v3: follows, notifications, invite-only registration, unread markers

api/lib/jwt.ts

@@ -1,11 +1,38 @@
 import { randomBytes, scrypt } from "node:crypto";
 import { jwtVerify, SignJWT } from "@panva/jose";
 
-import { type AuthPayload, isAuthPayload } from "../model/interfaces.ts";
+import {
+  type AuthPayload,
+  InvitePayload,
+  isAuthPayload,
+  isInvitePayload,
+} from "../model/interfaces.ts";
 
 const JWT_SECRET = "FIXME-gerbeur-dev-env";
 const JWT_KEY = new TextEncoder().encode(JWT_SECRET);
 
+// ── Invite tokens ─────────────────────────────────────────────────────────────
+
+export async function createInviteToken(inviterId: string): Promise<string> {
+  return await new SignJWT({ purpose: "invite", inviterId })
+    .setProtectedHeader({ alg: "HS256" })
+    .setJti(crypto.randomUUID())
+    .setExpirationTime("7d")
+    .sign(JWT_KEY);
+}
+
+export async function verifyInviteToken(
+  token: string,
+): Promise<InvitePayload | null> {
+  try {
+    const { payload } = await jwtVerify(token, JWT_KEY);
+    if (!isInvitePayload(payload)) return null;
+    return payload as InvitePayload;
+  } catch {
+    return null;
+  }
+}
+
 export async function createJWT(
   payload: Omit<AuthPayload, "exp">,
 ): Promise<string> {