(userId?: string)
| 23 | * @param userId Optional user ID to embed in token payload |
| 24 | */ |
| 25 | export async function generateInternalToken(userId?: string): Promise<string> { |
| 26 | const secret = getJwtSecret() |
| 27 | |
| 28 | const payload: { type: string; userId?: string } = { type: 'internal' } |
| 29 | if (userId) { |
| 30 | payload.userId = userId |
| 31 | } |
| 32 | |
| 33 | const token = await new SignJWT(payload) |
| 34 | .setProtectedHeader({ alg: 'HS256' }) |
| 35 | .setIssuedAt() |
| 36 | .setExpirationTime('5m') |
| 37 | .setIssuer('sim-internal') |
| 38 | .setAudience('sim-api') |
| 39 | .sign(secret) |
| 40 | |
| 41 | return token |
| 42 | } |
| 43 | |
| 44 | /** |
| 45 | * Verify an internal JWT token |
no test coverage detected