@hemia/jwt-manager 0.0.4 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -5,14 +5,9 @@ import require$$1 from 'crypto';
|
|
|
5
5
|
|
|
6
6
|
var jwtConfig = {
|
|
7
7
|
expiresIn: '2h',
|
|
8
|
-
cleanCredentialSecret: '
|
|
8
|
+
cleanCredentialSecret: 'clean-credential-secret-key',
|
|
9
9
|
};
|
|
10
10
|
|
|
11
|
-
var Operatives;
|
|
12
|
-
(function (Operatives) {
|
|
13
|
-
Operatives["CATALOG"] = "catalog";
|
|
14
|
-
})(Operatives || (Operatives = {}));
|
|
15
|
-
|
|
16
11
|
function getDefaultExportFromCjs (x) {
|
|
17
12
|
return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
|
|
18
13
|
}
|
|
@@ -5824,7 +5819,7 @@ var jwt = /*@__PURE__*/getDefaultExportFromCjs(jsonwebtoken);
|
|
|
5824
5819
|
|
|
5825
5820
|
class Mixin {
|
|
5826
5821
|
createBasicToken(payload, secret, expiresIn, options) {
|
|
5827
|
-
const finalOptions = Object.assign(Object.assign({}, (options || {})), { expiresIn, issuer:
|
|
5822
|
+
const finalOptions = Object.assign(Object.assign({}, (options || {})), { expiresIn, issuer: options === null || options === void 0 ? void 0 : options.issuer, audience: options === null || options === void 0 ? void 0 : options.audience, algorithm: (options === null || options === void 0 ? void 0 : options.algorithm) || 'HS256' });
|
|
5828
5823
|
return jwt.sign(payload, secret, finalOptions);
|
|
5829
5824
|
}
|
|
5830
5825
|
validateTokenBase(token, secretKey, options) {
|
|
@@ -5900,69 +5895,50 @@ class Mixin {
|
|
|
5900
5895
|
}
|
|
5901
5896
|
|
|
5902
5897
|
class JwtManager extends Mixin {
|
|
5903
|
-
constructor() {
|
|
5898
|
+
constructor(issuer, audience) {
|
|
5904
5899
|
super();
|
|
5905
5900
|
this._secretKey = '';
|
|
5906
5901
|
this._issuer = '';
|
|
5907
5902
|
this._audience = '';
|
|
5908
5903
|
this._secretKey = process.env.JWT_SECRET || jwtConfig.cleanCredentialSecret;
|
|
5909
|
-
this._issuer = process.env.JWT_ISSUER || 'hemia-app';
|
|
5910
|
-
this._audience = process.env.JWT_AUDIENCE || 'hemia-api';
|
|
5904
|
+
this._issuer = issuer || process.env.JWT_ISSUER || 'hemia-app';
|
|
5905
|
+
this._audience = audience || process.env.JWT_AUDIENCE || 'hemia-api';
|
|
5911
5906
|
if (!this._secretKey) {
|
|
5912
5907
|
throw new Error("JWT secret key is required.");
|
|
5913
5908
|
}
|
|
5914
5909
|
}
|
|
5915
|
-
|
|
5916
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || jwtConfig.expiresIn, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5917
|
-
}
|
|
5918
|
-
createTokenWithSecret(payload, secretKey, expiresIn, options) {
|
|
5919
|
-
return this.createBasicToken(payload, secretKey, expiresIn || jwtConfig.expiresIn, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5920
|
-
}
|
|
5921
|
-
createCleanCredentialsToken(operative = Operatives.CATALOG, secretKey, expiresIn) {
|
|
5922
|
-
const payload = { accessType: operative };
|
|
5923
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || jwtConfig.expiresIn);
|
|
5924
|
-
}
|
|
5925
|
-
getTokenWithoutKey(payload, secretKey, expiresIn, options) {
|
|
5926
|
-
return this.createToken(payload, secretKey, expiresIn, options);
|
|
5927
|
-
}
|
|
5928
|
-
getTokenWithKey(payload, secretKey, expiresIn, options) {
