apps/web/lib/operator-auth.ts

Metadata

• Purpose: Frontend data/service utility module.
• Domain: applications
• Language: ts
• Bytes: 4020
• Lines: 127
• Content hash (short): 5c962762
• Source (start): apps/web/lib/operator-auth.ts:1
• Source (end): apps/web/lib/operator-auth.ts:127

Indexed Symbols

• decodeBase64Url (line 18, function) - Implements decode base64 url for module behavior.
• parseOperatorClaims (line 24, function) - Implements parse operator claims for module behavior.
• getOperatorClaims (line 68, function) - Implements get operator claims for module behavior.
• getPreferredOperatorWorkspaceId (line 84, function) - Implements get preferred operator workspace id for module behavior.
• assertOperatorAccess (line 98, function) - Implements assert operator access for module behavior.

Markdown Headings (if applicable)

No markdown headings detected.

Source Preview

import { isWorkspaceId } from "./workspace-context";

export type OperatorClaims = {
  sub: string;
  roles: string[];
  workspaceIds: string[];
  exp?: number;
};

const isProduction = process.env.NODE_ENV === "production";
const strictOperatorJwt =
  process.env.ANCHOR_REQUIRE_OPERATOR_JWT === "true" || (process.env.ANCHOR_REQUIRE_OPERATOR_JWT !== "false" && isProduction);
const allowWildcardWorkspaces = process.env.ANCHOR_ALLOW_WILDCARD_WORKSPACE_IDS === "true" || !isProduction;

let cachedClaims: OperatorClaims | null = null;
let claimsLoaded = false;

function decodeBase64Url(value: string): string {
  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
  const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, "=");
  return Buffer.from(padded, "base64").toString("utf8");
}

function parseOperatorClaims(token: string): OperatorClaims {
  const parts = token.split(".");