@hkdigital/lib-core 0.4.22 → 0.4.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/jwt/util.js +35 -41
- package/package.json +1 -1
package/dist/auth/jwt/util.js
CHANGED
|
@@ -2,24 +2,32 @@
|
|
|
2
2
|
* JWT utility functions
|
|
3
3
|
*
|
|
4
4
|
* @description
|
|
5
|
-
* This module provides utility functions for JWT operations including
|
|
5
|
+
* This module provides utility functions for JWT operations including
|
|
6
6
|
* sign, verify and error casting.
|
|
7
7
|
*/
|
|
8
8
|
|
|
9
|
+
// import jwt from 'jsonwebtoken';
|
|
10
|
+
|
|
11
|
+
// import {
|
|
12
|
+
// TokenExpiredError as JwtTokenExpiredError,
|
|
13
|
+
// JsonWebTokenError as JwtJsonWebTokenError,
|
|
14
|
+
// NotBeforeError as JwtNotBeforeError
|
|
15
|
+
// } from 'jsonwebtoken';
|
|
16
|
+
|
|
9
17
|
import jwt from 'jsonwebtoken';
|
|
10
18
|
|
|
11
|
-
|
|
12
|
-
TokenExpiredError
|
|
13
|
-
JsonWebTokenError
|
|
14
|
-
NotBeforeError
|
|
15
|
-
}
|
|
19
|
+
const {
|
|
20
|
+
TokenExpiredError: JwtTokenExpiredError,
|
|
21
|
+
JsonWebTokenError: JwtJsonWebTokenError,
|
|
22
|
+
NotBeforeError: JwtNotBeforeError
|
|
23
|
+
} = jwt;
|
|
16
24
|
|
|
17
25
|
import * as expect from '../../util/expect.js';
|
|
18
26
|
|
|
19
27
|
import {
|
|
20
28
|
JWT_DEFAULT_EXPIRES_IN,
|
|
21
29
|
DEFAULT_ALGORITHM,
|
|
22
|
-
VERIFY_OPTIONS
|
|
30
|
+
VERIFY_OPTIONS
|
|
23
31
|
} from './constants.js';
|
|
24
32
|
|
|
25
33
|
import {
|
|
@@ -54,38 +62,28 @@ import {
|
|
|
54
62
|
*
|
|
55
63
|
* @returns {string} JsonWebToken
|
|
56
64
|
*/
|
|
57
|
-
export function sign(
|
|
58
|
-
claims
|
|
59
|
-
secretOrPrivateKey
|
|
60
|
-
|
|
61
|
-
{
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
if( options )
|
|
66
|
-
{
|
|
67
|
-
expect.object( options );
|
|
68
|
-
}
|
|
69
|
-
else {
|
|
65
|
+
export function sign(claims, secretOrPrivateKey, options = {}) {
|
|
66
|
+
expect.object(claims);
|
|
67
|
+
expect.defined(secretOrPrivateKey);
|
|
68
|
+
|
|
69
|
+
if (options) {
|
|
70
|
+
expect.object(options);
|
|
71
|
+
} else {
|
|
70
72
|
options = {};
|
|
71
73
|
}
|
|
72
74
|
|
|
73
|
-
if(
|
|
74
|
-
{
|
|
75
|
+
if (!('algorithm' in options)) {
|
|
75
76
|
options.algorithm = DEFAULT_ALGORITHM;
|
|
76
77
|
}
|
|
77
78
|
|
|
78
|
-
if(
|
|
79
|
-
{
|
|
79
|
+
if (!('expiresIn' in options)) {
|
|
80
80
|
options.expiresIn = JWT_DEFAULT_EXPIRES_IN;
|
|
81
|
-
}
|
|
82
|
-
else if( !options.expiresIn )
|
|
83
|
-
{
|
|
81
|
+
} else if (!options.expiresIn) {
|
|
84
82
|
delete options.expiresIn;
|
|
85
83
|
}
|
|
86
84
|
|
|
87
85
|
// @ts-ignore
|
|
88
|
-
return jwt.sign(
|
|
86
|
+
return jwt.sign(claims, secretOrPrivateKey, options);
|
|
89
87
|
}
|
|
90
88
|
|
|
91
89
|
/**
|
|
@@ -99,24 +97,20 @@ export function sign(
|
|
|
99
97
|
*
|
|
100
98
|
* @returns {import('./typedef.js').JwtPayload} claims - The decoded JWT payload
|
|
101
99
|
*/
|
|
102
|
-
export function verify(
|
|
103
|
-
|
|
104
|
-
expect.
|
|
105
|
-
expect.defined( secretOrPrivateKey );
|
|
100
|
+
export function verify(token, secretOrPrivateKey, options = VERIFY_OPTIONS) {
|
|
101
|
+
expect.notEmptyString(token);
|
|
102
|
+
expect.defined(secretOrPrivateKey);
|
|
106
103
|
|
|
107
|
-
if(
|
|
108
|
-
{
|
|
104
|
+
if (!('algorithms' in options)) {
|
|
109
105
|
options.algorithms = VERIFY_OPTIONS.algorithms;
|
|
110
106
|
}
|
|
111
107
|
|
|
112
108
|
try {
|
|
113
109
|
// @ts-ignore
|
|
114
|
-
const decoded = jwt.verify(
|
|
110
|
+
const decoded = jwt.verify(token, secretOrPrivateKey, options);
|
|
115
111
|
|
|
116
112
|
return decoded;
|
|
117
|
-
}
|
|
118
|
-
catch( e )
|
|
119
|
-
{
|
|
113
|
+
} catch (e) {
|
|
120
114
|
//
|
|
121
115
|
// Cast internal jsonwebtoken errors to Error types defined in this lib
|
|
122
116
|
//
|
|
@@ -135,18 +129,18 @@ export function castJwtError(error) {
|
|
|
135
129
|
if (error instanceof JwtTokenExpiredError) {
|
|
136
130
|
return new TokenExpiredError(error.message, error.expiredAt, error);
|
|
137
131
|
}
|
|
138
|
-
|
|
132
|
+
|
|
139
133
|
if (error instanceof JwtNotBeforeError) {
|
|
140
134
|
return new NotBeforeError(error.message, error.date, error);
|
|
141
135
|
}
|
|
142
|
-
|
|
136
|
+
|
|
143
137
|
if (error instanceof JwtJsonWebTokenError) {
|
|
144
138
|
if (error.message === 'invalid signature') {
|
|
145
139
|
return new InvalidSignatureError(error.message, error, error);
|
|
146
140
|
}
|
|
147
141
|
return new JsonWebTokenError(error.message, error, error);
|
|
148
142
|
}
|
|
149
|
-
|
|
143
|
+
|
|
150
144
|
// Return original error if not a known JWT error
|
|
151
145
|
return error;
|
|
152
146
|
}
|