67 lines
1.8 KiB
TypeScript
67 lines
1.8 KiB
TypeScript
/**
|
|
* Connection token utilities for RemoteIngress edge connections.
|
|
* A token is a base64url-encoded compact JSON object carrying hub connection details.
|
|
*/
|
|
|
|
export interface IConnectionTokenData {
|
|
hubHost: string;
|
|
hubPort: number;
|
|
edgeId: string;
|
|
secret: string;
|
|
}
|
|
|
|
/**
|
|
* Encode connection data into a single opaque token string (base64url).
|
|
*/
|
|
export function encodeConnectionToken(data: IConnectionTokenData): string {
|
|
const compact = JSON.stringify({
|
|
h: data.hubHost,
|
|
p: data.hubPort,
|
|
e: data.edgeId,
|
|
s: data.secret,
|
|
});
|
|
// base64url: standard base64 with + → -, / → _, trailing = stripped
|
|
return Buffer.from(compact, 'utf-8')
|
|
.toString('base64')
|
|
.replace(/\+/g, '-')
|
|
.replace(/\//g, '_')
|
|
.replace(/=+$/, '');
|
|
}
|
|
|
|
/**
|
|
* Decode a connection token back into its constituent fields.
|
|
* Throws on malformed or incomplete tokens.
|
|
*/
|
|
export function decodeConnectionToken(token: string): IConnectionTokenData {
|
|
let parsed: { h?: unknown; p?: unknown; e?: unknown; s?: unknown };
|
|
try {
|
|
// Restore standard base64 from base64url
|
|
let base64 = token.replace(/-/g, '+').replace(/_/g, '/');
|
|
// Re-add padding
|
|
const remainder = base64.length % 4;
|
|
if (remainder === 2) base64 += '==';
|
|
else if (remainder === 3) base64 += '=';
|
|
|
|
const json = Buffer.from(base64, 'base64').toString('utf-8');
|
|
parsed = JSON.parse(json);
|
|
} catch {
|
|
throw new Error('Invalid connection token');
|
|
}
|
|
|
|
if (
|
|
typeof parsed.h !== 'string' ||
|
|
typeof parsed.p !== 'number' ||
|
|
typeof parsed.e !== 'string' ||
|
|
typeof parsed.s !== 'string'
|
|
) {
|
|
throw new Error('Invalid connection token: missing required fields');
|
|
}
|
|
|
|
return {
|
|
hubHost: parsed.h,
|
|
hubPort: parsed.p,
|
|
edgeId: parsed.e,
|
|
secret: parsed.s,
|
|
};
|
|
}
|