@naturalcycles/nodejs-lib 12.80.4 → 12.81.0

package/dist/index.d.ts

@@ -72,5 +72,6 @@ export * from './validation/joi/joi.shared.schemas';
 export * from './validation/joi/joi.validation.error';
 export * from './validation/joi/joi.validation.util';
 export * from './script';
+export * from './jwt/jwt.service';
 export type { GlobbyOptions, FastGlobOptions, ValidationErrorItem, AnySchema, Got, AfterResponseHook, BeforeErrorHook, BeforeRequestHook, };
 export { globby, fastGlob, RequestError, TimeoutError, Ajv };

package/dist/index.js

@@ -77,3 +77,4 @@ tslib_1.__exportStar(require("./validation/joi/joi.shared.schemas"), exports);
 tslib_1.__exportStar(require("./validation/joi/joi.validation.error"), exports);
 tslib_1.__exportStar(require("./validation/joi/joi.validation.util"), exports);
 tslib_1.__exportStar(require("./script"), exports);
+tslib_1.__exportStar(require("./jwt/jwt.service"), exports);

package/dist/jwt/jwt.service.d.ts

@@ -0,0 +1,55 @@
+/// <reference types="node" />
+import { AnyObject, ErrorData, JWTString } from '@naturalcycles/js-lib';
+import type { Algorithm, VerifyOptions, JwtHeader, SignOptions } from 'jsonwebtoken';
+import * as jsonwebtoken from 'jsonwebtoken';
+import { AnySchemaTyped } from '../validation/joi/joi.model';
+export { jsonwebtoken };
+export type { Algorithm, VerifyOptions, SignOptions, JwtHeader };
+export interface JWTServiceCfg {
+    /**
+     * Public key is required to Verify incoming tokens.
+     * Optional if you only want to Decode or Sign.
+     */
+    publicKey?: string | Buffer;
+    /**
+     * Private key is required to Sign (create) outgoing tokens.
+     * Optional if you only want to Decode or Verify.
+     */
+    privateKey?: string | Buffer;
+    /**
+     * Recommended: ES256
+     */
+    algorithm: Algorithm;
+    /**
+     * If provided - will be applied to every Sign operation.
+     */
+    signOptions?: SignOptions;
+    /**
+     * If provided - will be applied to every Sign operation.
+     */
+    verifyOptions?: VerifyOptions;
+    /**
+     * If set - errors thrown from this service will be extended
+     * with this errorData (in err.data)
+     */
+    errorData?: ErrorData;
+}
+/**
+ * Wraps popular `jsonwebtoken` library.
+ * You should create one instance of JWTService for each pair of private/public key.
+ *
+ * Generate key pair like this:
+ * openssl ecparam -name secp256k1 -genkey -noout -out key.pem
+ * openssl ec -in key.pem -pubout > key.pub.pem
+ */
+export declare class JWTService {
+    cfg: JWTServiceCfg;
+    constructor(cfg: JWTServiceCfg);
+    sign<T extends AnyObject>(payload: T, schema?: AnySchemaTyped<T>, opt?: SignOptions): JWTString;
+    verify<T extends AnyObject>(token: JWTString, schema?: AnySchemaTyped<T>, opt?: VerifyOptions): T;
+    decode<T extends AnyObject>(token: JWTString, schema?: AnySchemaTyped<T>): {
+        header: JwtHeader;
+        payload: T;
+        signature: string;
+    };
+}

package/dist/jwt/jwt.service.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JWTService = exports.jsonwebtoken = void 0;
+const js_lib_1 = require("@naturalcycles/js-lib");
+const jsonwebtoken = require("jsonwebtoken");
+exports.jsonwebtoken = jsonwebtoken;
+const joi_shared_schemas_1 = require("../validation/joi/joi.shared.schemas");
+const joi_validation_util_1 = require("../validation/joi/joi.validation.util");
+// todo: define JWTError and list possible options
+/**
+ * Wraps popular `jsonwebtoken` library.
+ * You should create one instance of JWTService for each pair of private/public key.
+ *
+ * Generate key pair like this:
+ * openssl ecparam -name secp256k1 -genkey -noout -out key.pem
+ * openssl ec -in key.pem -pubout > key.pub.pem
+ */
+class JWTService {
+    constructor(cfg) {
+        this.cfg = cfg;
+    }
+    sign(payload, schema, opt = {}) {
+        (0, js_lib_1._assert)(this.cfg.privateKey, 'JWTService: privateKey is required to be able to verify, but not provided');
+        if (schema) {
+            (0, joi_validation_util_1.validate)(payload, schema);
+        }
+        return jsonwebtoken.sign(payload, this.cfg.privateKey, {
+            algorithm: this.cfg.algorithm,
+            noTimestamp: true,
+            ...this.cfg.signOptions,
+            ...opt,
+        });
+    }
+    verify(token, schema, opt = {}) {
+        (0, js_lib_1._assert)(this.cfg.publicKey, 'JWTService: publicKey is required to be able to verify, but not provided');
+        try {
+            const data = jsonwebtoken.verify(token, this.cfg.publicKey, {
+                algorithms: [this.cfg.algorithm],
+                ...this.cfg.verifyOptions,
+                ...opt,
+            });
+            if (schema) {
+                (0, joi_validation_util_1.validate)(data, schema);
+            }
+            return data;
+        }
+        catch (err) {
+            if (this.cfg.errorData) {
+                (0, js_lib_1._typeCast)(err);
+                (0, js_lib_1._errorDataAppend)(err, {
+                    ...this.cfg.errorData,
+                });
+            }
+            throw err;
+        }
+    }
+    decode(token, schema) {
+        const data = jsonwebtoken.decode(token, {
+            complete: true,
+        });
+        (0, js_lib_1._assert)(data, 'invalid token, decoded value is null', {
+            ...this.cfg.errorData,
+        });
+        (0, joi_validation_util_1.validate)(data.payload, schema || joi_shared_schemas_1.anyObjectSchema);
+        return data;
+    }
+}
+exports.JWTService = JWTService;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/nodejs-lib",
-  "version": "12.80.4",
+  "version": "12.81.0",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",
@@ -15,6 +15,7 @@
   },
   "dependencies": {
     "@naturalcycles/js-lib": "^14.0.0",
+    "@types/jsonwebtoken": "^8.5.9",
     "@types/through2-concurrent": "^2.0.0",
     "ajv": "^8.6.2",
     "ajv-formats": "^2.1.0",
@@ -31,6 +32,7 @@
     "globby": "^11.0.0",
     "got": "^11.0.1",
     "joi": "17.4.2",
+    "jsonwebtoken": "^8.5.1",
     "lru-cache": "^7.4.0",
     "move-file": "^2.0.0",
     "through2-concurrent": "^2.0.0",

