@nitrotool/jwt 0.0.7 → 0.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -46
- package/dist/h3.d.mts +1 -1
- package/dist/h3.d.ts +1 -1
- package/dist/h3.mjs +1 -1
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -75,52 +75,6 @@ Supported token locations:
|
|
|
75
75
|
- Authorization header: `Authorization: Bearer <token>`
|
|
76
76
|
- Query string: `?token=<token>`
|
|
77
77
|
|
|
78
|
-
## API Reference
|
|
79
|
-
|
|
80
|
-
All helpers are asynchronous.
|
|
81
|
-
|
|
82
|
-
### JWT helpers
|
|
83
|
-
|
|
84
|
-
- `encodeJwtRaw<T>(payload, secret, ttl = 60): Promise<string>`
|
|
85
|
-
- Signs a token with the provided `secret`.
|
|
86
|
-
- `ttl` is in seconds. Default: `60`.
|
|
87
|
-
- `exp` is set automatically from `ttl`.
|
|
88
|
-
|
|
89
|
-
- `encodeJwt<T>(payload): Promise<string>`
|
|
90
|
-
- Same as `encodeJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
|
|
91
|
-
|
|
92
|
-
- `verifyJwtRaw(token, secret): Promise<boolean>`
|
|
93
|
-
- Verifies signature and expiry using the provided `secret`.
|
|
94
|
-
|
|
95
|
-
- `verifyJwt(token): Promise<boolean>`
|
|
96
|
-
- Same as `verifyJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
|
|
97
|
-
|
|
98
|
-
- `decodeJwtRaw<T>(token, secret, { verify = true } = {}): Promise<T & Partial<JwtPayload>>`
|
|
99
|
-
- Decodes the token. When `verify` is `true`, verifies signature and expiry.
|
|
100
|
-
- Throws `UnauthorizedError('Invalid JWT token.')` if verification fails.
|
|
101
|
-
- Throws if `verify` is `true` but `secret` is empty.
|
|
102
|
-
|
|
103
|
-
- `decodeJwt<T>(token, { verify = true } = {}): Promise<T & Partial<JwtPayload>>`
|
|
104
|
-
- Same as `decodeJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
|
|
105
|
-
- Throws `UnauthorizedError('Invalid JWT token.')` if verification fails.
|
|
106
|
-
|
|
107
|
-
Types:
|
|
108
|
-
- `ExtendableJwtPayload<T>` lets you define custom claims merged with standard JWT claims.
|
|
109
|
-
|
|
110
|
-
### h3 helpers
|
|
111
|
-
|
|
112
|
-
- `extractBearerToken(event): string | undefined`
|
|
113
|
-
- Reads `Authorization` header and returns the token without `Bearer `.
|
|
114
|
-
|
|
115
|
-
- `extractQueryToken(event): string | undefined`
|
|
116
|
-
- Reads `token` from the query string.
|
|
117
|
-
|
|
118
|
-
- `extractApiToken(event): string | undefined`
|
|
119
|
-
- Returns the first non-empty token found by `extractBearerToken` or `extractQueryToken`.
|
|
120
|
-
|
|
121
|
-
- `requireApiToken(event): string`
|
|
122
|
-
- Same as `extractApiToken`, but throws `UnauthenticatedError` if missing.
|
|
123
|
-
|
|
124
78
|
## Configuration
|
|
125
79
|
|
|
126
80
|
When using non-`Raw` helpers, ensure a secret is available at runtime:
|
|
@@ -176,6 +130,53 @@ const ok = await verifyJwtRaw(token, process.env.JWT_SECRET!);
|
|
|
176
130
|
- Only set `verify: false` for non-sensitive, debug-like operations.
|
|
177
131
|
- Rotate secrets periodically and invalidate old tokens if needed.
|
|
178
132
|
|
|
133
|
+
## API Reference
|
|
134
|
+
|
|
135
|
+
All helpers are asynchronous.
|
|
136
|
+
|
|
137
|
+
### JWT helpers
|
|
138
|
+
|
|
139
|
+
- `encodeJwtRaw<T>(payload, secret, ttl = 60): Promise<string>`
|
|
140
|
+
- Signs a token with the provided `secret`.
|
|
141
|
+
- `ttl` is in seconds. Default: `60`.
|
|
142
|
+
- `exp` is set automatically from `ttl`.
|
|
143
|
+
|
|
144
|
+
- `encodeJwt<T>(payload): Promise<string>`
|
|
145
|
+
- Same as `encodeJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
|
|
146
|
+
|
|
147
|
+
- `verifyJwtRaw(token, secret): Promise<boolean>`
|
|
148
|
+
- Verifies signature and expiry using the provided `secret`.
