Phase 1-2 of server consolidation + security hardening

2026-05-23 17:27:22 -04:00
parent 36f23b527e
commit 1ab14ba45f
46 changed files with 1103 additions and 6826 deletions
@@ -0,0 +1,37 @@
+import jwt from 'jsonwebtoken';
+
+export class TokenError extends Error {
+  constructor(message, code) {
+    super(message);
+    this.name = 'TokenError';
+    this.code = code;
+  }
+}
+
+export function extractBearerToken(authorizationHeader) {
+  if (!authorizationHeader || typeof authorizationHeader !== 'string') {
+    throw new TokenError('No token provided', 'missing');
+  }
+  if (!authorizationHeader.startsWith('Bearer ')) {
+    throw new TokenError('Malformed Authorization header', 'malformed');
+  }
+  const token = authorizationHeader.slice(7).trim();
+  if (!token) {
+    throw new TokenError('Empty bearer token', 'malformed');
+  }
+  return token;
+}
+
+export function verifyToken(token, secret) {
+  if (!secret) {
+    throw new TokenError('JWT_SECRET not configured', 'misconfigured');
+  }
+  try {
+    return jwt.verify(token, secret);
+  } catch (err) {
+    if (err.name === 'TokenExpiredError') {
+      throw new TokenError('Token expired', 'expired');
+    }
+    throw new TokenError('Invalid token', 'invalid');
+  }
+}