provide jwt migration

This commit is contained in:
keyan 2023-07-30 14:03:24 -05:00
parent 9745b82d63
commit d04dc691df
3 changed files with 73 additions and 1 deletions

38
package-lock.json generated
View File

@ -36,6 +36,7 @@
"graphql": "^16.7.1", "graphql": "^16.7.1",
"graphql-tag": "^2.12.6", "graphql-tag": "^2.12.6",
"graphql-type-json": "^0.3.2", "graphql-type-json": "^0.3.2",
"jose1": "npm:jose@^1.27.2",
"ln-service": "^56.9.0", "ln-service": "^56.9.0",
"mathjs": "^11.9.1", "mathjs": "^11.9.1",
"mdast-util-find-and-replace": "^3.0.0", "mdast-util-find-and-replace": "^3.0.0",
@ -2967,6 +2968,14 @@
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
}, },
"node_modules/@panva/asn1.js": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz",
"integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==",
"engines": {
"node": ">=10.13.0"
}
},
"node_modules/@panva/hkdf": { "node_modules/@panva/hkdf": {
"version": "1.1.1", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/@panva/hkdf/-/hkdf-1.1.1.tgz", "resolved": "https://registry.npmjs.org/@panva/hkdf/-/hkdf-1.1.1.tgz",
@ -9529,6 +9538,22 @@
"url": "https://github.com/sponsors/panva" "url": "https://github.com/sponsors/panva"
} }
}, },
"node_modules/jose1": {
"name": "jose",
"version": "1.27.2",
"resolved": "https://registry.npmjs.org/jose/-/jose-1.27.2.tgz",
"integrity": "sha512-zLIwnMa8dh5A2jFo56KvhiXCaW0hFjdNvG0I5GScL8Wro+/r/SnyIYTbnX3fYztPNSfgQp56sDMHUuS9c3e6bw==",
"deprecated": "this version is no longer supported",
"dependencies": {
"@panva/asn1.js": "^1.0.0"
},
"engines": {
"node": ">=10.13.0"
},
"funding": {
"url": "https://github.com/sponsors/panva"
}
},
"node_modules/js-sha256": { "node_modules/js-sha256": {
"version": "0.9.0", "version": "0.9.0",
"resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz", "resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz",
@ -21612,6 +21637,11 @@
} }
} }
}, },
"@panva/asn1.js": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz",
"integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw=="
},
"@panva/hkdf": { "@panva/hkdf": {
"version": "1.1.1", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/@panva/hkdf/-/hkdf-1.1.1.tgz", "resolved": "https://registry.npmjs.org/@panva/hkdf/-/hkdf-1.1.1.tgz",
@ -26672,6 +26702,14 @@
"resolved": "https://registry.npmjs.org/jose/-/jose-4.14.4.tgz", "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.4.tgz",
"integrity": "sha512-j8GhLiKmUAh+dsFXlX1aJCbt5KMibuKb+d7j1JaOJG6s2UjX1PQlW+OKB/sD4a/5ZYF4RcmYmLSndOoU3Lt/3g==" "integrity": "sha512-j8GhLiKmUAh+dsFXlX1aJCbt5KMibuKb+d7j1JaOJG6s2UjX1PQlW+OKB/sD4a/5ZYF4RcmYmLSndOoU3Lt/3g=="
}, },
"jose1": {
"version": "npm:jose@1.27.2",
"resolved": "https://registry.npmjs.org/jose/-/jose-1.27.2.tgz",
"integrity": "sha512-zLIwnMa8dh5A2jFo56KvhiXCaW0hFjdNvG0I5GScL8Wro+/r/SnyIYTbnX3fYztPNSfgQp56sDMHUuS9c3e6bw==",
"requires": {
"@panva/asn1.js": "^1.0.0"
}
},
"js-sha256": { "js-sha256": {
"version": "0.9.0", "version": "0.9.0",
"resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz", "resolved": "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz",

View File

@ -37,6 +37,7 @@
"graphql": "^16.7.1", "graphql": "^16.7.1",
"graphql-tag": "^2.12.6", "graphql-tag": "^2.12.6",
"graphql-type-json": "^0.3.2", "graphql-type-json": "^0.3.2",
"jose1": "npm:jose@^1.27.2",
"ln-service": "^56.9.0", "ln-service": "^56.9.0",
"mathjs": "^11.9.1", "mathjs": "^11.9.1",
"mdast-util-find-and-replace": "^3.0.0", "mdast-util-find-and-replace": "^3.0.0",

View File

@ -6,8 +6,9 @@ import EmailProvider from 'next-auth/providers/email'
import prisma from '../../../api/models' import prisma from '../../../api/models'
import nodemailer from 'nodemailer' import nodemailer from 'nodemailer'
import { PrismaAdapter } from '@auth/prisma-adapter' import { PrismaAdapter } from '@auth/prisma-adapter'
import { getToken } from 'next-auth/jwt' import { decode, getToken } from 'next-auth/jwt'
import { NodeNextRequest } from 'next/dist/server/base-http/node' import { NodeNextRequest } from 'next/dist/server/base-http/node'
import jose1 from 'jose1'
function getCallbacks (req) { function getCallbacks (req) {
return { return {
@ -158,6 +159,38 @@ export const getAuthOptions = req => ({
session: { session: {
strategy: 'jwt' strategy: 'jwt'
}, },
jwt: {
decode: async ({ token, secret }) => {
// attempt to decode using new jwt decode
try {
const _token = await decode({ token, secret })
if (_token) {
return _token
}
} catch (err) {
console.log('next-auth v4 jwt decode failed', err)
}
// attempt to decode using old jwt decode from next-auth v3
// https://github.com/nextauthjs/next-auth/blob/ab764e379377f9ffd68ff984b163c0edb5fc4bda/src/lib/jwt.js#L52
try {
const signingKey = jose1.JWK.asKey(JSON.parse(process.env.JWT_SIGNING_PRIVATE_KEY))
const verificationOptions = {
maxTokenAge: '2592000s',
algorithms: ['HS512']
}
const _token = jose1.JWT.verify(token, signingKey, verificationOptions)
if (_token) {
console.log('next-auth v3 jwt decode success')
return _token
}
} catch (err) {
console.log('next-auth v3 jwt decode failed', err)
}
return null
}
},
pages: { pages: {
signIn: '/login', signIn: '/login',
verifyRequest: '/email', verifyRequest: '/email',