43 lines
1.0 KiB
TypeScript
43 lines
1.0 KiB
TypeScript
// token.ts
|
|
//
|
|
// Token generation and hashing utilities for authentication.
|
|
// Raw tokens are never stored - only their SHA-256 hashes.
|
|
|
|
import { createHash, randomBytes } from "node:crypto";
|
|
|
|
const TOKEN_BYTES = 32; // 256 bits of entropy
|
|
|
|
// Generate a cryptographically secure random token
|
|
function generateToken(): string {
|
|
return randomBytes(TOKEN_BYTES).toString("base64url");
|
|
}
|
|
|
|
// Hash token for storage (never store raw tokens)
|
|
function hashToken(token: string): string {
|
|
return createHash("sha256").update(token).digest("hex");
|
|
}
|
|
|
|
// Parse token from Authorization header
|
|
function parseAuthorizationHeader(header: string | undefined): string | null {
|
|
if (!header) {
|
|
return null;
|
|
}
|
|
|
|
const parts = header.split(" ");
|
|
if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer") {
|
|
return null;
|
|
}
|
|
|
|
return parts[1];
|
|
}
|
|
|
|
// Cookie name for web sessions
|
|
const SESSION_COOKIE_NAME = "diachron_session";
|
|
|
|
export {
|
|
generateToken,
|
|
hashToken,
|
|
parseAuthorizationHeader,
|
|
SESSION_COOKIE_NAME,
|
|
};
|