wip: try to fix jwt

Author: AkaraChen

src/api.admin.ts

@@ -21,7 +21,7 @@ declare module "hono" {
 const secret = "my_super_duper_secret_key_for_admin_jwt";
 
 export async function createJWT(payload: JWTPayload): Promise<string> {
-  const jwt = await sign(payload, secret);
+  const jwt = await sign(payload, secret, "HS256");
   return jwt;
 }
 
@@ -35,12 +35,9 @@ export async function verifyJWT(token: string): Promise<JWTPayload | null> {
   }
 }
 
-export function jwtCheck(c: Context, next: MiddlewareHandler) {
-  return jwt({
-    secret,
-    algorithms: ["HS256"],
-  })(c, next);
-}
+// export function jwtCheck(c: Context, next: MiddlewareHandler) {
+//   return
+// }
 
 async function hostFrontendHandler(c: Context): Promise<Response> {
   try {
@@ -141,7 +138,10 @@ export function setupAdminAPIRoutes(
   const app = new Hono();
   app.use(
     "*",
-    jwtCheck,
+    jwt({
+      secret,
+      // algorithms: ["HS256"],
+    }),
   );
 
   setupAPIRoutes(app, dbContext);

src/nanoedge.ts

@@ -12,7 +12,7 @@ import {
   stopAllServices,
 } from "./managers/service-manager.ts";
 import { setupApiRoutes, setupDocsRoutes } from "./api.service.ts";
-import { setupAdminAPIRoutes } from "./api.admin.ts";
+import { createJWT, JWTPayload, setupAdminAPIRoutes } from "./api.admin.ts";
 import { Context } from "hono";
 import openapi from "./openapi.ts";
 import { setupFunctionAPIRoutes } from "./api.function.ts";
@@ -31,6 +31,18 @@ export async function createNanoEdgeRT(
   app.use("*", cors());
   app.use("*", logger());
 
+  // Localhost-only middleware
+  const localhostOnly = async (c: Context, next: () => Promise<void>) => {
+    const clientIP = c.req.header("x-forwarded-for") || c.req.header("x-real-ip") || "127.0.0.1";
+    const allowedIPs = ["127.0.0.1", "::1", "localhost"];
+
+    if (!allowedIPs.includes(clientIP)) {
+      return c.json({ error: "Access denied. Only localhost is allowed." }, 403);
+    }
+
+    await next();
+  };
+
   const status = (c: Context) => {
     const now = new Date();
     const upTimeMs = now.getTime() - new Date(startTime).getTime();
@@ -50,10 +62,43 @@ export async function createNanoEdgeRT(
     });
   };
   app.use("/docs", swaggerUI({ url: "/openapi.json" }));
-  app.get("/openapi.json", (c) => c.json(openapi, 200));
+  app.get("/openapi.json", (c: Context) => c.json(openapi, 200));
   app.get("/health", status);
   app.get("/status", status);
   app.get("/static/*", serveStatic({ root: "./" }));
+
+  // JWT creation API - localhost only
+  app.post("/jwt/create", localhostOnly, async (c: Context) => {
+    try {
+      const body = await c.req.json();
+      const { sub, exp, ...additionalClaims } = body;
+
+      if (!sub || !exp) {
+        return c.json({
+          error: "Missing required fields: 'sub' (subject) and 'exp' (expiration)",
+        }, 400);
+      }
+
+      const payload: JWTPayload = {
+        sub,
+        exp,
+        ...additionalClaims,
+      };
+
+      const token = await createJWT(payload);
+      return c.json({
+        token,
+        payload,
+      }, 200);
+    } catch (error) {
+      console.error("JWT creation error:", error);
+      return c.json({
+        error: "Failed to create JWT",
+        message: error instanceof Error ? error.message : String(error),
+      }, 500);
+    }
+  });
+
   app.route("/api/docs", setupDocsRoutes(serviceManagerState));
   app.route("/api/v2", setupApiRoutes(serviceManagerState));
   app.route("/functions/v2", setupFunctionAPIRoutes(dbContext));