@denodeio/seshat 0.0.21 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/build/cjs/dist/mjs/src/index.d.ts +30 -0
  2. package/build/cjs/dist/mjs/src/signer.d.ts +14 -0
  3. package/build/cjs/index.d.js +46 -0
  4. package/build/{index.js → cjs/index.js} +129 -94
  5. package/build/cjs/index.js.map +1 -0
  6. package/build/mjs/dist/mjs/src/index.d.ts +30 -0
  7. package/build/mjs/dist/mjs/src/signer.d.ts +14 -0
  8. package/build/mjs/index.d.ts +46 -0
  9. package/build/{index.d.ts → mjs/index.js} +1 -1
  10. package/package.json +15 -7
  11. package/build/index.js.map +0 -1
package/build/cjs/dist/mjs/src/index.d.ts ADDED
@@ -0,0 +1,30 @@
1
+ /// <reference types="node" />
2
+ type JwsSignature = {
3
+ protected: string;
4
+ header: {
5
+ kid: string;
6
+ };
7
+ signature: string;
8
+ };
9
+ type JwsPayload = {
10
+ payload: string;
11
+ signatures: JwsSignature[];
12
+ };
13
+ type Keychain = {
14
+ algorithm: string;
15
+ value: Buffer;
16
+ };
17
+ type JwtPayload<T> = {
18
+ iss: string;
19
+ exp: number;
20
+ jti: string;
21
+ event: {
22
+ name: string;
23
+ record: T;
24
+ };
25
+ iat: number;
26
+ };
27
+ export * from "./signer";
28
+ export declare const sessionVerifier: (options: any) => (req: any, res: any, next: any) => void;
29
+ export declare const managementSigner: (options: any) => (req: any, res: any, next: any) => void;
30
+ export declare const validateJws: <T>(key: Keychain, input: JwsPayload) => JwtPayload<T> | undefined;
package/build/cjs/dist/mjs/src/signer.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ type SignJwsResponse = {
2
+ payload: string;
3
+ signatures: {
4
+ protected: string;
5
+ header: {
6
+ kid: string;
7
+ };
8
+ signature: string;
9
+ }[];
10
+ };
11
+ export declare function signJws(payload: string, options: any): SignJwsResponse;
12
+ export declare function signPayload(payload: any, options: any): string;
13
+ export declare function signData(payload: object, options: any): SignJwsResponse;
14
+ export {};
package/build/cjs/index.d.js ADDED
@@ -0,0 +1,46 @@
1
+ /// <reference types="node" />
2
+ type SignJwsResponse = {
3
+ payload: string;
4
+ signatures: {
5
+ protected: string;
6
+ header: {
7
+ kid: string;
8
+ };
9
+ signature: string;
10
+ }[];
11
+ };
12
+ declare function signJws(payload: string, options: any): SignJwsResponse;
13
+ declare function signPayload(payload: any, options: any): string;
14
+ declare function signData(payload: object, options: any): SignJwsResponse;
15
+
16
+ type JwsSignature = {
17
+ protected: string;
18
+ header: {
19
+ kid: string;
20
+ };
21
+ signature: string;
22
+ };
23
+ type JwsPayload = {
24
+ payload: string;
25
+ signatures: JwsSignature[];
26
+ };
27
+ type Keychain = {
28
+ algorithm: string;
29
+ value: Buffer;
30
+ };
31
+ type JwtPayload<T> = {
32
+ iss: string;
33
+ exp: number;
34
+ jti: string;
35
+ event: {
36
+ name: string;
37
+ record: T;
38
+ };
39
+ iat: number;
40
+ };
41
+
42
+ declare const sessionVerifier: (options: any) => (req: any, res: any, next: any) => void;
43
+ declare const managementSigner: (options: any) => (req: any, res: any, next: any) => void;
44
+ declare const validateJws: <T>(key: Keychain, input: JwsPayload) => JwtPayload<T> | undefined;
45
+
46
+ export { managementSigner, sessionVerifier, signData, signJws, signPayload, validateJws };
package/build/{index.js → cjs/index.js} RENAMED
@@ -5,10 +5,14 @@ var require$$3 = require('stream');
5
5
  var require$$5 = require('util');
6
6
  var require$$2 = require('crypto');
7
7
 
8
+ var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
9
+
8
10
  function getDefaultExportFromCjs (x) {
9
11
  return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
10
12
  }
11
13
 
14
+ var src = {};
15
+
12
16
  var jws$3 = {};
13
17
 
14
18
  var safeBuffer = {exports: {}};
@@ -6459,8 +6463,12 @@ var jsonwebtoken = {
6459
6463
  TokenExpiredError: TokenExpiredError_1,
6460
6464
  };
6461
6465
 
6462
- var jwt = /*@__PURE__*/getDefaultExportFromCjs(jsonwebtoken);
6466
+ var signer = {};
6463
6467
 
