npm - @denodeio/seshat - Versions diffs - 0.0.33 → 0.0.34 - Mend

@denodeio/seshat 0.0.33 → 0.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/build/cjs/dist/mjs/src/index.d.ts +3 -35
package/build/cjs/dist/mjs/src/middleware/index.d.ts +9 -0
package/build/cjs/dist/mjs/src/types.d.ts +6 -0
package/build/cjs/dist/mjs/src/utils.d.ts +7 -0
package/build/cjs/dist/mjs/src/validate.d.ts +28 -0
package/build/cjs/index.d.ts +20 -14
package/build/cjs/index.js +180 -102
package/build/cjs/index.js.map +1 -1
package/build/mjs/dist/mjs/src/index.d.ts +3 -35
package/build/mjs/dist/mjs/src/middleware/index.d.ts +9 -0
package/build/mjs/dist/mjs/src/types.d.ts +6 -0
package/build/mjs/dist/mjs/src/utils.d.ts +7 -0
package/build/mjs/dist/mjs/src/validate.d.ts +28 -0
package/build/mjs/index.d.ts +20 -14
package/build/mjs/index.js +83 -36
package/build/mjs/index.js.map +1 -1
package/package.json +1 -1

package/build/mjs/dist/mjs/src/index.d.ts CHANGED Viewed

@@ -1,36 +1,4 @@
-import { PublicKey, Secret } from "jsonwebtoken";
-type JwsSignature = {
-    protected: string;
-    header: {
-        kid: string;
-    };
-    signature: string;
-};
-type JwsPayload = {
-    payload: string;
-    signatures: JwsSignature[];
-};
-export type Keychain = {
-    algorithm: string;
-    value: Secret | PublicKey;
-};
-type JwtPayload<T> = {
-    iss: string;
-    exp: number;
-    jti: string;
-    event: {
-        name: string;
-        record: T;
-    };
-    iat: number;
-};
+export * from "./middleware";
 export * from "./signer";
-type OptionsInput = {
-    fieldName?: string;
-    barongJwtPublicKey?: string;
-    jwtPublicKey?: string;
-    issuer?: string;
-};
-export declare const sessionVerifier: (options: OptionsInput) => (req: any, res: any, next: any) => void;
-export declare const managementSigner: (options: any) => (req: any, res: any, next: any) => void;
-export declare const validateJws: <T>(key: Keychain, input: JwsPayload) => JwtPayload<T> | undefined;
+export * from "./validate";
+export * from "./types";

package/build/mjs/dist/mjs/src/middleware/index.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export declare const managementSigner: (options: any) => (req: any, res: any, next: any) => void;
+type OptionsInput = {
+    fieldName?: string;
+    barongJwtPublicKey?: string;
+    jwtPublicKey?: string;
+    issuer?: string;
+};
+export declare const sessionVerifier: (options: OptionsInput) => (req: any, res: any, next: any) => void;
+export {};

package/build/mjs/dist/mjs/src/types.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { PublicKey, Secret } from "jsonwebtoken";
+export type Key = {
+    algorithm: string;
+    value: Secret | PublicKey;
+};
+export type Keychain = Map<string, Key>;

package/build/mjs/dist/mjs/src/utils.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+type ProtectedHeader = {
+    alg: string;
+    typ: string;
+};
+export declare const base64Decode: (base64: string) => string;
+export declare const parseProtectedHeader: (protectedHeader: string) => ProtectedHeader;
+export {};

package/build/mjs/dist/mjs/src/validate.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { Key, Keychain } from "./types";
+type JwsSignature = {
+    protected: string;
+    header: {
+        kid: string;
+    };
+    signature: string;
+};
+type JwsPayload = {
+    payload: string;
+    signatures: JwsSignature[];
+};
+type JwtPayload<T> = {
+    iss: string;
+    exp: number;
+    jti: string;
+    event: {
+        name: string;
+        record: T;
+    };
+    iat: number;
+};
+export declare const validateJws: <T>(key: Key, input: JwsPayload) => JwtPayload<T> | undefined;
+export declare const validateJwsMultisig: <T>(keychain: Keychain, input: JwsPayload) => {
+    verified: string[];
+    unverified: string[];
+};
+export {};

