feat: add tRPC auth context, middleware, and protected procedures

- Install jose (JWT) and bcryptjs (password hashing) dependencies - Create auth utilities: JWT sign/verify, password hash/verify, session management - Create createTRPCContext that extracts auth from session cookie, Bearer JWT, or x-api-key - Add publicProcedure, protectedProcedure, adminProcedure, rateLimitedProcedure with middleware - Wire context builder into SolidStart tRPC API handler - Update tRPC client to inject auth tokens and handle 401 redirects - Add unit tests for JWT, password, context builder, and middleware
2026-05-25 15:46:52 -04:00
parent 052e08c17b
commit 71972436b6
13 changed files with 385 additions and 17 deletions
--- a/web/src/server/auth/jwt.ts
+++ b/web/src/server/auth/jwt.ts
@@ -0,0 +1,24 @@
+import { SignJWT, jwtVerify } from "jose";
+
+function getSecret(): Uint8Array {
+  const secret = process.env.JWT_SECRET ?? "dev-jwt-secret-change-in-production";
+  return Buffer.from(secret, "utf-8");
+}
+
+export async function signJWT(
+  payload: Record<string, unknown>,
+  options?: { expiresIn?: string },
+): Promise<string> {
+  return new SignJWT(payload)
+    .setProtectedHeader({ alg: "HS256" })
+    .setIssuedAt()
+    .setExpirationTime(options?.expiresIn ?? "7d")
+    .sign(getSecret());
+}
+
+export async function verifyJWT<T = Record<string, unknown>>(
+  token: string,
+): Promise<T> {
+  const { payload } = await jwtVerify(token, getSecret());
+  return payload as T;
+}