ccopeland/red
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(07-01): add createAgentDownloadToken and verifyAgentDownloadToken

Browse Source 
- Appends two new exports to token.ts (existing exports untouched)
- purpose: 'agent-download', 5-min TTL, no DB record
- Mirrors existing createDownloadToken/verifyDownloadToken pattern
This commit is contained in:
Chandler Copeland
2026-03-21 10:33:53 -06:00
parent 9fe7936304
commit cd4cb75b60
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
teressa-copeland-homes/src/lib/signing/token.ts
View File

@@ -46,3 +46,19 @@ export async function verifyDownloadToken(token: string): Promise<{ documentId:
if (payload['purpose'] !== 'download') throw new Error('Not a download token'); if (payload['purpose'] !== 'download') throw new Error('Not a download token');
return { documentId: payload['documentId'] as string }; return { documentId: payload['documentId'] as string };
} }
// Agent download token — purpose: 'agent-download', 5-min TTL, no DB record
// Generated server-side only (server component or API route). Never in a client component.
export async function createAgentDownloadToken(documentId: string): Promise<string> {
return await new SignJWT({ documentId, purpose: 'agent-download' })
.setProtectedHeader({ alg: 'HS256' })
.setIssuedAt()
.setExpirationTime('5m')
.sign(getSecret());
}
export async function verifyAgentDownloadToken(token: string): Promise<{ documentId: string }> {
const { payload } = await jwtVerify(token, getSecret());
if (payload['purpose'] !== 'agent-download') throw new Error('Not an agent download token');
return { documentId: payload['documentId'] as string };
}