various changes

src/utils/jwt.js

@@ -0,0 +1,41 @@
+import jwt from 'jsonwebtoken';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+const secretFilePath = path.join(
+  os.homedir(),
+  '.config',
+  'api_jwt_keys.json'
+);
+
+// Load and parse keys JSON once at startup
+const keyFileData = JSON.parse(fs.readFileSync(secretFilePath, 'utf-8'));
+
+export function verifyToken(token) {
+  if (!token) {
+    return null;
+  }
+
+  try {
+    const decoded = jwt.decode(token, { complete: true });
+    if (!decoded?.header?.kid) {
+      throw new Error('No kid in token header');
+    }
+
+    const kid = decoded.header.kid;
+    const key = keyFileData.keys[kid];
+
+    if (!key) {
+      throw new Error(`Unknown kid: ${kid}`);
+    }
+
+    // Verify using the correct key and HS256 algo
+    const payload = jwt.verify(token, key, { algorithms: ['HS256'] });
+    return payload;
+
+  } catch (error) {
+    console.error('JWT verification failed:', error.message);
+    return null;
+  }
+}