6468
+ Object.defineProperty(signer, "__esModule", { value: true });
6469
+ signer.signData = signer.signPayload = signer.signJws = void 0;
6470
+ const jsonwebtoken_1 = jsonwebtoken;
6471
+ const crypto_1 = require$$2;
6464
6472
  // export type CSignOptions = {
6465
6473
  // privateKey: Secret
6466
6474
  // jwtExpirySeconds: number
@@ -6485,6 +6493,7 @@ function signJws(payload, options) {
6485
6493
  };
6486
6494
  return requestParams;
6487
6495
  }
6496
+ signer.signJws = signJws;
6488
6497
  function signPayload(payload, options) {
6489
6498
  const defaultOptions = {
6490
6499
  jwtAlgorithm: "RS256",
@@ -6494,111 +6503,137 @@ function signPayload(payload, options) {
6494
6503
  ...defaultOptions,
6495
6504
  ...options
6496
6505
  };
6497
- const token = jwt.sign({
6506
+ const token = (0, jsonwebtoken_1.sign)({
6498
6507
  iss: options.issuer,
6499
6508
  exp: Math.round(Date.now() / 1000) + mergedOptions.jwtExpireSeconds,
6500
- jti: require$$2.randomUUID(),
6509
+ jti: (0, crypto_1.randomUUID)(),
6501
6510
  ...payload
6502
6511
  }, mergedOptions.privateKey, {
6503
6512
  algorithm: mergedOptions.jwtAlgorithm
6504
6513
  });
6505
6514
  return token;
6506
6515
  }
6516
+ signer.signPayload = signPayload;
6507
6517
  function signData(payload, options) {
6508
6518
  const signedPayload = signPayload(payload, options);
6509
6519
  return signJws(signedPayload, options);
6510
6520
  }
6521
+ signer.signData = signData;
6522
+
6523
+ (function (exports) {
6524
+ var __createBinding = (commonjsGlobal && commonjsGlobal.__createBinding) || (Object.create ? (function(o, m, k, k2) {
6525
+ if (k2 === undefined) k2 = k;
6526
+ var desc = Object.getOwnPropertyDescriptor(m, k);
6527
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6528
+ desc = { enumerable: true, get: function() { return m[k]; } };
6529
+ }
6530
+ Object.defineProperty(o, k2, desc);
6531
+ }) : (function(o, m, k, k2) {
6532
+ if (k2 === undefined) k2 = k;
6533
+ o[k2] = m[k];
6534
+ }));
6535
+ var __exportStar = (commonjsGlobal && commonjsGlobal.__exportStar) || function(m, exports) {
6536
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
6537
+ };
6538
+ var __importDefault = (commonjsGlobal && commonjsGlobal.__importDefault) || function (mod) {
6539
+ return (mod && mod.__esModule) ? mod : { "default": mod };
6540
+ };
6541
+ Object.defineProperty(exports, "__esModule", { value: true });
6542
+ exports.validateJws = exports.managementSigner = exports.sessionVerifier = void 0;
6543
+ const jsonwebtoken_1 = __importDefault(jsonwebtoken);
6544
+ const signer_1 = signer;
6545
+ __exportStar(signer, exports);
6546
+ const sessionVerifier = function (options) {
6547
+ if (!options || !options.barongJwtPublicKey) {
6548
+ throw new Error("Barong JWT Public key should be set");
6549
+ }
6550
+ const barongJwtPublicKey = options.barongJwtPublicKey;
6551
+ const defaultOptions = {
6552
+ algorithms: ["RS256"],
6553
+ issuer: "auth"
6554
+ };
6555
+ const verificationOptions = { ...defaultOptions, ...options };
6556
+ const middleware = function (req, res, next) {
6557
+ let authHeader;
6558
+ try {
6559
+ authHeader = req.headers.authorization.split("Bearer ")[1];
6560
+ }
6561
+ catch (error) {
6562
+ res.status(401);
6563
+ res.send("Signature verification raised: Authorization header is missing or malformed");
6564
+ return;
6565
+ }
6566
+ try {
6567
+ req.session = jsonwebtoken_1.default.verify(authHeader, barongJwtPublicKey, verificationOptions);
6568
+ }
6569
+ catch (error) {
6570
+ res.status(403);
6571
+ res.send(`Signature verification raised: ${error}`);
6572
+ return;
6573
+ }
6574
+ next();
6575
+ };
6576
+ return middleware;
6577
+ };
6578
+ exports.sessionVerifier = sessionVerifier;
6579
+ const managementSigner = function (options) {
6580
+ if (!options.privateKey)
6581
+ throw new Error("Application's private key should be set");
6582
+ const middleware = function (req, res, next) {
6583
+ if (!req.management.payload)
6584
+ console.error("No payload to be signed");
6585
+ const payload = req.management.payload;
6586
+ let signedPayload;
6587
+ try {
6588
+ signedPayload = (0, signer_1.signPayload)(payload, options);
6589
+ }
6590
+ catch (error) {
6591
+ res.status(403);
6592
+ res.send(`Unable to sign payload: ${error}`);
6593
+ return;
6594
+ }
6595
+ try {
6596
+ req.body = (0, signer_1.signJws)(signedPayload, options);
6597
+ }
6598
+ catch (error) {
6599
+ res.status(403);
6600
+ res.send(`Unable to correctly format signed payload: ${error}`);
6601
+ }
6602
+ next();
6603
+ };
6604
+ return middleware;
6605
+ };
6606
+ exports.managementSigner = managementSigner;
6607
+ const base64Decode = (base64) => {
6608
+ return Buffer.from(base64, "base64").toString("utf8");
6609
+ };
6610
+ const parseProtectedHeader = (protectedHeader) => {
6611
+ return JSON.parse(base64Decode(protectedHeader));
6612
+ };
6613
+ const validateJws = (key, input) => {
6614
+ for (const signature of input.signatures) {
6615
+ const decodedProtectedHeader = parseProtectedHeader(signature.protected);
6616
+ if (key === undefined) {
6617
+ throw new Error("Invalid key");
6618
+ }
6619
+ if (key.algorithm !== decodedProtectedHeader.alg) {
6620
+ throw new Error("Algorithm mismatch");
6621
+ }
6622
+ try {
6623
+ const verified = jsonwebtoken_1.default.verify(`${signature.protected}.${input.payload}.${signature.signature}`, key.value,
6624
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
6625
+ { algorithms: [key.algorithm] });
6626
+ return verified;
6627
+ }
6628
+ catch (error) {
6629
+ return undefined;
6630
+ }
6631
+ }
6632
+ };
6633
+ exports.validateJws = validateJws;
6634
+ } (src));
6511
6635
 
