@amodalai/runtime 0.1.16 → 0.1.17

package/dist/src/utils/jwt-verify.test.js

@@ -1,150 +0,0 @@
-/**
- * @license
- * Copyright 2025 Amodal Labs, Inc.
- * SPDX-License-Identifier: MIT
- */
-import { describe, it, expect, beforeAll, afterAll } from 'vitest';
-import express from 'express';
-import { generateKeyPair, SignJWT, exportJWK, calculateJwkThumbprint } from 'jose';
-import { createJWTVerifier } from './jwt-verify.js';
-describe('jwt-verify', () => {
-    let privateKey;
-    let publicKey;
-    let kid;
-    let jwksServer;
-    let jwksUrl;
-    let verifyJWT;
-    beforeAll(async () => {
-        // Generate key pair for tests
-        const pair = await generateKeyPair('ES256', { extractable: true });
-        privateKey = pair.privateKey;
-        publicKey = pair.publicKey;
-        const publicJwk = await exportJWK(publicKey);
-        kid = await calculateJwkThumbprint(publicJwk);
-        // Start a minimal JWKS server
-        const app = express();
-        app.get('/.well-known/jwks.json', (_req, res) => {
-            res.json({
-                keys: [{ ...publicJwk, kid, alg: 'ES256', use: 'sig' }],
-            });
-        });
-        jwksServer = await new Promise((resolve) => {
-            const s = app.listen(0, '127.0.0.1', () => {
-                resolve(s);
-            });
-        });
-        const addr = jwksServer.address();
-        jwksUrl = `http://127.0.0.1:${addr.port}/.well-known/jwks.json`;
-        verifyJWT = createJWTVerifier({ jwksUrl });
-    });
-    afterAll(async () => {
-        if (jwksServer) {
-            await new Promise((resolve, reject) => {
-                jwksServer.close((err) => {
-                    if (err)
-                        reject(err);
-                    else
-                        resolve();
-                });
-            });
-        }
-    });
-    it('verifies a valid platform JWT', async () => {
-        const token = await new SignJWT({
-            org_id: 'org-1',
-            app_id: 'app-1',
-        })
-            .setProtectedHeader({ alg: 'ES256', kid })
-            .setIssuer('aitize-platform')
-            .setSubject('app-1')
-            .setIssuedAt()
-            .setExpirationTime('1h')
-            .sign(privateKey);
-        const claims = await verifyJWT(token);
-        expect(claims).not.toBeNull();
-        expect(claims?.org_id).toBe('org-1');
-        expect(claims?.app_id).toBe('app-1');
-        expect(claims?.app_id).toBe('app-1');
-    });
-    it('returns null for expired JWT', async () => {
-        const token = await new SignJWT({
-            org_id: 'org-1',
-            app_id: 'app-1',
-        })
-            .setProtectedHeader({ alg: 'ES256', kid })
-            .setIssuer('aitize-platform')
-            .setSubject('app-1')
-            .setIssuedAt(Math.floor(Date.now() / 1000) - 7200)
-            .setExpirationTime(Math.floor(Date.now() / 1000) - 3600)
-            .sign(privateKey);
-        const claims = await verifyJWT(token);
-        expect(claims).toBeNull();
-    });
-    it('returns null for wrong issuer', async () => {
-        const token = await new SignJWT({
-            org_id: 'org-1',
-            app_id: 'app-1',
-        })
-            .setProtectedHeader({ alg: 'ES256', kid })
-            .setIssuer('wrong-issuer')
-            .setSubject('app-1')
-            .setIssuedAt()
-            .setExpirationTime('1h')
-            .sign(privateKey);
-        const claims = await verifyJWT(token);
-        expect(claims).toBeNull();
-    });
-    it('returns null for invalid token', async () => {
-        const claims = await verifyJWT('not-a-jwt');
-        expect(claims).toBeNull();
-    });
-    it('extracts actor from JWT claims when present', async () => {
-        const token = await new SignJWT({
-            org_id: 'org-1',
-            app_id: 'app-1',
-            actor: 'alice@example.com',
-        })
-            .setProtectedHeader({ alg: 'ES256', kid })
-            .setIssuer('aitize-platform')
-            .setSubject('app-1')
-            .setIssuedAt()
-            .setExpirationTime('1h')
-            .sign(privateKey);
-        const claims = await verifyJWT(token);
-        expect(claims).not.toBeNull();
-        expect(claims?.actor).toBe('alice@example.com');
-    });
-    it('omits actor from claims when not in JWT', async () => {
-        const token = await new SignJWT({
-            org_id: 'org-1',
-            app_id: 'app-1',
-        })
-            .setProtectedHeader({ alg: 'ES256', kid })
-            .setIssuer('aitize-platform')
-            .setSubject('app-1')
-            .setIssuedAt()
-            .setExpirationTime('1h')
-            .sign(privateKey);
-        const claims = await verifyJWT(token);
-        expect(claims).not.toBeNull();
-        expect(claims?.actor).toBeUndefined();
-    });
-    it('returns null for JWT signed with different key', async () => {
-        const otherPair = await generateKeyPair('ES256', { extractable: true });
-        const otherJwk = await exportJWK(otherPair.publicKey);
-        const otherKid = await calculateJwkThumbprint(otherJwk);
-        const token = await new SignJWT({
-            org_id: 'org-1',
-            app_id: 'app-1',
-        })
-            .setProtectedHeader({ alg: 'ES256', kid: otherKid })
-            .setIssuer('aitize-platform')
-            .setSubject('app-1')
-            .setIssuedAt()
-            .setExpirationTime('1h')
-            .sign(otherPair.privateKey);
-        const claims = await verifyJWT(token);
-        expect(claims).toBeNull();
-    });
-});
-//# sourceMappingURL=jwt-verify.test.js.map

