@adrper79-dot/auth
Self-managed JWTs using the Web Crypto API (HMAC SHA-256). No external JWT library. Depends on@adrper79-dot/errors and @adrper79-dot/logger.
Installation
API
issueToken(payload, secret, expiresIn?)
Signs and returns a JWT string.
verifyToken(token, secret)
Verifies the signature and expiry. Throws AuthError on failure.
refreshToken(token, secret, expiresIn?)
Verifies the current token and issues a new one with a fresh expiry.
jwtMiddleware(secret)
Hono middleware that extracts Authorization: Bearer <token>, verifies it, and sets c.get('user').
401 with an ErrorResponse body if the token is missing or invalid.
requireRole(role)
Hono middleware that enforces a minimum role level. Must run after jwtMiddleware.
403 if the user’s role is below the required level.