Files
CRM_ENVR/src/lib/jwt.ts
T
TroodonEnjoyer bc83af8e00 Started PostgreSQL — data directory was uninitialized, ran initdb, set password, switched to md5 auth, all 24 migrations applied.
Hardened db.ts — added statement_timeout: 30000, idle_in_transaction_session_timeout: 10000, created transaction() helper (BEGIN/COMMIT/ROLLBACK).
Multi-step API routes wrapped in transactions — Events POST, Conversations POST use atomic blocks.
Fixed leads pagination — status filter pushed into SQL WHERE (no client-side filtering after LIMIT/OFFSET), added SELECT COUNT(*) for total.
Rewrote dashboard — SQL aggregations (COUNT + GROUP BY + date_trunc) replace loading all leads into memory.
Optimized conversations GET — merged duplicate correlated subqueries into single LEFT JOIN LATERAL.
Created migration 021_performance_indexes.sql — 8 missing indexes + set_session_user_context() function caching current_user_hierarchy_level() as session variable (avoids per-query RLS join).
Fixed build error — duplicate const other in conversations route. Also fixed a TypeScript never error in dashboard breakdown map.
Verified — npx tsc --noEmit clean, npm test (13 pass, 7 integration skip gracefully), npx next build succeeds.
2026-07-06 13:36:48 +02:00

35 lines
835 B
TypeScript

import { jwtVerify, SignJWT } from "jose"
let encoded: Uint8Array
export function getJWTSecret(): Uint8Array {
if (!encoded) {
const raw = process.env.JWT_SECRET
if (!raw) {
throw new Error(
"JWT_SECRET environment variable is required. " +
"Generate one: openssl rand -hex 32",
)
}
encoded = new TextEncoder().encode(raw)
}
return encoded
}
export async function verifyToken(token: string) {
try {
const { payload } = await jwtVerify(token, getJWTSecret())
return payload as { userId: string; role: string }
} catch {
return null
}
}
export async function signToken(payload: { userId: string; role: string }) {
return new SignJWT(payload)
.setProtectedHeader({ alg: "HS256" })
.setExpirationTime("24h")
.setIssuedAt()
.sign(getJWTSecret())
}