtRuntime as c, getJwtSecret as g };

package/package.json

@@ -1,17 +1,35 @@
 {
   "name": "@nitrotool/jwt",
-  "version": "0.0.9",
-  "main": "dist/index.mjs",
+  "version": "1.0.2",
   "type": "module",
+  "main": "dist/index.mjs",
+  "types": "./dist/index.d.ts",
   "exports": {
-    ".": "./dist/index.mjs",
-    "./core": "./dist/jwt.mjs",
-    "./h3": "./dist/h3.mjs"
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs"
+    },
+    "./module": {
+      "types": "./dist/module.d.ts",
+      "import": "./dist/module.mjs"
+    },
+    "./core": {
+      "types": "./dist/core/index.d.ts",
+      "import": "./dist/core/index.mjs"
+    },
+    "./h3": {
+      "types": "./dist/h3/index.d.ts",
+      "import": "./dist/h3/index.mjs"
+    }
   },
-  "types": "./dist/index.d.ts",
   "dependencies": {
     "@tsndr/cloudflare-worker-jwt": "^3.2.0",
-    "@nitrotool/errors": "0.0.9"
+    "@nitrotool/errors": "1.0.2",
+    "@nuxt/kit": "latest",
+    "pathe": "^2.0.3",
+    "@nuxt/schema": "^4.2.2",
+    "consola": "^3.4.2",
+    "nitropack": "^2.13.1"
   },
   "peerDependencies": {
     "h3": "^1.15.3"
@@ -19,6 +37,19 @@
   "devDependencies": {
     "unbuild": "^3.5.0"
   },
+  "unbuild": {
+    "entries": [
+      "src/index",
+      "src/module",
+      "src/core/index",
+      "src/h3/index",
+      "src/runtime/server/index",
+      "src/runtime/server/nitro/plugin",
+      "src/runtime/server/nitro/utils/index"
+    ],
+    "declaration": true,
+    "clean": true
+  },
   "scripts": {
     "build": "unbuild ."
   }

package/dist/jwt.d.mts

@@ -1,16 +0,0 @@
-import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
-
-type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
-declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttl?: number) => Promise<string>;
-declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>) => Promise<string>;
-declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
-declare const verifyJwt: (token: string) => Promise<boolean>;
-declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw };
-export type { ExtendableJwtPayload };

package/dist/jwt.d.ts

@@ -1,16 +0,0 @@
-import { JwtPayload } from '@tsndr/cloudflare-worker-jwt';
-
-type ExtendableJwtPayload<T extends Record<string, any> = {}> = Partial<JwtPayload> & T;
-declare const encodeJwtRaw: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>, secret: string, ttl?: number) => Promise<string>;
-declare const encodeJwt: <T extends Record<string, any> = {}>(payload: ExtendableJwtPayload<T>) => Promise<string>;
-declare const verifyJwtRaw: (token: string, secret: string) => Promise<boolean>;
-declare const verifyJwt: (token: string) => Promise<boolean>;
-declare const decodeJwtRaw: <T extends Record<string, any> = {}>(token: string, secret: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-declare const decodeJwt: <T extends Record<string, any> = {}>(token: string, { verify }?: {
-    verify?: boolean;
-}) => Promise<ExtendableJwtPayload<T>>;
-
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw };
-export type { ExtendableJwtPayload };

package/dist/jwt.mjs

@@ -1,52 +0,0 @@
-import jwt from '@tsndr/cloudflare-worker-jwt';
-import { UnauthorizedError } from '@nitrotool/errors';
-
-const encodeJwtRaw = async (payload, secret, ttl = 60) => {
-  return await jwt.sign(
-    {
-      exp: Date.now() / 1e3 + ttl,
-      ...payload
-    },
-    secret
-  );
-};
-const encodeJwt = async (payload) => {
-  const secret = (
-    //@ts-expect-error Expected.
-    typeof useRuntimeConfig === "function" ? useRuntimeConfig()?.jwtSecret : ""
-  );
-  return encodeJwtRaw(payload, secret);
-};
-const verifyJwtRaw = async (token, secret) => {
-  return new Promise(async (resolve) => {
-    if (await jwt.verify(token, secret, { throwError: false })) {
-      return resolve(true);
-    }
-    return resolve(false);
-  });
-};
-const verifyJwt = async (token) => {
-  const secret = (
-    //@ts-expect-error Expected.
-    typeof useRuntimeConfig === "function" ? useRuntimeConfig()?.jwtSecret : ""
-  );
-  return verifyJwtRaw(token, secret);
-};
-const decodeJwtRaw = async (token, secret, { verify } = { verify: true }) => {
-  if (!secret && verify)
-    throw new Error("Cannot check signature without secret.");
-  if (secret && verify && !await verifyJwtRaw(token, secret)) {
-    throw UnauthorizedError("Invalid JWT token.");
-  }
-  const { payload } = jwt.decode(token);
-  return payload;
-};
-const decodeJwt = async (token, { verify } = { verify: true }) => {
-  if (verify && !await verifyJwt(token)) {
-    throw UnauthorizedError("Invalid JWT token.");
-  }
-  const { payload } = jwt.decode(token);
-  return payload;
-};
-
-export { decodeJwt, decodeJwtRaw, encodeJwt, encodeJwtRaw, verifyJwt, verifyJwtRaw };