@authup/server-kit 1.0.0-beta.24 → 1.0.0-beta.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/dist/crypto/json-web-token/extract.d.ts +6 -1
- package/dist/crypto/json-web-token/extract.d.ts.map +1 -1
- package/dist/crypto/json-web-token/utils.d.ts +2 -2
- package/dist/crypto/json-web-token/utils.d.ts.map +1 -1
- package/dist/crypto/json-web-token/verify/module.d.ts +1 -1
- package/dist/crypto/key/container.d.ts.map +1 -1
- package/dist/crypto/key-asymmetric/create.d.ts.map +1 -1
- package/dist/crypto/key-symmetric/create.d.ts.map +1 -1
- package/dist/index.cjs +35 -23
- package/dist/index.cjs.map +1 -1
- package/dist/index.mjs +36 -24
- package/dist/index.mjs.map +1 -1
- package/dist/services/cache/adapters/memory.d.ts +1 -0
- package/dist/services/cache/adapters/memory.d.ts.map +1 -1
- package/dist/services/cache/adapters/redis.d.ts +1 -0
- package/dist/services/cache/adapters/redis.d.ts.map +1 -1
- package/dist/services/cache/adapters/types.d.ts +1 -0
- package/dist/services/cache/adapters/types.d.ts.map +1 -1
- package/package.json +10 -9
package/LICENSE
CHANGED
|
@@ -186,7 +186,7 @@
|
|
|
186
186
|
same "printed page" as the copyright notice for easier
|
|
187
187
|
identification within third-party archives.
|
|
188
188
|
|
|
189
|
-
Copyright 2021-
|
|
189
|
+
Copyright 2021-2025 Peter Placzek <peter.placzek1996@gmail.com>
|
|
190
190
|
|
|
191
191
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
192
192
|
you may not use this file except in compliance with the License.
|
|
@@ -4,8 +4,13 @@ import type { JWTClaims, JWTHeader } from '@authup/specs';
|
|
|
4
4
|
*
|
|
5
5
|
* @param token
|
|
6
6
|
*
|
|
7
|
-
* @throws
|
|
7
|
+
* @throws JWTError
|
|
8
8
|
*/
|
|
9
9
|
export declare function extractTokenHeader(token: string): JWTHeader;
|
|
10
|
+
/**
|
|
11
|
+
* @param token
|
|
12
|
+
*
|
|
13
|
+
* @throws JWTError
|
|
14
|
+
*/
|
|
10
15
|
export declare function extractTokenPayload(token: string): JWTClaims;
|
|
11
16
|
//# sourceMappingURL=extract.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"extract.d.ts","sourceRoot":"","sources":["../../../src/crypto/json-web-token/extract.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAG1D;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAC9B,KAAK,EAAE,MAAM,GACb,SAAS,CA6BZ;AAED,wBAAgB,mBAAmB,CAC/B,KAAK,EAAE,MAAM,GACb,SAAS,CAeZ"}
|
|
1
|
+
{"version":3,"file":"extract.d.ts","sourceRoot":"","sources":["../../../src/crypto/json-web-token/extract.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAG1D;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAC9B,KAAK,EAAE,MAAM,GACb,SAAS,CA6BZ;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAC/B,KAAK,EAAE,MAAM,GACb,SAAS,CAeZ"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { JWTAlgorithm,
|
|
1
|
+
import { JWTAlgorithm, JWTError } from '@authup/specs';
|
|
2
2
|
import { Algorithm } from '@node-rs/jsonwebtoken';
|
|
3
|
-
export declare function createErrorForJWTError(e: unknown):
|
|
3
|
+
export declare function createErrorForJWTError(e: unknown): JWTError;
|
|
4
4
|
export declare function transformJWTAlgorithmToInternal(algorithm: `${JWTAlgorithm}`): Algorithm;
|
|
5
5
|
export declare function transformInternalToJWTAlgorithm(input: Algorithm): JWTAlgorithm;
|
|
6
6
|
