fix

Author: cristaloleg

nodebuilder/node/auth.go

@@ -11,25 +11,35 @@ import (
 
 var SecretName = keystore.KeyName("jwt-secret.jwt")
 
-// secret returns the node's JWT secret if it exists, or generates
-// and saves a new one if it does not.
-func secret(ks keystore.Keystore) (jwt.Signer, error) {
-	// if key already exists, use it
-	if pk, ok := existing(ks); ok {
-		return jwt.NewSignerHS(jwt.HS256, pk)
+// jwtSignerAndVerifier returns the node's JWT signer and verifier for a saved key,
+// or generates and saves a new one if it does not.
+func jwtSignerAndVerifier(ks keystore.Keystore) (jwt.Signer, jwt.Verifier, error) {
+	key, ok := existing(ks)
+	if !ok {
+		// otherwise, generate and save new priv key
+		sk, err := io.ReadAll(io.LimitReader(rand.Reader, 32))
+		if err != nil {
+			return nil, nil, err
+		}
+
+		// save key
+		err = ks.Put(SecretName, keystore.PrivKey{Body: sk})
+		if err != nil {
+			return nil, nil, err
+		}
+		key = sk
 	}
-	// otherwise, generate and save new priv key
-	sk, err := io.ReadAll(io.LimitReader(rand.Reader, 32))
+
+	signer, err := jwt.NewSignerHS(jwt.HS256, key)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	// save key
-	err = ks.Put(SecretName, keystore.PrivKey{Body: sk})
+
+	verifier, err := jwt.NewVerifierHS(jwt.HS256, key)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-
-	return jwt.NewSignerHS(jwt.HS256, sk)
+	return signer, verifier, nil
 }
 
 func existing(ks keystore.Keystore) ([]byte, bool) {