@ethora/sdk-backend 26.2.3 → 26.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +347 -110
- package/dist/repositories/EthoraSDKService.d.ts +42 -1
- package/dist/repositories/EthoraSDKService.d.ts.map +1 -1
- package/dist/repositories/EthoraSDKService.js +187 -15
- package/dist/repositories/EthoraSDKService.js.map +1 -1
- package/dist/scripts/test-logs.js +37 -10
- package/dist/scripts/test-logs.js.map +1 -1
- package/dist/types/index.d.ts +79 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/utils/jwt.d.ts +4 -1
- package/dist/utils/jwt.d.ts.map +1 -1
- package/dist/utils/jwt.js +33 -7
- package/dist/utils/jwt.js.map +1 -1
- package/package.json +1 -1
package/dist/utils/jwt.js
CHANGED
|
@@ -14,6 +14,12 @@ const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
|
14
14
|
const secrets_1 = require("../config/secrets");
|
|
15
15
|
const logger_1 = require("./logger");
|
|
16
16
|
const logger = (0, logger_1.getLogger)("jwt-utils");
|
|
17
|
+
function deriveScopedSecret(secret, purpose) {
|
|
18
|
+
return require("crypto")
|
|
19
|
+
.createHmac("sha256", String(secret))
|
|
20
|
+
.update(`ethora:${purpose}:v1`)
|
|
21
|
+
.digest("hex");
|
|
22
|
+
}
|
|
17
23
|
/**
|
|
18
24
|
* Creates a JWT token from the given payload using the chat application's secret
|
|
19
25
|
*
|
|
@@ -27,21 +33,28 @@ function createJwtToken(payload, customSecrets) {
|
|
|
27
33
|
algorithm: "HS256",
|
|
28
34
|
});
|
|
29
35
|
}
|
|
36
|
+
function createScopedJwtToken(payload, purpose, customSecrets) {
|
|
37
|
+
const secrets = customSecrets || (0, secrets_1.getSecrets)();
|
|
38
|
+
return jsonwebtoken_1.default.sign(payload, deriveScopedSecret(secrets.chatAppSecret, purpose), {
|
|
39
|
+
algorithm: "HS256",
|
|
40
|
+
});
|
|
41
|
+
}
|
|
30
42
|
/**
|
|
31
43
|
* Creates a server-to-server JWT token
|
|
32
44
|
*
|
|
33
45
|
* @returns The encoded JWT token for server authentication
|
|
34
46
|
*/
|
|
35
|
-
function createServerToken(customSecrets) {
|
|
47
|
+
function createServerToken(customSecrets, options) {
|
|
36
48
|
logger.debug("Creating server-to-server JWT token");
|
|
37
49
|
const secrets = customSecrets || (0, secrets_1.getSecrets)();
|
|
38
50
|
const payload = {
|
|
39
51
|
data: {
|
|
40
|
-
appId: secrets.chatAppId,
|
|
52
|
+
appId: options?.appId || secrets.chatAppId,
|
|
41
53
|
type: "server",
|
|
54
|
+
...(options?.tenantId ? { tenantId: options.tenantId } : {}),
|
|
42
55
|
},
|
|
43
56
|
};
|
|
44
|
-
return
|
|
57
|
+
return createScopedJwtToken(payload, "server", secrets);
|
|
45
58
|
}
|
|
46
59
|
/**
|
|
47
60
|
* Creates a client-side JWT token for a specific user ID
|
|
@@ -59,7 +72,7 @@ function createClientToken(userId, customSecrets) {
|
|
|
59
72
|
appId: secrets.chatAppId,
|
|
60
73
|
},
|
|
61
74
|
};
|
|
62
|
-
const token =
|
|
75
|
+
const token = createScopedJwtToken(payload, "client", secrets);
|
|
63
76
|
logger.info(`Client JWT token created for user ID: ${userId}`);
|
|
64
77
|
return token;
|
|
65
78
|
}
|
|
@@ -73,14 +86,27 @@ function createClientToken(userId, customSecrets) {
|
|
|
73
86
|
function verifyJwtToken(token) {
|
|
74
87
|
logger.debug("Verifying JWT token");
|
|
75
88
|
const secrets = (0, secrets_1.getSecrets)();
|
|
89
|
+
const decoded = jsonwebtoken_1.default.decode(token);
|
|
90
|
+
const tokenType = String(decoded?.data?.type || "");
|
|
91
|
+
const purpose = tokenType === "server" ? "server" :
|
|
92
|
+
tokenType === "client" ? "client" :
|
|
93
|
+
"";
|
|
76
94
|
try {
|
|
77
|
-
return jsonwebtoken_1.default.verify(token, secrets.chatAppSecret, {
|
|
95
|
+
return jsonwebtoken_1.default.verify(token, purpose ? deriveScopedSecret(secrets.chatAppSecret, purpose) : secrets.chatAppSecret, {
|
|
78
96
|
algorithms: ["HS256"],
|
|
79
97
|
});
|
|
80
98
|
}
|
|
81
99
|
catch (error) {
|
|
82
|
-
|
|
83
|
-
|
|
100
|
+
try {
|
|
101
|
+
// TODO(auth-cleanup): remove raw-secret fallback after all callers use purpose-scoped tokens.
