import * as jose from 'jose';
export interface TokenPayload {
access_token: string;
refresh_token: string;
expiry_date: number;
email: string;
}
export async function encryptToken(payload: TokenPayload, secret: Uint8Array): Promise<string> {
return await new jose.EncryptJWT(payload as unknown as jose.JWTPayload)
.setProtectedHeader({alg: 'dir', enc: 'A256GCM'})
.setIssuedAt()
.encrypt(secret);
}
export async function decryptToken(token: string, secret: Uint8Array): Promise<TokenPayload> {
const {payload} = await jose.jwtDecrypt(token, secret);
return payload as unknown as TokenPayload;
}
export function parseEncryptionKey(keyString: string): Uint8Array {
if (keyString.length === 64 && /^[0-9a-fA-F]+$/.test(keyString)) {
return Uint8Array.from(Buffer.from(keyString, 'hex'));
}
const base64Decoded = Buffer.from(keyString, 'base64');
if (base64Decoded.length === 32) {
return Uint8Array.from(base64Decoded);
}
throw new Error('TOKEN_ENCRYPTION_KEY must be 32 bytes (64 hex chars or 44 base64 chars)');
}