//# sourceMappingURL=utils.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/crypto/json-web-token/utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/crypto/json-web-token/utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAGlD,wBAAgB,sBAAsB,CAAC,CAAC,EAAE,OAAO,GAAI,QAAQ,CA2C5D;AAED,wBAAgB,+BAA+B,CAAC,SAAS,EAAE,GAAG,YAAY,EAAE,GAAI,SAAS,CAsCxF;AAED,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,SAAS,GAAI,YAAY,CA2B/E"}
|
|
@@ -6,7 +6,7 @@ import type { TokenVerifyOptions } from './types';
|
|
|
6
6
|
* @param token
|
|
7
7
|
* @param context
|
|
8
8
|
*
|
|
9
|
-
* @throws
|
|
9
|
+
* @throws OAuth2Error
|
|
10
10
|
*/
|
|
11
11
|
export declare function verifyToken(token: string, context: TokenVerifyOptions): Promise<OAuth2TokenPayload>;
|
|
12
12
|
//# sourceMappingURL=module.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"container.d.ts","sourceRoot":"","sources":["../../../src/crypto/key/container.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"container.d.ts","sourceRoot":"","sources":["../../../src/crypto/key/container.ts"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EAAE,mCAAmC,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAE9F,qBAAa,kBAAkB;IAC3B,SAAS,CAAC,GAAG,EAAG,SAAS,CAAC;gBAEd,SAAS,EAAG,SAAS;IAM3B,aAAa,IAAI,OAAO,CAAC,WAAW,CAAC;IAYrC,YAAY,IAAI,OAAO,CAAC,UAAU,CAAC;IAKnC,QAAQ,IAAK,OAAO,CAAC,MAAM,CAAC;IAK5B,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC;IAcxB,KAAK,IAAK,OAAO,CAAC,UAAU,CAAC;WAMtB,OAAO,CAAC,GAAG,EAAE,mCAAmC,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,kBAAkB,CAAC;WAOtF,UAAU,CACnB,GAAG,EAAE,yBAAyB,CAAC,MAAM,CAAC,GACtC,OAAO,CAAC,kBAAkB,CAAC;WASlB,eAAe,CACxB,GAAG,EAAE,yBAAyB,CAAC,WAAW,CAAC,GAC3C,OAAO,CAAC,kBAAkB,CAAC;CAoBlC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/crypto/key-asymmetric/create.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/crypto/key-asymmetric/create.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,mCAAmC,EAAE,MAAM,SAAS,CAAC;AAEnE,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,mCAAmC,GAAI,OAAO,CAAC,aAAa,CAAC,CAOnH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/crypto/key-symmetric/create.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../src/crypto/key-symmetric/create.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,SAAS,CAAC;AAE9D,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,8BAA8B,GAAI,OAAO,CAAC,SAAS,CAAC,CAQnG"}
|
package/dist/index.cjs
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var bcrypt = require('@node-rs/bcrypt');
|
|
4
|
+
var uncrypto = require('uncrypto');
|
|
4
5
|
var kit = require('@authup/kit');
|
|
5
6
|
var specs = require('@authup/specs');
|
|
6
7
|
var jsonwebtoken = require('@node-rs/jsonwebtoken');
|
|
@@ -145,7 +146,7 @@ function normalizeAsymmetricKeyImportOptions(options) {
|
|
|
145
146
|
|
|
146
147
|
async function createAsymmetricKeyPair(options) {
|
|
147
148
|
const optionsNormalized = normalizeAsymmetricKeyPairCreateOptions(options);
|
|
148
|
-
return
|
|
149
|
+
return uncrypto.subtle.generateKey(optionsNormalized, true, getKeyUsagesForAsymmetricAlgorithm(optionsNormalized.name));
|
|
149
150
|
}
|
|
150
151
|
|
|
151
152
|
/*
|
|
@@ -236,7 +237,7 @@ function getKeyUsagesForSymmetricAlgorithm(name) {
|
|
|
236
237
|
|
|
237
238
|
async function createSymmetricKey(input) {
|
|
238
239
|
const optionsNormalized = normalizeSymmetricKeyCreateOptions(input);
|
|
239
|
-
return
|
|
240
|
+
