directus
1import jwt from 'jsonwebtoken';
2import { InvalidTokenError, ServiceUnavailableError, TokenExpiredError } from '@directus/errors';
3import type { DirectusTokenPayload } from '../types/index.js';
4
5export function verifyJWT(token: string, secret: string) {
6let payload;
7
8try {
9payload = jwt.verify(token, secret, {
10issuer: 'directus',
11}) as Record<string, unknown>;
12} catch (err) {
13if (err instanceof jwt.TokenExpiredError) {
14throw new TokenExpiredError();
15} else if (err instanceof jwt.JsonWebTokenError) {
16throw new InvalidTokenError();
17} else {
18throw new ServiceUnavailableError({ service: 'jwt', reason: `Couldn't verify token.` });
19}
20}
21
22return payload;
23}
24
25export function verifyAccessJWT(token: string, secret: string) {
26const payload = verifyJWT(token, secret) as DirectusTokenPayload;
27
28if (payload.role === undefined || payload.app_access === undefined || payload.admin_access === undefined) {
29throw new InvalidTokenError();
30}
31
32return payload;
33}
34