package/build/mjs/index.d.ts CHANGED Viewed

@@ -1,5 +1,14 @@
 import { Secret, PublicKey } from 'jsonwebtoken';
+declare const managementSigner: (options: any) => (req: any, res: any, next: any) => void;
+type OptionsInput = {
+    fieldName?: string;
+    barongJwtPublicKey?: string;
+    jwtPublicKey?: string;
+    issuer?: string;
+};
+declare const sessionVerifier: (options: OptionsInput) => (req: any, res: any, next: any) => void;
 type SignJwsResponse = {
     payload: string;
     signatures: {
@@ -14,6 +23,12 @@ declare function signJws(payload: string, options: any): SignJwsResponse;
 declare function signPayload(payload: any, options: any): string;
 declare function signData(payload: object, options: any): SignJwsResponse;
+type Key = {
+    algorithm: string;
+    value: Secret | PublicKey;
+};
+type Keychain = Map<string, Key>;
 type JwsSignature = {
     protected: string;
     header: {
@@ -25,10 +40,6 @@ type JwsPayload = {
     payload: string;
     signatures: JwsSignature[];
 };
-type Keychain = {
-    algorithm: string;
-    value: Secret | PublicKey;
-};
 type JwtPayload<T> = {
     iss: string;
     exp: number;
@@ -39,15 +50,10 @@ type JwtPayload<T> = {
     };
     iat: number;
 };
-type OptionsInput = {
-    fieldName?: string;
-    barongJwtPublicKey?: string;
-    jwtPublicKey?: string;
-    issuer?: string;
+declare const validateJws: <T>(key: Key, input: JwsPayload) => JwtPayload<T> | undefined;
+declare const validateJwsMultisig: <T>(keychain: Keychain, input: JwsPayload) => {
+    verified: string[];
+    unverified: string[];
 };
-declare const sessionVerifier: (options: OptionsInput) => (req: any, res: any, next: any) => void;
-declare const managementSigner: (options: any) => (req: any, res: any, next: any) => void;
-declare const validateJws: <T>(key: Keychain, input: JwsPayload) => JwtPayload<T> | undefined;
-export { type Keychain, managementSigner, sessionVerifier, signData, signJws, signPayload, validateJws };
+export { type Key, type Keychain, managementSigner, sessionVerifier, signData, signJws, signPayload, validateJws, validateJwsMultisig };

