chore: initial commit

internal/svc/auth/jwt.go

@@ -0,0 +1,56 @@
+// Copyright (C) 2024 Declan Teevan
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package auth
+
+import (
+	"time"
+
+	"github.com/lestrrat-go/jwx/v2/jwa"
+	"github.com/lestrrat-go/jwx/v2/jwt"
+
+	"github.com/hexolan/stocklet/internal/pkg/errors"
+	"github.com/hexolan/stocklet/internal/pkg/gwauth"
+	pb "github.com/hexolan/stocklet/internal/pkg/protogen/auth/v1"
+)
+
+// Issues a JWT token
+func issueToken(cfg *ServiceConfig, sub string) (*pb.AuthToken, error) {
+	const expiryTime = 86400 // 1 day
+
+	// Set token claims
+	token := jwt.New()
+	claims := &gwauth.JWTClaims{
+		Subject:  sub,
+		IssuedAt: time.Now().Unix(),
+		Expiry:   time.Now().Unix() + expiryTime,
+	}
+
+	token.Set("sub", claims.Subject)
+	token.Set("iat", claims.IssuedAt)
+	token.Set("exp", claims.Expiry)
+
+	// Sign token
+	accessToken, err := jwt.Sign(token, jwt.WithKey(jwa.KeyAlgorithmFrom(cfg.ServiceOpts.PrivateKey), cfg.ServiceOpts.PrivateKey))
+	if err != nil {
+		return nil, errors.WrapServiceError(errors.ErrCodeService, "failed to sign JWT token", err)
+	}
+
+	return &pb.AuthToken{
+		TokenType:   "Bearer",
+		AccessToken: string(accessToken),
+		ExpiresIn:   expiryTime,
+	}, nil
+}