Phase 1: Backend scaffold with Fastify, Prisma, Docker

src/plugins/auth.ts

@@ -0,0 +1,35 @@
+import { FastifyPluginAsync, FastifyRequest } from 'fastify';
+import fp from 'fastify-plugin';
+import * as jose from 'jose';
+import { config } from '../config.js';
+
+declare module 'fastify' {
+  interface FastifyRequest {
+    userId: string;
+  }
+}
+
+const secret = new TextEncoder().encode(config.jwt.secret);
+
+export async function signAccessToken(userId: string): Promise<string> {
+  return new jose.SignJWT({ sub: userId })
+    .setProtectedHeader({ alg: 'HS256' })
+    .setIssuer(config.jwt.issuer)
+    .setIssuedAt()
+    .setExpirationTime(`${config.jwt.accessTtl}s`)
+    .sign(secret);
+}
+
+export async function verifyAccessToken(token: string): Promise<string> {
+  const { payload } = await jose.jwtVerify(token, secret, {
+    issuer: config.jwt.issuer,
+  });
+  if (!payload.sub) throw new Error('Invalid token: missing sub');
+  return payload.sub;
+}
+
+const authPlugin: FastifyPluginAsync = async (fastify) => {
+  fastify.decorateRequest('userId', '');
+};
+
+export default fp(authPlugin, { name: 'auth' });