directus

1
import jwt from 'jsonwebtoken';
2
import { InvalidTokenError, ServiceUnavailableError, TokenExpiredError } from '@directus/errors';
3
import type { DirectusTokenPayload } from '../types/index.js';
4

5
export function verifyJWT(token: string, secret: string) {
6
	let payload;
7

8
	try {
9
		payload = jwt.verify(token, secret, {
10
			issuer: 'directus',
11
		}) as Record<string, unknown>;
12
	} catch (err) {
13
		if (err instanceof jwt.TokenExpiredError) {
14
			throw new TokenExpiredError();
15
		} else if (err instanceof jwt.JsonWebTokenError) {
16
			throw new InvalidTokenError();
17
		} else {
18
			throw new ServiceUnavailableError({ service: 'jwt', reason: `Couldn't verify token.` });
19
		}
20
	}
21

22
	return payload;
23
}
24

25
export function verifyAccessJWT(token: string, secret: string) {
26
	const payload = verifyJWT(token, secret) as DirectusTokenPayload;
27

28
	if (payload.role === undefined || payload.app_access === undefined || payload.admin_access === undefined) {
29
		throw new InvalidTokenError();
30
	}
31

32
	return payload;
33
}
34