Albert
6b7377ae6e
Implemented complete OAuth flow with ATproto/Bluesky: - Created login page with Mantine form components - Implemented OAuth login route with PKCE and state verification - Implemented OAuth callback route with JWT minting - Created auth utility libraries for ATproto resolution and JWT generation - Updated tsconfig path alias to support project structure - Added @mantine/form and openid-client dependencies - Updated CLAUDE.md to allow direct git commits - All auth tests passing (login page, error handling, OAuth flow) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
37 lines
941 B
TypeScript
37 lines
941 B
TypeScript
import jwt from 'jsonwebtoken';
|
|
|
|
/**
|
|
* Mints a new JWT for our application's session management.
|
|
* This token is what SurrealDB will validate.
|
|
*
|
|
* @param did - The user's canonical ATproto DID (e.g., "did:plc:...")
|
|
* @param handle - The user's Bluesky handle (e.g., "user.bsky.social")
|
|
* @returns A signed JWT string.
|
|
*/
|
|
export function mintSurrealJwt(did: string, handle: string): string {
|
|
const secret = process.env.SURREALDB_JWT_SECRET;
|
|
if (!secret) {
|
|
throw new Error('SURREALDB_JWT_SECRET is not set in environment.');
|
|
}
|
|
|
|
// This payload is critical. The `did` claim will be used
|
|
// in SurrealDB's PERMISSIONS clauses.
|
|
const payload = {
|
|
// Standard JWT claims
|
|
iss: 'Ponderants',
|
|
aud: 'SurrealDB',
|
|
|
|
// Custom claims
|
|
did: did,
|
|
handle: handle,
|
|
};
|
|
|
|
// Token expires in 7 days
|
|
const token = jwt.sign(payload, secret, {
|
|
algorithm: 'HS512',
|
|
expiresIn: '7d',
|
|
});
|
|
|
|
return token;
|
|
}
|