apps/gateway/src/middleware/auth.ts

Metadata

• Purpose: Gateway middleware for cross-cutting concerns.
• Domain: applications
• Language: ts
• Bytes: 4927
• Lines: 155
• Content hash (short): 867e2411
• Source (start): apps/gateway/src/middleware/auth.ts:1
• Source (end): apps/gateway/src/middleware/auth.ts:155

Indexed Symbols

• parseAuthHeader (line 17, function) - Implements parse auth header for module behavior.
• parseAuthContext (line 30, function) - Implements parse auth context for module behavior.
• verifyJwt (line 56, function) - Implements verify jwt for module behavior.

Markdown Headings (if applicable)

No markdown headings detected.

Source Preview

import type { FastifyPluginAsync } from "fastify";
import { createRemoteJWKSet, jwtVerify } from "jose";
import { env } from "../config/env.js";
import { isPublicRoute } from "../utils/routes.js";
import { verifyHs256Jwt } from "../utils/jwt.js";
import { getPortalInviteByJti } from "../services/portal-invite-repository.js";

type AuthContext = {
  subject: string;
  roles: string[];
  workspaceIds: string[];
  tokenJti?: string;
  clientId?: string | null;
  email?: string;
};

function parseAuthHeader(header: string | undefined): string {
  if (!header) {
    throw new Error("Authorization header is required");
  }

  const [scheme, token] = header.split(" ");
  if (scheme?.toLowerCase() !== "bearer" || !token) {
    throw new Error("Authorization header must be Bearer token");
  }