package/dist/src/utils/jwt-verify.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt-verify.test.js","sourceRoot":"","sources":["../../../src/utils/jwt-verify.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,MAAM,CAAC;AAEnF,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAI,UAAqB,CAAC;IAC1B,IAAI,SAAoB,CAAC;IACzB,IAAI,GAAW,CAAC;IAChB,IAAI,UAAuB,CAAC;IAC5B,IAAI,OAAe,CAAC;IACpB,IAAI,SAA+C,CAAC;IAEpD,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,8BAA8B;QAC9B,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACnE,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAC7B,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAE3B,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;QAC7C,GAAG,GAAG,MAAM,sBAAsB,CAAC,SAAS,CAAC,CAAC;QAE9C,8BAA8B;QAC9B,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAC9C,GAAG,CAAC,IAAI,CAAC;gBACP,IAAI,EAAE,CAAC,EAAE,GAAG,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;aACxD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,UAAU,GAAG,MAAM,IAAI,OAAO,CAAc,CAAC,OAAO,EAAE,EAAE;YACtD,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;gBACxC,OAAO,CAAC,CAAC,CAAC,CAAC;YACb,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,EAAiC,CAAC;QACjE,OAAO,GAAG,oBAAoB,IAAI,CAAC,IAAI,wBAAwB,CAAC;QAChE,SAAS,GAAG,iBAAiB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;QAClB,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1C,UAAU,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACvB,IAAI,GAAG;wBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;wBAChB,OAAO,EAAE,CAAC;gBACjB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC;YAC9B,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,OAAO;SAEhB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;aACzC,SAAS,CAAC,iBAAiB,CAAC;aAC5B,UAAU,CAAC,OAAO,CAAC;aACnB,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC;YAC9B,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,OAAO;SAEhB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;aACzC,SAAS,CAAC,iBAAiB,CAAC;aAC5B,UAAU,CAAC,OAAO,CAAC;aACnB,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;aACjD,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;aACvD,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC;YAC9B,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,OAAO;SAEhB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;aACzC,SAAS,CAAC,cAAc,CAAC;aACzB,UAAU,CAAC,OAAO,CAAC;aACnB,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC;YAC9B,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,OAAO;YAEf,KAAK,EAAE,mBAAmB;SAC3B,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;aACzC,SAAS,CAAC,iBAAiB,CAAC;aAC5B,UAAU,CAAC,OAAO,CAAC;aACnB,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC;YAC9B,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,OAAO;SAEhB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;aACzC,SAAS,CAAC,iBAAiB,CAAC;aAC5B,UAAU,CAAC,OAAO,CAAC;aACnB,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACxE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QAExD,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC;YAC9B,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,OAAO;SAEhB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;aACnD,SAAS,CAAC,iBAAiB,CAAC;aAC5B,UAAU,CAAC,OAAO,CAAC;aACnB,WAAW,EAAE;aACb,iBAAiB,CAAC,IAAI,CAAC;aACvB,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAE9B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}