|
|
102
|
+
return jsonwebtoken_1.default.verify(token, secrets.chatAppSecret, {
|
|
103
|
+
algorithms: ["HS256"],
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
catch (fallbackError) {
|
|
107
|
+
logger.error("JWT token verification failed", fallbackError);
|
|
108
|
+
throw new Error("Invalid JWT token");
|
|
109
|
+
}
|
|
84
110
|
}
|
|
85
111
|
}
|
|
86
112
|
//# sourceMappingURL=jwt.js.map
|
package/dist/utils/jwt.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/utils/jwt.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;
|
|
1
|
+
{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/utils/jwt.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;AAsBH,wCAWC;AAsBD,8CAgBC;AAQD,8CAeC;AASD,wCAyBC;AA9HD,gEAA+B;AAE/B,+CAAwD;AACxD,qCAAqC;AAErC,MAAM,MAAM,GAAG,IAAA,kBAAS,EAAC,WAAW,CAAC,CAAC;AAEtC,SAAS,kBAAkB,CAAC,MAAc,EAAE,OAAe;IACzD,OAAO,OAAO,CAAC,QAAQ,CAAC;SACrB,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;SACpC,MAAM,CAAC,UAAU,OAAO,KAAK,CAAC;SAC9B,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,OAAgD,EAAE,aAAuB;IACtG,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,aAAa,IAAI,IAAA,oBAAU,GAAE,CAAC;IAE9C,OAAO,sBAAG,CAAC,IAAI,CACb,OAAO,EACP,OAAO,CAAC,aAAa,EACrB;QACE,SAAS,EAAE,OAAO;KACnB,CACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,OAAgD,EAChD,OAA4B,EAC5B,aAAuB;IAEvB,MAAM,OAAO,GAAG,aAAa,IAAI,IAAA,oBAAU,GAAE,CAAC;IAC9C,OAAO,sBAAG,CAAC,IAAI,CACb,OAAO,EACP,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,EAClD;QACE,SAAS,EAAE,OAAO;KACnB,CACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAC/B,aAAuB,EACvB,OAA+C;IAE/C,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,aAAa,IAAI,IAAA,oBAAU,GAAE,CAAC;IAE9C,MAAM,OAAO,GAAuB;QAClC,IAAI,EAAE;YACJ,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,OAAO,CAAC,SAAS;YAC1C,IAAI,EAAE,QAAQ;YACd,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7D;KACF,CAAC;IAEF,OAAO,oBAAoB,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,MAAc,EAAE,aAAuB;IACvE,MAAM,CAAC,KAAK,CAAC,iDAAiD,MAAM,EAAE,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,aAAa,IAAI,IAAA,oBAAU,GAAE,CAAC;IAE9C,MAAM,OAAO,GAAuB;QAClC,IAAI,EAAE;YACJ,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;YACtB,KAAK,EAAE,OAAO,CAAC,SAAS;SACzB;KACF,CAAC;IAEF,MAAM,KAAK,GAAG,oBAAoB,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,CAAC,IAAI,CAAC,yCAAyC,MAAM,EAAE,CAAC,CAAC;IAC/D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,KAAa;IAC1C,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,IAAA,oBAAU,GAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,CAA0B,CAAC;IAC3D,MAAM,SAAS,GAAG,MAAM,CAAE,OAAe,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC7D,MAAM,OAAO,GACX,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACnC,EAAE,CAAC;IAEL,IAAI,CAAC;QACH,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,EAAE;YAC7G,UAAU,EAAE,CAAC,OAAO,CAAC;SACtB,CAAmB,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC;YACH,8FAA8F;YAC9F,OAAO,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,aAAa,EAAE;gBAC9C,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAmB,CAAC;QACvB,CAAC;QAAC,OAAO,aAAa,EAAE,CAAC;YACvB,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,aAAa,CAAC,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;AACH,CAAC"}
|