Add node:crypto JWS signature verification primitive (todo §0)

2026-06-14 18:27:34 +02:00
parent d021fd701e
commit 5020be592a
4 changed files with 201 additions and 1 deletions
--- a/todo.md
+++ b/todo.md
@@ -12,7 +12,7 @@ everything via Docker.
 > real. Hydra/SSO are explicitly *post-MVP*.

 ## 0. Housekeeping / primitives
- [ ] Decide JWT verify approach: `node:crypto` (RS256/ES256 via `createPublicKey({format:"jwk"})`) vs add `jose` — justify if adding.
+- [x] Decide JWT verify approach: `node:crypto` (RS256/ES256 via `createPublicKey({format:"jwk"})`) vs add `jose` — justify if adding. → `node:crypto` (no new dep); `src/jwt.ts` verifies JWS signatures.
 - [ ] Cookie helpers: parse `Cookie` header, build `Set-Cookie` (HttpOnly, Secure, SameSite).
 - [ ] Request context type threaded to handlers: `{ req, res, url, params, query, user|null, roles }`.
 - [ ] Error templates: add 403 + 500 (404 exists).