return uncrypto.subtle.generateKey(optionsNormalized, true, getKeyUsagesForSymmetricAlgorithm(optionsNormalized.name));
|
|
240
241
|
}
|
|
241
242
|
|
|
242
243
|
function getKeyUsagesForAlgorithm(name, format) {
|
|
@@ -253,12 +254,12 @@ class CryptoKeyContainer {
|
|
|
253
254
|
// ----------------------------------------------
|
|
254
255
|
async toArrayBuffer() {
|
|
255
256
|
if (this.key.type === 'private') {
|
|
256
|
-
return
|
|
257
|
+
return uncrypto.subtle.exportKey('pkcs8', this.key);
|
|
257
258
|
}
|
|
258
259
|
if (this.key.type === 'public') {
|
|
259
|
-
return
|
|
260
|
+
return uncrypto.subtle.exportKey('spki', this.key);
|
|
260
261
|
}
|
|
261
|
-
return
|
|
262
|
+
return uncrypto.subtle.exportKey('raw', this.key);
|
|
262
263
|
}
|
|
263
264
|
async toUint8Array() {
|
|
264
265
|
const arrayBuffer = await this.toArrayBuffer();
|
|
@@ -279,7 +280,7 @@ class CryptoKeyContainer {
|
|
|
279
280
|
throw new Error('A symmetric key can not be encoded as PEM');
|
|
280
281
|
}
|
|
281
282
|
async toJWK() {
|
|
282
|
-
return
|
|
283
|
+
return uncrypto.subtle.exportKey('jwk', this.key);
|
|
283
284
|
}
|
|
284
285
|
// ----------------------------------------------
|
|
285
286
|
static async fromPem(ctx) {
|
|
@@ -310,7 +311,7 @@ class CryptoKeyContainer {
|
|
|
310
311
|
} else {
|
|
311
312
|
throw new SyntaxError(`Format ${ctx.format} is not supported.`);
|
|
312
313
|
}
|
|
313
|
-
const cryptoKey = await
|
|
314
|
+
const cryptoKey = await uncrypto.subtle.importKey(ctx.format, ctx.key, normalizedOptions, true, getKeyUsagesForAlgorithm(normalizedOptions.name, ctx.format));
|
|
314
315
|
return new CryptoKeyContainer(cryptoKey);
|
|
315
316
|
}
|
|
316
317
|
constructor(cryptoKey){
|
|
@@ -323,11 +324,11 @@ class CryptoKeyContainer {
|
|
|
323
324
|
*
|
|
324
325
|
* @param token
|
|
325
326
|
*
|
|
326
|
-
* @throws
|
|
327
|
+
* @throws JWTError
|
|
327
328
|
*/ function extractTokenHeader(token) {
|
|
328
329
|
const parts = token.split('.');
|
|
329
330
|
if (parts.length !== 3) {
|
|
330
|
-
throw specs.
|
|
331
|
+
throw specs.JWTError.invalid();
|
|
331
332
|
}
|
|
332
333
|
const [headerBase64] = parts;
|
|
333
334
|
try {
|
|
@@ -346,20 +347,24 @@ class CryptoKeyContainer {
|
|
|
346
347
|
'x5t#S256': header.x5TS256CertThumbprint,
|
|
347
348
|
};
|
|
348
349
|
*/ } catch (e) {
|
|
349
|
-
throw specs.
|
|
350
|
+
throw specs.JWTError.headerInvalid('The token header could not be extracted.');
|
|
350
351
|
}
|
|
351
352
|
}
|
|
352
|
-
|
|
353
|
+
/**
|
|
354
|
+
* @param token
|
|
355
|
+
*
|
|
356
|
+
* @throws JWTError
|
|
357
|
+
*/ function extractTokenPayload(token) {
|
|
353
358
|
const parts = token.split('.');
|
|
354
359
|
if (parts.length !== 3) {
|
|
355
|
-
throw specs.
|
|
360
|
+
throw specs.JWTError.invalid();
|
|
356
361
|
}
|
|
357
362
|
const [, payloadBase64] = parts;
|
|
358
363
|
try {
|
|
359
364
|
const payload = atob(payloadBase64);
|
|
360
365
|
return JSON.parse(payload);
|
|
361
366
|
} catch (e) {
|
|
362
|
-
throw specs.
|
|
367
|
+
throw specs.JWTError.payloadInvalid('The token payload could not be extracted.');
|
|
363
368
|
}
|
|
364
369
|
}
|
|
365
370
|
|
|
@@ -369,19 +374,19 @@ function createErrorForJWTError(e) {
|
|
|
369
374
|
switch(e.name){
|
|
370
375
|
case 'TokenExpiredError':
|
|
371
376
|
{
|
|
372
|
-
return specs.