|
|
149
|
+
|
|
150
|
+
- `verifyJwt(token): Promise<boolean>`
|
|
151
|
+
- Same as `verifyJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
|
|
152
|
+
|
|
153
|
+
- `decodeJwtRaw<T>(token, secret, { verify = true } = {}): Promise<T & Partial<JwtPayload>>`
|
|
154
|
+
- Decodes the token. When `verify` is `true`, verifies signature and expiry.
|
|
155
|
+
- Throws `UnauthorizedError('Invalid JWT token.')` if verification fails.
|
|
156
|
+
- Throws if `verify` is `true` but `secret` is empty.
|
|
157
|
+
|
|
158
|
+
- `decodeJwt<T>(token, { verify = true } = {}): Promise<T & Partial<JwtPayload>>`
|
|
159
|
+
- Same as `decodeJwtRaw`, but uses `useRuntimeConfig().jwtSecret`.
|
|
160
|
+
- Throws `UnauthorizedError('Invalid JWT token.')` if verification fails.
|
|
161
|
+
|
|
162
|
+
Types:
|
|
163
|
+
- `ExtendableJwtPayload<T>` lets you define custom claims merged with standard JWT claims.
|
|
164
|
+
|
|
165
|
+
### h3 helpers
|
|
166
|
+
|
|
167
|
+
- `extractBearerToken(event): string | undefined`
|
|
168
|
+
- Reads `Authorization` header and returns the token without `Bearer `.
|
|
169
|
+
|
|
170
|
+
- `extractQueryToken(event): string | undefined`
|
|
171
|
+
- Reads `token` from the query string.
|
|
172
|
+
|
|
173
|
+
- `extractApiToken(event): string | undefined`
|
|
174
|
+
- Returns the first non-empty token found by `extractBearerToken` or `extractQueryToken`.
|
|
175
|
+
|
|
176
|
+
- `requireApiToken(event): string`
|
|
177
|
+
- Same as `extractApiToken`, but throws `UnauthenticatedError` if missing.
|
|
178
|
+
|
|
179
|
+
|
|
179
180
|
## License
|
|
180
181
|
|
|
181
182
|
MIT
|
package/dist/h3.d.mts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { H3Event } from 'h3';
|
|
2
2
|
|
|
3
3
|
declare const extractBearerToken: (event: H3Event) => string;
|
|
4
|
-
declare const extractQueryToken: (event: H3Event) => string | undefined;
|
|
4
|
+
declare const extractQueryToken: (event: H3Event, key?: string) => string | undefined;
|
|
5
5
|
declare const extractApiToken: (event: H3Event) => string | undefined;
|
|
6
6
|
declare const requireApiToken: (event: H3Event) => string;
|
|
7
7
|
|
package/dist/h3.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { H3Event } from 'h3';
|
|
2
2
|
|
|
3
3
|
declare const extractBearerToken: (event: H3Event) => string;
|
|
4
|
-
declare const extractQueryToken: (event: H3Event) => string | undefined;
|
|
4
|
+
declare const extractQueryToken: (event: H3Event, key?: string) => string | undefined;
|
|
5
5
|
declare const extractApiToken: (event: H3Event) => string | undefined;
|
|
6
6
|
declare const requireApiToken: (event: H3Event) => string;
|
|
7
7
|
|
package/dist/h3.mjs
CHANGED
|
@@ -2,7 +2,7 @@ import { getRequestHeader, getQuery } from 'h3';
|
|
|
2
2
|
import { UnauthenticatedError } from '@nitrotool/errors';
|
|
3
3
|
|
|
4
4
|
const extractBearerToken = (event) => getRequestHeader(event, "Authorization")?.replace("Bearer ", "") || void 0;
|
|
5
|
-
const extractQueryToken = (event) => getQuery(event)?.
|
|
5
|
+
const extractQueryToken = (event, key = "token") => getQuery(event)?.[key] || void 0;
|
|
6
6
|
const extractApiToken = (event) => extractBearerToken(event) || extractQueryToken(event);
|
|
7
7
|
const requireApiToken = (event) => {
|
|
8
8
|
const token = extractApiToken(event);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nitrotool/jwt",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.8",
|
|
4
4
|
"main": "dist/index.mjs",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": {
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"types": "./dist/index.d.ts",
|
|
12
12
|
"dependencies": {
|
|
13
13
|
"@tsndr/cloudflare-worker-jwt": "^3.2.0",
|
|
14
|
-
"@nitrotool/errors": "0.0.
|
|
14
|
+
"@nitrotool/errors": "0.0.8"
|
|
15
15
|
},
|
|
16
16
|
"peerDependencies": {
|
|
17
17
|
"h3": "^1.15.3"
|