matrix-builder / web /src /lib /auth-token.ts
ruslanmv
Deploy: metrics + docs (Batch 12)
22b729d
Raw
History Blame Contribute Delete
1.91 kB
// Self-issued HS256 JWT used to authenticate workflow API calls (ADR 0002: Supabase dropped).
//
// The token is read from localStorage ("mb_token") or a build-time env var. The CLI `mb login`
// (Track L2) mints/stores it with the shared MB_JWT_SECRET; the API verifies the same secret.
const STORAGE_KEY = "mb_token";
const USER_KEY = "mb_user";
export type AuthUser = { email?: string | null; name?: string | null; picture?: string | null };
export function getUser(): AuthUser | null {
if (typeof window === "undefined") return null;
const raw = window.localStorage.getItem(USER_KEY);
if (!raw) return null;
try {
return JSON.parse(raw) as AuthUser;
} catch {
return null;
}
}
export const AUTH_EVENT = "mb-auth-changed";
function broadcast(): void {
if (typeof window !== "undefined") window.dispatchEvent(new Event(AUTH_EVENT));
}
export function setSession(token: string, user: AuthUser): void {
if (typeof window === "undefined") return;
window.localStorage.setItem(STORAGE_KEY, token);
window.localStorage.setItem(USER_KEY, JSON.stringify(user));
broadcast();
}
export function clearSession(): void {
if (typeof window === "undefined") return;
window.localStorage.removeItem(STORAGE_KEY);
window.localStorage.removeItem(USER_KEY);
broadcast();
}
export function getAuthToken(): string | null {
if (typeof window !== "undefined") {
const stored = window.localStorage.getItem(STORAGE_KEY);
if (stored) return stored;
}
return process.env.NEXT_PUBLIC_MB_TOKEN ?? null;
}
export function setAuthToken(token: string): void {
if (typeof window !== "undefined") window.localStorage.setItem(STORAGE_KEY, token);
}
export function hasAuthToken(): boolean {
return Boolean(getAuthToken());
}
export function authHeaders(): Record<string, string> {
const token = getAuthToken();
return token ? { authorization: `Bearer ${token}` } : {};
}