Create jwt endpoint

functions/api/auth/mobile/token.ts

@@ -0,0 +1,59 @@
+import { jsonError } from "../../../common.js";
+
+export async function onRequestGet(context: RequestContext) {
+  const { current_user: currentUser } = context.data;
+
+  if (!currentUser) return jsonError("Unauthorized", 401);
+
+  const header = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
+
+  const cookies = (context.request.headers.get("cookie") as string).split("; ");
+  const sessionCookie = cookies.find((c) => c.startsWith("_s=")) as string;
+
+  const claimSet = btoa(
+    JSON.stringify({
+      email: currentUser.email,
+      email_verified: true,
+      exp: Math.floor(currentUser.refresh_at / 1000),
+      iat: Math.floor(Date.now() / 1000),
+      iss: "https://carcrushers.cc/auth/mobile/token",
+      jti: sessionCookie.replace("_s=", ""),
+      name: currentUser.username,
+      sub: currentUser.id,
+    }),
+  )
+    .replaceAll("+", "-")
+    .replaceAll("/", "_")
+    .replaceAll("=", "");
+
+  const key = await crypto.subtle.importKey(
+    "raw",
+    // @ts-ignore
+    Uint8Array.from(
+      atob(
+        context.env.JWT_SIGNING_KEY.replaceAll("-", "+").replaceAll("_", "/"),
+      ),
+      (m) => m.codePointAt(0),
+    ),
+    { hash: "SHA-256", name: "HMAC" },
+    false,
+    ["sign"],
+  );
+
+  const signature = await crypto.subtle.sign(
+    "HMAC",
+    key,
+    new TextEncoder().encode(`${header}.${claimSet}`),
+  );
+
+  const encodedSignature = btoa(
+    String.fromCodePoint(...new Uint8Array(signature)),
+  )
+    .replaceAll("+", "-")
+    .replaceAll("/", "_")
+    .replaceAll("=", "");
+
+  return Response.redirect(
+    `com.carcrushers.app://login-callback?assertion=${header}.${claimSet}.${encodedSignature}`,
+  );
+}