fix: use jose for cloudflare compatibility (#20)

packages/bolt/app/lib/.server/sessions.ts

@@ -1,8 +1,8 @@
 import { createCookieSessionStorage, redirect } from '@remix-run/cloudflare';
+import { decodeJwt } from 'jose';
 import { request as doRequest } from '~/lib/fetch';
 import { CLIENT_ID, CLIENT_ORIGIN } from '~/lib/constants';
 import { logger } from '~/utils/logger';
-import { decode } from 'jsonwebtoken';
 
 const DEV_SESSION_SECRET = import.meta.env.DEV ? 'LZQMrERo3Ewn/AbpSYJ9aw==' : undefined;
 
@@ -92,11 +92,9 @@ export async function logout(request: Request, env: Env) {
 }
 
 export function validateAccessToken(access: string) {
-  const jwtPayload = decode(access);
+  const jwtPayload = decodeJwt(access);
 
-  const boltEnabled = typeof jwtPayload === 'object' && jwtPayload != null && jwtPayload.bolt === true;
-
-  return boltEnabled;
+  return jwtPayload.bolt === true;
 }
 
 async function getSession(request: Request, env: Env) {

packages/bolt/package.json

@@ -48,7 +48,7 @@
     "framer-motion": "^11.2.12",
     "isbot": "^4.1.0",
     "istextorbinary": "^9.5.0",
-    "jsonwebtoken": "^9.0.2",
+    "jose": "^5.6.3",
     "nanostores": "^0.10.3",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
@@ -65,7 +65,6 @@
     "@cloudflare/workers-types": "^4.20240620.0",
     "@remix-run/dev": "^2.10.0",
     "@types/diff": "^5.2.1",
-    "@types/jsonwebtoken": "^9.0.6",
     "@types/react": "^18.2.20",
     "@types/react-dom": "^18.2.7",
     "fast-glob": "^3.3.2",