Initial MRP foundation scaffold

server/src/lib/auth.ts

@@ -0,0 +1,27 @@
+import type { AuthUser } from "@mrp/shared";
+import jwt from "jsonwebtoken";
+
+import { env } from "../config/env.js";
+
+interface AuthTokenPayload {
+  sub: string;
+  email: string;
+  permissions: string[];
+}
+
+export function signToken(user: AuthUser) {
+  return jwt.sign(
+    {
+      sub: user.id,
+      email: user.email,
+      permissions: user.permissions,
+    } satisfies AuthTokenPayload,
+    env.JWT_SECRET,
+    { expiresIn: "12h" }
+  );
+}
+
+export function verifyToken(token: string) {
+  return jwt.verify(token, env.JWT_SECRET) as AuthTokenPayload;
+}
+