@fraym/auth 0.3.0 → 0.4.0

package/README.md

@@ -38,7 +38,51 @@ Use a `.env` file or env variables to configure cte clients and the command:
 AUTH_SERVER_ADDRESS=127.0.0.1:9000
 ```
 
-## Usage
+## JWT functions
+
+### Create a new JWT for usage with fraym
+
+```typescript
+const jwt = await generateJwt(appSecret, tenantId, scopes, data, expirationTime);
+```
+
+Parameters:
+
+-   `appSecret`: the secret used to sign the jwt
+-   `tenantId`: the id of the tenant to use
+-   `scopes`: (optional) list of scopes available in this token
+-   `data`: (optional) data added to the `data` field of the token
+-   `expirationTime`: (optional) string is resolved to a time span and added to the current timestamp to calculate the expiration time
+
+### Add data to an existing JWT
+
+Note: this will validate the existing token first.
+
+```typescript
+const jwt = await addDataToJwt(appSecret, token, data);
+```
+
+Parameters:
+
+-   `appSecret`: the secret used to sign the jwt
+-   `token`: the existing jwt
+-   `data`: (optional) data added to the `data` field of the token, existing fields in the data object will be overwritten
+
+### Validate the token and get associated data
+
+Get scopes:
+
+```typescript
+const { scopes, userId, exp } = await getTokenData(appSecret, token, requireUserId);
+```
+
+Parameters:
+
+-   `appSecret`: the secret used to sign the jwt
+-   `token`: the existing jwt
+-   `requireUserId`: (optional, default: `true`) If set to true the function will throw an error if it cannot determine the id of the user that owns the jwt
+
+## Client Usage
 
 ### Create the client
 

package/dist/index.d.ts

@@ -1,2 +1,3 @@
 export * from "./management/client";
 export { ClientConfig } from "./config/config";
+export * from "./util/token";

package/dist/index.js

@@ -15,3 +15,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./management/client"), exports);
+__exportStar(require("./util/token"), exports);

package/dist/util/token.d.ts

@@ -0,0 +1,8 @@
+export declare const generateJwt: (appSecret: string, tenantId: string, scopes?: string[], data?: Record<string, any>, expirationTime?: string) => Promise<string>;
+export declare const addDataToJwt: (appSecret: string, token: string, data: Record<string, any>) => Promise<string>;
+export interface TokenData {
+    userId: string;
+    scopes: string[];
+    exp: number;
+}
+export declare const getTokenData: (appSecret: string, token: string, requireUserId?: boolean) => Promise<TokenData>;

package/dist/util/token.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTokenData = exports.addDataToJwt = exports.generateJwt = void 0;
+const jose_1 = require("jose");
+const alg = "HS256";
+const generateJwt = async (appSecret, tenantId, scopes = [], data = {}, expirationTime = "5m") => {
+    const secret = new TextEncoder().encode(appSecret);
+    return await new jose_1.SignJWT({
+        type: "access_token",
+        tenantId,
+        scopes,
+        data,
+    })
+        .setProtectedHeader({
+        alg,
+        typ: "JWT",
+    })
+        .setIssuedAt()
+        .setNotBefore("0s")
+        .setIssuer("auth")
+        .setAudience(["fraym"])
+        .setExpirationTime(expirationTime)
+        .sign(secret);
+};
+exports.generateJwt = generateJwt;
+const addDataToJwt = async (appSecret, token, data) => {
+    var _a;
+    const secret = new TextEncoder().encode(appSecret);
+    const { payload, protectedHeader } = await (0, jose_1.jwtVerify)(token, secret);
+    if (!payload.exp) {
+        throw Error("expiration time is missing in JWT");
+    }
+    const newData = (_a = payload.data) !== null && _a !== void 0 ? _a : {};
+    for (let key in data) {
+        newData[key] = data[key];
+    }
+    return new jose_1.SignJWT(Object.assign(Object.assign({}, payload), { data: newData }))
+        .setProtectedHeader(protectedHeader)
+        .sign(secret);
+};
+exports.addDataToJwt = addDataToJwt;
+const getTokenData = async (appSecret, token, requireUserId = true) => {
+    var _a, _b;
+    const secret = new TextEncoder().encode(appSecret);
+    const { payload } = await (0, jose_1.jwtVerify)(token, secret);
+    if (!payload.exp) {
+        throw Error("expiration time is missing in JWT");
+    }
+    if (requireUserId && !payload.jti) {
+        throw Error("expiration time is missing in JWT");
+    }
+    return {
+        scopes: (_a = payload.scopes) !== null && _a !== void 0 ? _a : [],
+        userId: (_b = payload.jti) !== null && _b !== void 0 ? _b : "",
+        exp: payload.exp,
+    };
+};
+exports.getTokenData = getTokenData;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@fraym/auth",
-    "version": "0.3.0",
+    "version": "0.4.0",
     "license": "UNLICENSED",
     "homepage": "https://github.com/fraym/auth-nodejs",
     "repository": {
@@ -30,9 +30,10 @@
         "@fraym/auth-proto": "^0.6.0",
         "@graphql-tools/graphql-file-loader": "^7.5.11",
         "@graphql-tools/load": "^7.8.6",
-        "@grpc/grpc-js": "1.7.2",
+        "@grpc/grpc-js": "^1.8.7",
         "dotenv": "^16.0.3",
         "graphql": "^16.6.0",
+        "jose": "^4.13.1",
         "yargs": "^17.6.2"
     },
     "devDependencies": {