Switch to jwks instead of custom /info

api/src/auth.ts

@@ -1,20 +1,14 @@
 import jwt from "@elysiajs/jwt";
 import Elysia, { t } from "elysia";
+import { createRemoteJWKSet } from "jose";
 
-export let jwtSecret = process.env.JWT_SECRET!;
-if (!jwtSecret) {
-	const auth = process.env.AUTH_SERVER ?? "http://auth:4568/auth";
-	try {
-		const ret = await fetch(`${auth}/info`);
-		const info = await ret.json();
-		jwtSecret = info.publicKey;
-	} catch (error) {
-		console.error(`Can't access auth server at ${auth}:\n${error}`);
-	}
-}
+const jwtSecret = process.env.JWT_SECRET;
+const jwks = createRemoteJWKSet(
+	new URL(process.env.AUTH_SERVER ?? "http://auth:4568"),
+);
 
 export const auth = new Elysia({ name: "auth" })
-	.use(jwt({ secret: jwtSecret }))
+	.use(jwt({ secret: jwtSecret ?? jwks }))
 	.guard({
 		headers: t.Object({
 			authorization: t.String({ pattern: "^Bearer .+$" }),
@@ -25,7 +19,7 @@ export const auth = new Elysia({ name: "auth" })
 			return {
 				beforeHandle: () => {},
 				resolve: async ({ headers: { authorization }, jwt }) => {
-					console.log(authorization.slice(7));
+					console.log(authorization?.slice(7));
 					const user = await jwt.verify(authorization?.slice(7));
 					console.log("macro", user);
 					return { user };

api/src/index.ts

@@ -1,5 +1,4 @@
 import { swagger } from "@elysiajs/swagger";
-import { jwtSecret } from "./auth";
 import { app } from "./base";
 import { processImages } from "./controllers/seed/images";
 import { migrate } from "./db";
@@ -7,11 +6,6 @@ import { comment } from "./utils";
 
 await migrate();
 
-if (!jwtSecret) {
-	console.error("Missing jwt secret or auth server. exiting");
-	process.exit(1);
-}
-
 // run image processor task in background
 processImages();