npm - @botfabrik/engine-webclient - Versions diffs - 4.101.3-alpha.0 → 4.101.3-alpha.1 - Mend

@botfabrik/engine-webclient 4.101.3-alpha.0 → 4.101.3-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/auth/index.d.ts +1 -1
package/dist/auth/index.js +14 -10
package/dist/index.js +1 -1
package/dist/requestSessionData.test.js +1 -1
package/package.json +3 -3

package/dist/auth/index.d.ts CHANGED Viewed

@@ -8,4 +8,4 @@ export type AuthenticatedUser = {
 };
 export declare function setUpSamlAuth(bot: BotInstance, auth: Auth, clientName: string, nsp: Namespace): void;
 export declare function storeLoginRequestToken(loginRequestToken: string, socketId: string): void;
-export declare function verifyLoginToken(token: string | undefined, auth: Auth | undefined, logger: Logger): AuthenticatedUser | undefined;
+export declare function verifyLoginToken(token: string | undefined, auth: Auth | undefined, logger: Logger): Promise<AuthenticatedUser | undefined>;

package/dist/auth/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Strategy, } from '@node-saml/passport-saml';
 import express from 'express';
-import { sign, verify } from 'jsonwebtoken';
+import { jwtVerify, SignJWT } from 'jose';
 import passport from 'passport';
 import { renderAuthErrorPage, renderAuthSuccessPage, setAuthPageHeaders, } from './auth-pages.js';
 import { signRelayState, verifyRelayState } from './relay-state.js';
@@ -34,7 +34,7 @@ export function setUpSamlAuth(bot, auth, clientName, nsp) {
         authenticateFn(req, res, next);
     });
     bot.webserver.express.post(callbackUrl, express.urlencoded({ extended: false }), (req, res, next) => {
-        const authenticatorFn = passport.authenticate(strategyName, { session: false }, (err, user) => {
+        const authenticatorFn = passport.authenticate(strategyName, { session: false }, async (err, user) => {
             const lang = getLang(req);
             setAuthPageHeaders(res);
             try {
@@ -52,9 +52,11 @@ export function setUpSamlAuth(bot, auth, clientName, nsp) {
                 if (!user) {
                     return res.status(401).send(renderAuthErrorPage(lang));
                 }
-                const loginToken = sign(user, auth.jwtSecret, {
-                    expiresIn: '1m',
-                });
+                const secret = new TextEncoder().encode(auth.jwtSecret);
+                const loginToken = await new SignJWT(user)
+                    .setProtectedHeader({ alg: 'HS256' })
+                    .setExpirationTime('1m')
+                    .sign(secret);
                 const socket = nsp.sockets.get(socketId);
                 if (socket) {
                     socket.emit('login-success', { loginToken });
@@ -89,14 +91,16 @@ function consumeLoginRequestToken(loginRequestToken) {
     loginTokenCache.delete(loginRequestToken);
     return { socketId: cachedLoginRequest.socketId };
 }
-export function verifyLoginToken(token, auth, logger) {
+export async function verifyLoginToken(token, auth, logger) {
     try {
         if (auth) {
-            const verified = verify(token || '', auth.jwtSecret);
+            const secret = new TextEncoder().encode(auth.jwtSecret);
+            const { payload } = await jwtVerify(token ?? '', secret);
+            const p = payload;
             return {
-                email: verified['email'],
-                firstName: verified['firstName'],
-                lastName: verified['lastName'],
+                email: p.email ?? '',
+                firstName: p.firstName,
+                lastName: p.lastName,
             };
         }
         else {

package/dist/index.js CHANGED Viewed

@@ -127,7 +127,7 @@ const onTerminateSession = (socket, bot) => async ({ sessionId, // passed if the
 };
 const onStartChat = (socket, props, bot, clientName, environment, logger) => async ({ sessionId: sessionIdFromClient, userId: defaultUserId, querystrings, loginToken, }) => {
     try {
-        const authenticatedUser = verifyLoginToken(loginToken, props.auth, logger);
+        const authenticatedUser = await verifyLoginToken(loginToken, props.auth, logger);
         const locale = extractLocale(querystrings, socket.request.headers['accept-language']);
         const sessionsCollection = bot.store.db.collection('sessions');
         const { sessionId, sessionInfo: defaultSessionInfo, isNew, } = await requestSessionData(sessionIdFromClient, querystrings, sessionsCollection, clientName, props);

package/dist/requestSessionData.test.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { describe, expect, it, vi } from 'vitest';
+import { beforeEach, describe, expect, it, vi } from 'vitest';
 import requestSessionData from './requestSessionData.js';
 vi.mock('node:crypto', () => ({
     randomUUID: vi.fn(() => 'some-uuid'),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@botfabrik/engine-webclient",
-  "version": "4.101.3-alpha.0",
+  "version": "4.101.3-alpha.1",
   "description": "Webclient for Botfabriks Bot Engine",
   "type": "module",
   "main": "./dist/index.js",
@@ -39,7 +39,7 @@
     "accept-language-parser": "^1.5.0",
     "express": "^5.1.0",
     "flat": "^6.0.1",
-    "jsonwebtoken": "^9.0.2",
+    "jose": "^6.1.0",
     "passport": "^0.7.0"
   },
   "devDependencies": {
@@ -54,5 +54,5 @@
     "tsx": "^4.20.6",
     "typescript": "5.9.3"
   },
-  "gitHead": "668bb5e26c514e7d091febc092c784db0dd65210"
+  "gitHead": "81a18be3eeb688d543b826c575714a15d9cd08a9"
 }