|
|
5929
|
-
return this.createTokenWithSecret(payload, secretKey, expiresIn, options);
|
|
5930
|
-
}
|
|
5931
|
-
getTokenCleanCredentials(operative = Operatives.CATALOG, secretKey, expiresIn) {
|
|
5932
|
-
return this.createCleanCredentialsToken(operative, secretKey, expiresIn);
|
|
5933
|
-
}
|
|
5934
|
-
createIdToken(claims, secretKey, expiresIn) {
|
|
5910
|
+
createIdToken(claims, options = {}, customClaims) {
|
|
5935
5911
|
if (!claims.sub) {
|
|
5936
5912
|
throw new Error('sub (subject) claim is required for ID tokens');
|
|
5937
5913
|
}
|
|
5938
|
-
const payload = Object.assign(Object.assign({}, claims), { iat: Math.floor(Date.now() / 1000) });
|
|
5939
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || jwtConfig.expiresIn, {
|
|
5914
|
+
const payload = Object.assign(Object.assign(Object.assign({}, claims), { iat: Math.floor(Date.now() / 1000) }), customClaims);
|
|
5915
|
+
return this.createBasicToken(payload, options.secretKey || this._secretKey, options.expiresIn || jwtConfig.expiresIn, {
|
|
5916
|
+
issuer: options.issuer || this._issuer,
|
|
5917
|
+
audience: options.clientID
|
|
5918
|
+
});
|
|
5940
5919
|
}
|
|
5941
|
-
createAccessToken(sub, scopes,
|
|
5942
|
-
const payload = {
|
|
5943
|
-
|
|
5944
|
-
|
|
5945
|
-
|
|
5946
|
-
|
|
5947
|
-
|
|
5920
|
+
createAccessToken(sub, scopes, options = {}, customClaims) {
|
|
5921
|
+
const payload = Object.assign({ sub, scope: scopes.join(' '), iat: Math.floor(Date.now() / 1000) }, customClaims);
|
|
5922
|
+
return this.createBasicToken(payload, options.secretKey || this._secretKey, options.expiresIn || '15m', {
|
|
5923
|
+
issuer: options.issuer || this._issuer,
|
|
5924
|
+
audience: options.audience || this._audience,
|
|
5925
|
+
algorithm: 'HS256'
|
|
5926
|
+
});
|
|
5948
5927
|
}
|
|
5949
|
-
createRefreshToken(sub,
|
|
5950
|
-
const payload = {
|
|
5951
|
-
|
|
5952
|
-
|
|
5953
|
-
|
|
5954
|
-
|
|
5955
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || '30d', {
|
|
5956
|
-
issuer: this._issuer,
|
|
5957
|
-
audience: this._audience,
|
|
5928
|
+
createRefreshToken(sub, options = {}, customClaims) {
|
|
5929
|
+
const payload = Object.assign({ sub, type: 'refresh', iat: Math.floor(Date.now() / 1000) }, customClaims);
|
|
5930
|
+
return this.createBasicToken(payload, options.secretKey || this._secretKey, options.expiresIn || '30d', {
|
|
5931
|
+
issuer: options.issuer || this._issuer,
|
|
5932
|
+
audience: options.audience || this._audience,
|
|
5933
|
+
algorithm: 'HS256',
|
|
5958
5934
|
jwtid: this.generateJti()
|
|
5959
5935
|
});
|
|
5960
5936
|
}
|
|
5961
5937
|
verify(token, secretKey, options) {
|
|
5962
|
-
return this.validateTokenBase(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5938
|
+
return this.validateTokenBase(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience, algorithms: ['HS256'] }));
|
|
5963
5939
|
}
|
|
5964
5940
|
verifyDetailed(token, secretKey, options) {
|
|
5965
|
-
return super.validateTokenDetailed(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5941
|
+
return super.validateTokenDetailed(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience, algorithms: ['HS256'] }));