package/build/mjs/index.js CHANGED Viewed

@@ -6507,6 +6507,33 @@ function signData(payload, options) {
     return signJws(signedPayload, options);
 }
+const managementSigner = function (options) {
+    if (!options.privateKey)
+        throw new Error("Application's private key should be set");
+    const middleware = function (req, res, next) {
+        if (!req.management.payload)
+            console.error("No payload to be signed");
+        const payload = req.management.payload;
+        let signedPayload;
+        try {
+            signedPayload = signPayload(payload, options);
+        }
+        catch (error) {
+            res.status(403);
+            res.send(`Unable to sign payload: ${error}`);
+            return;
+        }
+        try {
+            req.body = signJws(signedPayload, options);
+        }
+        catch (error) {
+            res.status(403);
+            res.send(`Unable to correctly format signed payload: ${error}`);
+        }
+        next();
+    };
+    return middleware;
+};
 const sessionVerifier = function (options) {
     const { fieldName = "session", ...actualOptions } = options;
     if (!options || (!options.barongJwtPublicKey && !options.jwtPublicKey)) {
@@ -6543,39 +6570,14 @@ const sessionVerifier = function (options) {
     };
     return middleware;
 };
-const managementSigner = function (options) {
-    if (!options.privateKey)
-        throw new Error("Application's private key should be set");
-    const middleware = function (req, res, next) {
-        if (!req.management.payload)
-            console.error("No payload to be signed");
-        const payload = req.management.payload;
-        let signedPayload;
-        try {
-            signedPayload = signPayload(payload, options);
-        }
-        catch (error) {
-            res.status(403);
-            res.send(`Unable to sign payload: ${error}`);
-            return;
-        }
-        try {
-            req.body = signJws(signedPayload, options);
-        }
-        catch (error) {
-            res.status(403);
-            res.send(`Unable to correctly format signed payload: ${error}`);
-        }
-        next();
-    };
-    return middleware;
-};
 const base64Decode = (base64) => {
     return Buffer.from(base64, "base64").toString("utf8");
 };
 const parseProtectedHeader = (protectedHeader) => {
     return JSON.parse(base64Decode(protectedHeader));
 };
 const validateJws = (key, input) => {
     for (const signature of input.signatures) {
         const decodedProtectedHeader = parseProtectedHeader(signature.protected);
@@ -6585,18 +6587,63 @@ const validateJws = (key, input) => {
         if (key.algorithm !== decodedProtectedHeader.alg) {
             throw new Error("Algorithm mismatch");
         }
-        try {
-            const verified = jwt.verify(`${signature.protected}.${input.payload}.${signature.signature}`, key.value,
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            { algorithms: [key.algorithm] });
-            return verified;
+        const verified = jwt.verify(`${signature.protected}.${input.payload}.${signature.signature}`, key.value,
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        { algorithms: [key.algorithm] });
+        return verified;
+    }
+};
+/*
+ * Verifies JWT.
+ *
+ * @param jwt [Hash]
+ *   The JWT in the format as defined in RFC 7515.
+ *   Example:
+ *     { "payload" => "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
+ *       "signatures" => [
+ *         { "protected" => "eyJhbGciOiJSUzI1NiJ9",
+ *           "header" => { "kid" => "2010-12-29" },
+ *           "signature" => "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"
+ *         },
+ *         { "protected" => "eyJhbGciOiJFUzI1NiJ9",
+ *           "header" => { "kid" => "e9bc097a-ce51-4036-9562-d2ade882db0d" },
+ *           "signature" => "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
+ *         }
+ *       ]
+ *     }
+ * @param public_keychain [Hash]
+ *   The hash which consists of pairs: key ID => public key.
+ *   The key may be presented as string in PEM format or as instance of {OpenSSL::PKey::PKey}.
+ *   The implementation only verifies signatures for which public key exists in keychain.
+ * @param options [Hash]
+ *   The rules for verifying JWT. The variable «algorithms» is always overwritten by the value from JWS header.
+ * @return [Hash]
+ *   The returning value contains payload, list of verified, and unverified signatures (key ID).
+ *   Example:
+ *     { payload:    { sub: "session", profile: { email: "username@mailbox.example" },
+ *       verified:   [:"backend-1.mycompany.example", :"backend-3.mycompany.example"],
+ *       unverified: [:"backend-2.mycompany.example"] }
+ *     }
+ * @raise [JWT::DecodeError]
+ */
+const validateJwsMultisig = (keychain, input) => {
+    const verified = [];
+    const unverified = [];
+    for (const signature of input.signatures) {
+        const key = keychain.get(signature.header.kid);
+        if (key) {
+            validateJws(key, input);
+            verified.push(signature.header.kid);
         }
-        catch (error) {
-            console.error(error);
-            return undefined;
+        else {
+            unverified.push(signature.header.kid);
         }
     }
+    return {
+        verified,
+        unverified
+    };
 };
-export { managementSigner, sessionVerifier, signData, signJws, signPayload, validateJws };
+export { managementSigner, sessionVerifier, signData, signJws, signPayload, validateJws, validateJwsMultisig };
 //# sourceMappingURL=index.js.map