directus
1import getDatabase from '../database/index.js';
2import { InvalidCredentialsError } from '@directus/errors';
3import type { DirectusTokenPayload } from '../types/index.js';
4
5/**
6* Verifies the associated session is still available and valid.
7*
8* @throws If session not found.
9*/
10export async function verifySessionJWT(payload: DirectusTokenPayload) {
11const database = getDatabase();
12
13const session = await database
14.select(1)
15.from('directus_sessions')
16.where({
17token: payload['session'],
18user: payload['id'],
19})
20.andWhere('expires', '>=', new Date())
21.first();
22
23if (!session) {
24throw new InvalidCredentialsError();
25}
26}
27