|
|
5966
5942
|
}
|
|
5967
5943
|
validateToken(token, secretKey, options) {
|
|
5968
5944
|
return this.verify(token, secretKey, options);
|
|
@@ -6021,6 +5997,11 @@ class JwtManager extends Mixin {
|
|
|
6021
5997
|
}
|
|
6022
5998
|
}
|
|
6023
5999
|
|
|
6000
|
+
var Operatives;
|
|
6001
|
+
(function (Operatives) {
|
|
6002
|
+
Operatives["CATALOG"] = "catalog";
|
|
6003
|
+
})(Operatives || (Operatives = {}));
|
|
6004
|
+
|
|
6024
6005
|
var TokenType;
|
|
6025
6006
|
(function (TokenType) {
|
|
6026
6007
|
TokenType["ID_TOKEN"] = "id_token";
|
|
@@ -7,14 +7,9 @@ var require$$1 = require('crypto');
|
|
|
7
7
|
|
|
8
8
|
var jwtConfig = {
|
|
9
9
|
expiresIn: '2h',
|
|
10
|
-
cleanCredentialSecret: '
|
|
10
|
+
cleanCredentialSecret: 'clean-credential-secret-key',
|
|
11
11
|
};
|
|
12
12
|
|
|
13
|
-
exports.Operatives = void 0;
|
|
14
|
-
(function (Operatives) {
|
|
15
|
-
Operatives["CATALOG"] = "catalog";
|
|
16
|
-
})(exports.Operatives || (exports.Operatives = {}));
|
|
17
|
-
|
|
18
13
|
function getDefaultExportFromCjs (x) {
|
|
19
14
|
return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
|
|
20
15
|
}
|
|
@@ -5826,7 +5821,7 @@ var jwt = /*@__PURE__*/getDefaultExportFromCjs(jsonwebtoken);
|
|
|
5826
5821
|
|
|
5827
5822
|
class Mixin {
|
|
5828
5823
|
createBasicToken(payload, secret, expiresIn, options) {
|
|
5829
|
-
const finalOptions = Object.assign(Object.assign({}, (options || {})), { expiresIn, issuer:
|
|
5824
|
+
const finalOptions = Object.assign(Object.assign({}, (options || {})), { expiresIn, issuer: options === null || options === void 0 ? void 0 : options.issuer, audience: options === null || options === void 0 ? void 0 : options.audience, algorithm: (options === null || options === void 0 ? void 0 : options.algorithm) || 'HS256' });
|
|
5830
5825
|
return jwt.sign(payload, secret, finalOptions);
|
|
5831
5826
|
}
|
|
5832
5827
|
validateTokenBase(token, secretKey, options) {
|
|
@@ -5902,69 +5897,50 @@ class Mixin {
|
|
|
5902
5897
|
}
|
|
5903
5898
|
|
|
5904
5899
|
class JwtManager extends Mixin {
|
|
5905
|
-
constructor() {
|
|
5900
|
+
constructor(issuer, audience) {
|
|
5906
5901
|
super();
|
|
5907
5902
|
this._secretKey = '';
|
|
5908
5903
|
this._issuer = '';
|
|
5909
5904
|
this._audience = '';
|
|
5910
5905
|
this._secretKey = process.env.JWT_SECRET || jwtConfig.cleanCredentialSecret;
|
|
5911
|
-
this._issuer = process.env.JWT_ISSUER || 'hemia-app';
|
|
5912
|
-
this._audience = process.env.JWT_AUDIENCE || 'hemia-api';
|
|
5906
|
+
this._issuer = issuer || process.env.JWT_ISSUER || 'hemia-app';
|
|
5907
|
+
this._audience = audience || process.env.JWT_AUDIENCE || 'hemia-api';
|
|
5913
5908
|
if (!this._secretKey) {
|
|
5914
5909
|
throw new Error("JWT secret key is required.");
|
|
5915
5910
|
}
|
|
5916
5911
|
}
|
|
5917
|
-
|
|
5918
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || jwtConfig.expiresIn, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5919
|
-
}
|
|
5920
|
-
createTokenWithSecret(payload, secretKey, expiresIn, options) {
|
|
5921
|
-