6512
- const sessionVerifier = function (options) {
6513
- if (!options || !options.barongJwtPublicKey) {
6514
- throw new Error("Barong JWT Public key should be set");
6515
- }
6516
- const barongJwtPublicKey = options.barongJwtPublicKey;
6517
- const defaultOptions = {
6518
- algorithms: ["RS256"],
6519
- issuer: "auth"
6520
- };
6521
- const verificationOptions = { ...defaultOptions, ...options };
6522
- const middleware = function (req, res, next) {
6523
- let authHeader;
6524
- try {
6525
- authHeader = req.headers.authorization.split("Bearer ")[1];
6526
- }
6527
- catch (error) {
6528
- res.status(401);
6529
- res.send("Signature verification raised: Authorization header is missing or malformed");
6530
- return;
6531
- }
6532
- try {
6533
- req.session = jwt.verify(authHeader, barongJwtPublicKey, verificationOptions);
6534
- }
6535
- catch (error) {
6536
- res.status(403);
6537
- res.send(`Signature verification raised: ${error}`);
6538
- return;
6539
- }
6540
- next();
6541
- };
6542
- return middleware;
6543
- };
6544
- const managementSigner = function (options) {
6545
- if (!options.privateKey)
6546
- throw new Error("Application's private key should be set");
6547
- const middleware = function (req, res, next) {
6548
- if (!req.management.payload)
6549
- console.error("No payload to be signed");
6550
- const payload = req.management.payload;
6551
- let signedPayload;
6552
- try {
6553
- signedPayload = signPayload(payload, options);
6554
- }
6555
- catch (error) {
6556
- res.status(403);
6557
- res.send(`Unable to sign payload: ${error}`);
6558
- return;
6559
- }
6560
- try {
6561
- req.body = signJws(signedPayload, options);
6562
- }
6563
- catch (error) {
6564
- res.status(403);
6565
- res.send(`Unable to correctly format signed payload: ${error}`);
6566
- }
6567
- next();
6568
- };
6569
- return middleware;
6570
- };
6571
- const base64Decode = (base64) => {
6572
- return Buffer.from(base64, "base64").toString("utf8");
6573
- };
6574
- const parseProtectedHeader = (protectedHeader) => {
6575
- return JSON.parse(base64Decode(protectedHeader));
6576
- };
6577
- const validateJws = (key, input) => {
6578
- for (const signature of input.signatures) {
6579
- const decodedProtectedHeader = parseProtectedHeader(signature.protected);
6580
- if (key === undefined) {
6581
- throw new Error("Invalid key");
6582
- }
6583
- if (key.algorithm !== decodedProtectedHeader.alg) {
6584
- throw new Error("Algorithm mismatch");
6585
- }
6586
- try {
6587
- const verified = jwt.verify(`${signature.protected}.${input.payload}.${signature.signature}`, key.value,
6588
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
6589
- { algorithms: [key.algorithm] });
6590
- return verified;
6591
- }
6592
- catch (error) {
6593
- return undefined;
6594
- }
6595
- }
6596
- };
6636
+ var index = /*@__PURE__*/getDefaultExportFromCjs(src);
6597
6637
 
6598
- exports.managementSigner = managementSigner;
6599
- exports.sessionVerifier = sessionVerifier;
6600
- exports.signData = signData;
6601
- exports.signJws = signJws;
6602
- exports.signPayload = signPayload;
6603
- exports.validateJws = validateJws;
6638
+ module.exports = index;
6604
6639
  //# sourceMappingURL=index.js.map