feat: bun api support 🥟 (#1021)

* chore: update bun lockfile

* feat: backend api bun support, jose used in bun runtime

* fix: add missing await for signPayload call

api/server/controllers/AuthController.js

@@ -4,6 +4,7 @@ const {
   resetPassword,
   setAuthTokens,
 } = require('../services/AuthService');
+const jose = require('jose');
 const jwt = require('jsonwebtoken');
 const Session = require('../../models/Session');
 const User = require('../../models/User');
@@ -76,7 +77,13 @@ const refreshController = async (req, res) => {
   }
 
   try {
-    const payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
+    let payload;
+    if (typeof Bun !== 'undefined') {
+      const secret = new TextEncoder().encode(process.env.JWT_REFRESH_SECRET);
+      ({ payload } = await jose.jwtVerify(refreshToken, secret));
+    } else {
+      payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
+    }
     const userId = payload.id;
     const user = await User.findOne({ _id: userId });
     if (!user) {
@@ -99,7 +106,7 @@ const refreshController = async (req, res) => {
       const token = await setAuthTokens(userId, res, session._id);
       const userObj = user.toJSON();
       res.status(200).send({ token, user: userObj });
-    } else if (payload.exp > Date.now() / 1000) {
+    } else if (payload.exp < Date.now() / 1000) {
       res.status(403).redirect('/login');
     } else {
       res.status(401).send('Refresh token expired or not found for this user');

api/server/index.js

@@ -12,7 +12,7 @@ const { PORT, HOST, ALLOW_SOCIAL_LOGIN } = process.env ?? {};
 const port = Number(PORT) || 3080;
 const host = HOST || 'localhost';
 const projectPath = path.join(__dirname, '..', '..', 'client');
-const { jwtLogin, passportLogin } = require('../strategies');
+const { jwtLogin, joseLogin, passportLogin } = require('../strategies');
 
 const startServer = async () => {
   await connectDb();
@@ -39,7 +39,11 @@ const startServer = async () => {
 
   // OAUTH
   app.use(passport.initialize());
-  passport.use(await jwtLogin());
+  if (typeof Bun !== 'undefined') {
+    passport.use('jwt', await joseLogin());
+  } else {
+    passport.use(await jwtLogin());
+  }
   passport.use(passportLogin());
 
   if (ALLOW_SOCIAL_LOGIN?.toLowerCase() === 'true') {

api/server/services/signPayload.js

@@ -0,0 +1,36 @@
+const jose = require('jose');
+const jwt = require('jsonwebtoken');
+
+/**
+ * Signs a given payload using either the `jose` library (for Bun runtime) or `jsonwebtoken`.
+ *
+ * @async
+ * @function
+ * @param {Object} options - The options for signing the payload.
+ * @param {Object} options.payload - The payload to be signed.
+ * @param {string} options.secret - The secret key used for signing.
+ * @param {number} options.expirationTime - The expiration time in seconds.
+ * @returns {Promise<string>} Returns a promise that resolves to the signed JWT.
+ * @throws {Error} Throws an error if there's an issue during signing.
+ *
+ * @example
+ * const signedPayload = await signPayload({
+ *   payload: { userId: 123 },
+ *   secret: 'my-secret-key',
+ *   expirationTime: 3600
+ * });
+ */
+async function signPayload({ payload, secret, expirationTime }) {
+  if (typeof Bun !== 'undefined') {
+    // this code will only run when the file is run with Bun
+    const encodedSecret = new TextEncoder().encode(secret);
+    return await new jose.SignJWT(payload)
+      .setProtectedHeader({ alg: 'HS256' })
+      .setExpirationTime(expirationTime + 's')
+      .sign(encodedSecret);
+  }
+
+  return jwt.sign(payload, secret, { expiresIn: expirationTime });
+}
+
+module.exports = signPayload;

api/server/utils/removePorts.js

@@ -1 +1 @@
-module.exports = (req) => req.ip.replace(/:\d+[^:]*$/, '');
+module.exports = (req) => req?.ip?.replace(/:\d+[^:]*$/, '');