return this.createBasicToken(payload, secretKey, expiresIn || jwtConfig.expiresIn, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5922
|
-
}
|
|
5923
|
-
createCleanCredentialsToken(operative = exports.Operatives.CATALOG, secretKey, expiresIn) {
|
|
5924
|
-
const payload = { accessType: operative };
|
|
5925
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || jwtConfig.expiresIn);
|
|
5926
|
-
}
|
|
5927
|
-
getTokenWithoutKey(payload, secretKey, expiresIn, options) {
|
|
5928
|
-
return this.createToken(payload, secretKey, expiresIn, options);
|
|
5929
|
-
}
|
|
5930
|
-
getTokenWithKey(payload, secretKey, expiresIn, options) {
|
|
5931
|
-
return this.createTokenWithSecret(payload, secretKey, expiresIn, options);
|
|
5932
|
-
}
|
|
5933
|
-
getTokenCleanCredentials(operative = exports.Operatives.CATALOG, secretKey, expiresIn) {
|
|
5934
|
-
return this.createCleanCredentialsToken(operative, secretKey, expiresIn);
|
|
5935
|
-
}
|
|
5936
|
-
createIdToken(claims, secretKey, expiresIn) {
|
|
5912
|
+
createIdToken(claims, options = {}, customClaims) {
|
|
5937
5913
|
if (!claims.sub) {
|
|
5938
5914
|
throw new Error('sub (subject) claim is required for ID tokens');
|
|
5939
5915
|
}
|
|
5940
|
-
const payload = Object.assign(Object.assign({}, claims), { iat: Math.floor(Date.now() / 1000) });
|
|
5941
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || jwtConfig.expiresIn, {
|
|
5916
|
+
const payload = Object.assign(Object.assign(Object.assign({}, claims), { iat: Math.floor(Date.now() / 1000) }), customClaims);
|
|
5917
|
+
return this.createBasicToken(payload, options.secretKey || this._secretKey, options.expiresIn || jwtConfig.expiresIn, {
|
|
5918
|
+
issuer: options.issuer || this._issuer,
|
|
5919
|
+
audience: options.clientID
|
|
5920
|
+
});
|
|
5942
5921
|
}
|
|
5943
|
-
createAccessToken(sub, scopes,
|
|
5944
|
-
const payload = {
|
|
5945
|
-
|
|
5946
|
-
|
|
5947
|
-
|
|
5948
|
-
|
|
5949
|
-
|
|
5922
|
+
createAccessToken(sub, scopes, options = {}, customClaims) {
|
|
5923
|
+
const payload = Object.assign({ sub, scope: scopes.join(' '), iat: Math.floor(Date.now() / 1000) }, customClaims);
|
|
5924
|
+
return this.createBasicToken(payload, options.secretKey || this._secretKey, options.expiresIn || '15m', {
|
|
5925
|
+
issuer: options.issuer || this._issuer,
|
|
5926
|
+
audience: options.audience || this._audience,
|
|
5927
|
+
algorithm: 'HS256'
|
|
5928
|
+
});
|
|
5950
5929
|
}
|
|
5951
|
-
createRefreshToken(sub,
|
|
5952
|
-
const payload = {
|
|
5953
|
-
|
|
5954
|
-
|
|
5955
|
-
|
|
5956
|
-
|
|
5957
|
-
return this.createBasicToken(payload, secretKey || this._secretKey, expiresIn || '30d', {
|
|
5958
|
-
issuer: this._issuer,
|
|
5959
|
-
audience: this._audience,
|
|
5930
|
+
createRefreshToken(sub, options = {}, customClaims) {
|
|
5931
|
+
const payload = Object.assign({ sub, type: 'refresh', iat: Math.floor(Date.now() / 1000) }, customClaims);
|
|
5932
|
+
return this.createBasicToken(payload, options.secretKey || this._secretKey, options.expiresIn || '30d', {
|
|
5933
|
+
issuer: options.issuer || this._issuer,
|
|
5934
|
+
audience: options.audience || this._audience,
|
|
5935
|
+
algorithm: 'HS256',
|
|
5960
5936
|
jwtid: this.generateJti()
