npm - @fraym/auth - Versions diffs - 0.3.1 → 0.4.0 - Mend

@fraym/auth 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -38,7 +38,51 @@ Use a `.env` file or env variables to configure cte clients and the command:
 AUTH_SERVER_ADDRESS=127.0.0.1:9000
 ```
-## Usage
+## JWT functions
+### Create a new JWT for usage with fraym
+```typescript
+const jwt = await generateJwt(appSecret, tenantId, scopes, data, expirationTime);
+```
+Parameters:
+-   `appSecret`: the secret used to sign the jwt
+-   `tenantId`: the id of the tenant to use
+-   `scopes`: (optional) list of scopes available in this token
+-   `data`: (optional) data added to the `data` field of the token
+-   `expirationTime`: (optional) string is resolved to a time span and added to the current timestamp to calculate the expiration time
+### Add data to an existing JWT
+Note: this will validate the existing token first.
+```typescript
+const jwt = await addDataToJwt(appSecret, token, data);
+```
+Parameters:
+-   `appSecret`: the secret used to sign the jwt
+-   `token`: the existing jwt
+-   `data`: (optional) data added to the `data` field of the token, existing fields in the data object will be overwritten
+### Validate the token and get associated data
+Get scopes:
+```typescript
+const { scopes, userId, exp } = await getTokenData(appSecret, token, requireUserId);
+```
+Parameters:
+-   `appSecret`: the secret used to sign the jwt
+-   `token`: the existing jwt
+-   `requireUserId`: (optional, default: `true`) If set to true the function will throw an error if it cannot determine the id of the user that owns the jwt
+## Client Usage
 ### Create the client

package/dist/index.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 export * from "./management/client";
 export { ClientConfig } from "./config/config";
+export * from "./util/token";

package/dist/index.js CHANGED Viewed

@@ -15,3 +15,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./management/client"), exports);
+__exportStar(require("./util/token"), exports);

package/dist/util/token.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export declare const generateJwt: (appSecret: string, tenantId: string, scopes?: string[], data?: Record<string, any>, expirationTime?: string) => Promise<string>;
+export declare const addDataToJwt: (appSecret: string, token: string, data: Record<string, any>) => Promise<string>;
+export interface TokenData {
+    userId: string;
+    scopes: string[];
+    exp: number;
+}
+export declare const getTokenData: (appSecret: string, token: string, requireUserId?: boolean) => Promise<TokenData>;

package/dist/util/token.js ADDED Viewed

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTokenData = exports.addDataToJwt = exports.generateJwt = void 0;
+const jose_1 = require("jose");
+const alg = "HS256";
+const generateJwt = async (appSecret, tenantId, scopes = [], data = {}, expirationTime = "5m") => {
+    const secret = new TextEncoder().encode(appSecret);
+    return await new jose_1.SignJWT({
+        type: "access_token",
+        tenantId,
+        scopes,
+        data,
+    })
+        .setProtectedHeader({
+        alg,
+        typ: "JWT",
+    })
+        .setIssuedAt()
+        .setNotBefore("0s")
+        .setIssuer("auth")
+        .setAudience(["fraym"])
+        .setExpirationTime(expirationTime)
+        .sign(secret);
+};
+exports.generateJwt = generateJwt;
+const addDataToJwt = async (appSecret, token, data) => {
+    var _a;
+    const secret = new TextEncoder().encode(appSecret);
+    const { payload, protectedHeader } = await (0, jose_1.jwtVerify)(token, secret);
+    if (!payload.exp) {
+        throw Error("expiration time is missing in JWT");
+    }
+    const newData = (_a = payload.data) !== null && _a !== void 0 ? _a : {};
+    for (let key in data) {
+        newData[key] = data[key];
+    }
+    return new jose_1.SignJWT(Object.assign(Object.assign({}, payload), { data: newData }))
+        .setProtectedHeader(protectedHeader)
+        .sign(secret);
+};
+exports.addDataToJwt = addDataToJwt;
+const getTokenData = async (appSecret, token, requireUserId = true) => {
+    var _a, _b;
+    const secret = new TextEncoder().encode(appSecret);
+    const { payload } = await (0, jose_1.jwtVerify)(token, secret);
+    if (!payload.exp) {
+        throw Error("expiration time is missing in JWT");
+    }
+    if (requireUserId && !payload.jti) {
+        throw Error("expiration time is missing in JWT");
+    }
+    return {
+        scopes: (_a = payload.scopes) !== null && _a !== void 0 ? _a : [],
+        userId: (_b = payload.jti) !== null && _b !== void 0 ? _b : "",
+        exp: payload.exp,
+    };
+};
+exports.getTokenData = getTokenData;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@fraym/auth",
-    "version": "0.3.1",
+    "version": "0.4.0",
     "license": "UNLICENSED",
     "homepage": "https://github.com/fraym/auth-nodejs",
     "repository": {
@@ -33,6 +33,7 @@
         "@grpc/grpc-js": "^1.8.7",
         "dotenv": "^16.0.3",
         "graphql": "^16.6.0",
+        "jose": "^4.13.1",
         "yargs": "^17.6.2"
     },
     "devDependencies": {