add auth-code

lib/crypto.js

@@ -5,16 +5,20 @@ import { JWT, JWE, JWK } from 'jose';
 import { startOfMonth } from 'date-fns';
 
 const SALT_ROUNDS = 10;
-const KEY = JWK.asKey(Buffer.from(secret()));
+const KEY = key();
 const ROTATING_SALT = hash(startOfMonth(new Date()).toUTCString());
 const CHARS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
 
+export function key(value) {
+  return JWK.asKey(Buffer.from(secret(value)));
+}
+
 export function hash(...args) {
   return crypto.createHash('sha512').update(args.join('')).digest('hex');
 }
 
-export function secret() {
-  return hash(process.env.HASH_SALT || process.env.DATABASE_URL);
+export function secret(secret = process.env.HASH_SALT || process.env.DATABASE_URL) {
+  return hash(secret);
 }
 
 export function salt() {
@@ -51,23 +55,23 @@ export async function createToken(payload) {
   return JWT.sign(payload, KEY);
 }
 
-export async function parseToken(token) {
+export async function parseToken(token, key = KEY) {
   try {
-    return JWT.verify(token, KEY);
+    return JWT.verify(token, key);
   } catch {
     return null;
   }
 }
 
-export async function createSecureToken(payload) {
-  return JWE.encrypt(await createToken(payload), KEY);
+export async function createSecureToken(payload, key = KEY) {
+  return JWE.encrypt(await createToken(payload), key);
 }
 
-export async function parseSecureToken(token) {
+export async function parseSecureToken(token, key = KEY) {
   try {
-    const result = await JWE.decrypt(token, KEY);
+    const result = await JWE.decrypt(token, key);
 
-    return parseToken(result.toString());
+    return parseToken(result.toString(), key);
   } catch {
     return null;
   }