angular security course

Author: Your Name

server/create-user.route.ts

@@ -4,6 +4,7 @@ import {db} from "./database";
 import * as argon2 from 'argon2';
 import {validatePassword} from "./password-validation";
 import moment = require("moment");
+import {createSessionToken} from "./security.utils";
 
 
 
@@ -31,8 +32,7 @@ async function createUserAndSession(res:Response, credentials) {
 
     const user = db.createUser(credentials.email, passwordDigest);
 
-    // TODO replace with JWT
-    const sessionToken = 1;
+    const sessionToken = await createSessionToken(user.id.toString());
 
     res.cookie("SESSIONID", sessionToken, {httpOnly:true, secure:true});
 

server/security.utils.ts

@@ -11,6 +11,7 @@ import * as fs from "fs";
 
 export const randomBytes = util.promisify(crypto.randomBytes);
 
+export const signJwt = util.promisify(jwt.sign);
 
 
 const RSA_PRIVATE_KEY = fs.readFileSync('./demos/private.key');
@@ -20,3 +21,18 @@ const RSA_PUBLIC_KEY = fs.readFileSync('./demos/public.key');
 const SESSION_DURATION = 240;
 
 
+export async function createSessionToken(userId:string) {
+    return signJwt({}, RSA_PRIVATE_KEY, {
+        algorithm: 'RS256',
+        expiresIn: 240,
+        subject: userId
+    });
+}
+
+
+
+
+
+
+
+