Use jwks in elysia

api/bun.lock

@@ -4,12 +4,12 @@
     "": {
       "name": "api",
       "dependencies": {
-        "@elysiajs/jwt": "^1.2.0",
         "@elysiajs/swagger": "^1.2.2",
         "blurhash": "^2.0.5",
         "drizzle-kit": "^0.30.4",
         "drizzle-orm": "0.39.0",
         "elysia": "^1.2.23",
+        "jose": "^6.0.10",
         "parjs": "^1.3.9",
         "pg": "^8.13.3",
         "sharp": "^0.33.5",
@@ -27,8 +27,6 @@
   "packages": {
     "@drizzle-team/brocli": ["@drizzle-team/brocli@0.10.2", "", {}, "sha512-z33Il7l5dKjUgGULTqBsQBQwckHh5AbIuxhdsIxDDiZAzBOrZO6q9ogcWC65kU382AfynTfgNumVcNIjuIua6w=="],
 
-    "@elysiajs/jwt": ["@elysiajs/jwt@1.2.0", "", { "dependencies": { "jose": "^4.14.4" }, "peerDependencies": { "elysia": ">= 1.2.0" } }, "sha512-5iMoZucIKNAqPKW3n6RBIyCnDWG3kOcqA4WZKtqEff+IjV6AN3dlMSE2XsS0xjIvusLD0UBXS8cxQ9NwIcj6ew=="],
-
     "@elysiajs/swagger": ["@elysiajs/swagger@1.2.2", "", { "dependencies": { "@scalar/themes": "^0.9.52", "@scalar/types": "^0.0.12", "openapi-types": "^12.1.3", "pathe": "^1.1.2" }, "peerDependencies": { "elysia": ">= 1.2.0" } }, "sha512-DG0PbX/wzQNQ6kIpFFPCvmkkWTIbNWDS7lVLv3Puy6ONklF14B4NnbDfpYjX1hdSYKeCqKBBOuenh6jKm8tbYA=="],
 
     "@emnapi/runtime": ["@emnapi/runtime@1.3.1", "", { "dependencies": { "tslib": "^2.4.0" } }, "sha512-kEBmG8KyqtxJZv+ygbEim+KCGtIq1fC22Ms3S4ziXmYKm8uyoLX0MHONVKwp+9opg390VaKRNt4a7A9NwmpNhw=="],
@@ -183,7 +181,7 @@
 
     "isexe": ["isexe@3.1.1", "", {}, "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ=="],
 
-    "jose": ["jose@4.15.9", "", {}, "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA=="],
+    "jose": ["jose@6.0.10", "", {}, "sha512-skIAxZqcMkOrSwjJvplIPYrlXGpxTPnro2/QWTDCxAdWQrSTV5/KqspMWmi5WAx5+ULswASJiZ0a+1B/Lxt9cw=="],
 
     "memoirist": ["memoirist@0.3.0", "", {}, "sha512-wR+4chMgVPq+T6OOsk40u9Wlpw1Pjx66NMNiYxCQQ4EUJ7jDs3D9kTCeKdBOkvAiqXlHLVJlvYL01PvIJ1MPNg=="],
 

api/package.json

@@ -9,12 +9,12 @@
 		"format": "biome check --write ."
 	},
 	"dependencies": {
-		"@elysiajs/jwt": "^1.2.0",
 		"@elysiajs/swagger": "^1.2.2",
 		"blurhash": "^2.0.5",
 		"drizzle-kit": "^0.30.4",
 		"drizzle-orm": "0.39.0",
 		"elysia": "^1.2.23",
+		"jose": "^6.0.10",
 		"parjs": "^1.3.9",
 		"pg": "^8.13.3",
 		"sharp": "^0.33.5"

api/src/auth.ts

@@ -1,14 +1,17 @@
-import jwt from "@elysiajs/jwt";
 import Elysia, { t } from "elysia";
-import { createRemoteJWKSet } from "jose";
+import { createRemoteJWKSet, jwtVerify } from "jose";
 
-const jwtSecret = process.env.JWT_SECRET;
+const jwtSecret = process.env.JWT_SECRET
+	? new TextEncoder().encode(process.env.JWT_SECRET)
+	: null;
 const jwks = createRemoteJWKSet(
-	new URL(process.env.AUTH_SERVER ?? "http://auth:4568"),
+	new URL(
+		".well-known/jwks.json",
+		process.env.AUTH_SERVER ?? "http://auth:4568",
+	),
 );
 
 export const auth = new Elysia({ name: "auth" })
-	.use(jwt({ secret: jwtSecret ?? jwks }))
 	.guard({
 		headers: t.Object({
 			authorization: t.String({ pattern: "^Bearer .+$" }),
@@ -18,11 +21,12 @@ export const auth = new Elysia({ name: "auth" })
 		permissions(perms: string[]) {
 			return {
 				beforeHandle: () => {},
-				resolve: async ({ headers: { authorization }, jwt }) => {
-					console.log(authorization?.slice(7));
-					const user = await jwt.verify(authorization?.slice(7));
-					console.log("macro", user);
-					return { user };
+				resolve: async ({ headers: { authorization } }) => {
+					const bearer = authorization?.slice(7);
+					if (!bearer) return { jwt: false };
+					// @ts-expect-error ts can't understand that there's two overload idk why
+					const { payload: jwt } = await jwtVerify(bearer, jwtSecret ?? jwks);
+					return { jwt };
 				},
 			};
 		},

auth/jwt.go

@@ -48,6 +48,7 @@ func (h *Handler) CreateJwt(c echo.Context) error {
 	}()
 
 	claims := maps.Clone(session.User.Claims)
+	claims["username"] = session.User.Username
 	claims["sub"] = session.User.Id.String()
 	claims["sid"] = session.Id.String()
 	claims["iss"] = h.config.PublicUrl