|
|
5961
5937
|
});
|
|
5962
5938
|
}
|
|
5963
5939
|
verify(token, secretKey, options) {
|
|
5964
|
-
return this.validateTokenBase(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5940
|
+
return this.validateTokenBase(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience, algorithms: ['HS256'] }));
|
|
5965
5941
|
}
|
|
5966
5942
|
verifyDetailed(token, secretKey, options) {
|
|
5967
|
-
return super.validateTokenDetailed(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience }));
|
|
5943
|
+
return super.validateTokenDetailed(token, secretKey || this._secretKey, Object.assign(Object.assign({}, options), { issuer: (options === null || options === void 0 ? void 0 : options.issuer) || this._issuer, audience: (options === null || options === void 0 ? void 0 : options.audience) || this._audience, algorithms: ['HS256'] }));
|
|
5968
5944
|
}
|
|
5969
5945
|
validateToken(token, secretKey, options) {
|
|
5970
5946
|
return this.verify(token, secretKey, options);
|
|
@@ -6023,6 +5999,11 @@ class JwtManager extends Mixin {
|
|
|
6023
5999
|
}
|
|
6024
6000
|
}
|
|
6025
6001
|
|
|
6002
|
+
exports.Operatives = void 0;
|
|
6003
|
+
(function (Operatives) {
|
|
6004
|
+
Operatives["CATALOG"] = "catalog";
|
|
6005
|
+
})(exports.Operatives || (exports.Operatives = {}));
|
|
6006
|
+
|
|
6026
6007
|
exports.TokenType = void 0;
|
|
6027
6008
|
(function (TokenType) {
|
|
6028
6009
|
TokenType["ID_TOKEN"] = "id_token";
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { Operatives } from '../Enums/Enums';
|
|
1
|
+
import { JwtPayload, VerifyOptions } from 'jsonwebtoken';
|
|
3
2
|
import { Mixin } from '../mixin/jwt.mixin';
|
|
4
3
|
import { StandardClaims } from '../interfaces/oidc-claims';
|
|
5
4
|
import { TokenValidationResult } from '../types/token-validation';
|
|
@@ -7,16 +6,25 @@ export declare class JwtManager extends Mixin {
|
|
|
7
6
|
private _secretKey;
|
|
8
7
|
private _issuer;
|
|
9
8
|
private _audience;
|
|
10
|
-
constructor();
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
9
|
+
constructor(issuer?: string, audience?: string);
|
|
10
|
+
createIdToken(claims: StandardClaims, options?: {
|
|
11
|
+
clientID?: string;
|
|
12
|
+
issuer?: string;
|
|
13
|
+
expiresIn?: string | number;
|
|
14
|
+
secretKey?: string;
|
|
15
|
+
}, customClaims?: object): string;
|
|
16
|
+
createAccessToken(sub: string, scopes: string[], options?: {
|
|
17
|
+
audience?: string;
|
|
18
|
+
issuer?: string;
|
|
19
|
+
expiresIn?: string | number;
|
|
20
|
+
secretKey?: string;
|
|
21
|
+
}, customClaims?: object): string;
|
|
22
|
+
createRefreshToken(sub: string, options?: {
|
|
23
|
+
audience?: string;
|
|
24
|
+
issuer?: string;
|
|
25
|
+
expiresIn?: string | number;
|
|
26
|
+
secretKey?: string;
|
|
27
|
+
}, customClaims?: object): string;
|
|
20
28
|
verify(token: string, secretKey?: string, options?: VerifyOptions): JwtPayload | null;
|
|
21
29
|
verifyDetailed(token: string, secretKey?: string, options?: VerifyOptions): TokenValidationResult;
|
|
22
30
|
validateToken(token: string, secretKey?: string, options?: VerifyOptions): JwtPayload | null;
|
package/package.json
CHANGED