feat: Use persisted access tokens for authentication

packages/backend/src/helpers/create-auth-token-by-user-id.js

@@ -1,10 +1,16 @@
-import jwt from 'jsonwebtoken';
-import appConfig from '../config/app.js';
+import crypto from 'crypto';
+import User from '../models/user.js';
+import AccessToken from '../models/access-token.js';
 
-const TOKEN_EXPIRES_IN = '14d';
+const TOKEN_EXPIRES_IN = 14 * 24 * 60 * 60; // 14 days in seconds
 
-const createAuthTokenByUserId = (userId) => {
-  const token = jwt.sign({ userId }, appConfig.appSecretKey, {
+const createAuthTokenByUserId = async (userId) => {
+  const user = await User.query().findById(userId).throwIfNotFound();
+  const token = await crypto.randomBytes(48).toString('hex');
+
+  await AccessToken.query().insert({
+    token,
+    userId: user.id,
     expiresIn: TOKEN_EXPIRES_IN,
   });