package/src/index.ts

@@ -72,6 +72,7 @@ export * from './validation/joi/joi.shared.schemas'
 export * from './validation/joi/joi.validation.error'
 export * from './validation/joi/joi.validation.util'
 export * from './script'
+export * from './jwt/jwt.service'
 
 export type {
   GlobbyOptions,

package/src/jwt/jwt.service.ts

@@ -0,0 +1,143 @@
+import {
+  _assert,
+  _errorDataAppend,
+  _typeCast,
+  AnyObject,
+  ErrorData,
+  JWTString,
+} from '@naturalcycles/js-lib'
+import type { Algorithm, VerifyOptions, JwtHeader, SignOptions } from 'jsonwebtoken'
+import * as jsonwebtoken from 'jsonwebtoken'
+import { AnySchemaTyped } from '../validation/joi/joi.model'
+import { anyObjectSchema } from '../validation/joi/joi.shared.schemas'
+import { validate } from '../validation/joi/joi.validation.util'
+export { jsonwebtoken }
+export type { Algorithm, VerifyOptions, SignOptions, JwtHeader }
+
+export interface JWTServiceCfg {
+  /**
+   * Public key is required to Verify incoming tokens.
+   * Optional if you only want to Decode or Sign.
+   */
+  publicKey?: string | Buffer
+  /**
+   * Private key is required to Sign (create) outgoing tokens.
+   * Optional if you only want to Decode or Verify.
+   */
+  privateKey?: string | Buffer
+
+  /**
+   * Recommended: ES256
+   */
+  algorithm: Algorithm
+
+  /**
+   * If provided - will be applied to every Sign operation.
+   */
+  signOptions?: SignOptions
+
+  /**
+   * If provided - will be applied to every Sign operation.
+   */
+  verifyOptions?: VerifyOptions
+
+  /**
+   * If set - errors thrown from this service will be extended
+   * with this errorData (in err.data)
+   */
+  errorData?: ErrorData
+}
+
+// todo: define JWTError and list possible options
+
+/**
+ * Wraps popular `jsonwebtoken` library.
+ * You should create one instance of JWTService for each pair of private/public key.
+ *
+ * Generate key pair like this:
+ * openssl ecparam -name secp256k1 -genkey -noout -out key.pem
+ * openssl ec -in key.pem -pubout > key.pub.pem
+ */
+export class JWTService {
+  constructor(public cfg: JWTServiceCfg) {}
+
+  sign<T extends AnyObject>(
+    payload: T,
+    schema?: AnySchemaTyped<T>,
+    opt: SignOptions = {},
+  ): JWTString {
+    _assert(
+      this.cfg.privateKey,
+      'JWTService: privateKey is required to be able to verify, but not provided',
+    )
+
+    if (schema) {
+      validate(payload, schema)
+    }
+
+    return jsonwebtoken.sign(payload, this.cfg.privateKey, {
+      algorithm: this.cfg.algorithm,
+      noTimestamp: true,
+      ...this.cfg.signOptions,
+      ...opt,
+    })
+  }
+
+  verify<T extends AnyObject>(
+    token: JWTString,
+    schema?: AnySchemaTyped<T>,
+    opt: VerifyOptions = {},
+  ): T {
+    _assert(
+      this.cfg.publicKey,
+      'JWTService: publicKey is required to be able to verify, but not provided',
+    )
+
+    try {
+      const data = jsonwebtoken.verify(token, this.cfg.publicKey, {
+        algorithms: [this.cfg.algorithm],
+        ...this.cfg.verifyOptions,
+        ...opt,
+      }) as T
+
+      if (schema) {
+        validate(data, schema)
+      }
+
+      return data
+    } catch (err) {
+      if (this.cfg.errorData) {
+        _typeCast<Error>(err)
+        _errorDataAppend(err, {
+          ...this.cfg.errorData,
+        })
+      }
+      throw err
+    }
+  }
+
+  decode<T extends AnyObject>(
+    token: JWTString,
+    schema?: AnySchemaTyped<T>,
+  ): {
+    header: JwtHeader
+    payload: T
+    signature: string
+  } {
+    const data = jsonwebtoken.decode(token, {
+      complete: true,
+    }) as {
+      header: JwtHeader
+      payload: T
+      signature: string
+    } | null
+
+    _assert(data, 'invalid token, decoded value is null', {
+      ...this.cfg.errorData,
+    })
+
+    validate(data.payload, schema || anyObjectSchema)
+
+    return data
+  }
+}