|
|
377
|
+
return specs.JWTError.expired();
|
|
373
378
|
}
|
|
374
379
|
case 'NotBeforeError':
|
|
375
380
|
{
|
|
376
381
|
if (typeof e.date === 'string' || e.date instanceof Date) {
|
|
377
|
-
return specs.
|
|
382
|
+
return specs.JWTError.notActiveBefore(e.date);
|
|
378
383
|
}
|
|
379
384
|
break;
|
|
380
385
|
}
|
|
381
386
|
case 'JsonWebTokenError':
|
|
382
387
|
{
|
|
383
388
|
if (typeof e.message === 'string') {
|
|
384
|
-
return specs.
|
|
389
|
+
return specs.JWTError.payloadInvalid(e.message);
|
|
385
390
|
}
|
|
386
391
|
break;
|
|
387
392
|
}
|
|
@@ -391,20 +396,20 @@ function createErrorForJWTError(e) {
|
|
|
391
396
|
switch(e.message){
|
|
392
397
|
case 'ExpiredSignature':
|
|
393
398
|
{
|
|
394
|
-
return specs.
|
|
399
|
+
return specs.JWTError.expired();
|
|
395
400
|
}
|
|
396
401
|
case 'ImmatureSignature':
|
|
397
402
|
{
|
|
398
|
-
return specs.
|
|
403
|
+
return specs.JWTError.notActiveBefore();
|
|
399
404
|
}
|
|
400
405
|
case 'InvalidToken':
|
|
401
406
|
case 'InvalidSignature':
|
|
402
407
|
{
|
|
403
|
-
return specs.
|
|
408
|
+
return specs.JWTError.payloadInvalid();
|
|
404
409
|
}
|
|
405
410
|
}
|
|
406
411
|
}
|
|
407
|
-
return new specs.
|
|
412
|
+
return new specs.JWTError({
|
|
408
413
|
cause: e,
|
|
409
414
|
logMessage: true,
|
|
410
415
|
message: 'The JWT error could not be determined.'
|
|
@@ -506,7 +511,7 @@ async function signToken(claims, context) {
|
|
|
506
511
|
});
|
|
507
512
|
}
|
|
508
513
|
}
|
|
509
|
-
throw new specs.
|
|
514
|
+
throw new specs.OAuth2Error();
|
|
510
515
|
}
|
|
511
516
|
|
|
512
517
|
/**
|
|
@@ -515,7 +520,7 @@ async function signToken(claims, context) {
|
|
|
515
520
|
* @param token
|
|
516
521
|
* @param context
|
|
517
522
|
*
|
|
518
|
-
* @throws
|
|
523
|
+
* @throws OAuth2Error
|
|
519
524
|
*/ async function verifyToken(token, context) {
|
|
520
525
|
let promise;
|
|
521
526
|
let output;
|
|
@@ -578,7 +583,7 @@ async function signToken(claims, context) {
|
|
|
578
583
|
throw createErrorForJWTError(e);
|
|
579
584
|
}
|
|
580
585
|
if (typeof output === 'undefined') {
|
|
581
|
-
throw new specs.
|
|
586
|
+
throw new specs.OAuth2Error({
|
|
582
587
|
message: 'Invalid type.'
|
|
583
588
|
});
|
|
584
589
|
}
|
|
@@ -602,6 +607,9 @@ function useRedisClient() {
|
|
|
602
607
|
}
|
|
603
608
|
|
|
604
609
|
class MemoryCacheAdapter {
|
|
610
|
+
async has(key) {
|
|
611
|
+
return this.instance.has(key);
|
|
612
|
+
}
|
|
605
613
|
async get(key) {
|
|
606
614
|
return this.instance.get(key);
|
|
607
615
|
}
|
|
@@ -645,6 +653,10 @@ class RedisCacheAdapter {
|
|
|
645
653
|
async get(key) {
|
|
646
654
|
return this.instance.get(key);
|
|
647
655
|
}
|
|
656
|
+
async has(key) {
|
|
657
|
+
const output = await this.get(key);
|
|
658
|
+
return typeof output !== 'undefined';
|
|
659
|
+
}
|
|
648
660
|
async set(key, value, options) {
|
|
649
661
|
await this.instance.set(key, value, {
|
|
650
662
|
milliseconds: options.ttl
|