npm - @openstax/ts-utils - Versions diffs - 1.15.5 → 1.16.0 - Mend

@openstax/ts-utils 1.15.5 → 1.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/cjs/services/authProvider/decryption.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { ConfigProviderForConfig } from '../../config';
-import { CookieAuthProvider } from '.';
+import { AuthProvider, CookieAuthProvider } from '.';
 declare type Config = {
     cookieName: string;
     encryptionPrivateKey: string;
@@ -8,9 +8,12 @@ declare type Config = {
 interface Initializer<C> {
     configSpace?: C;
 }
+export declare type DecryptionAuthProvider = CookieAuthProvider<AuthProvider & {
+    getTokenExpiration: () => Promise<number | undefined>;
+}>;
 export declare const decryptionAuthProvider: <C extends string = "decryption">(initializer: Initializer<C>) => (configProvider: { [key in C]: {
     cookieName: import("../../config").ConfigValueProvider<string>;
     encryptionPrivateKey: import("../../config").ConfigValueProvider<string>;
     signaturePublicKey: import("../../config").ConfigValueProvider<string>;
-}; }) => CookieAuthProvider;
+}; }) => DecryptionAuthProvider;
 export {};

package/dist/cjs/services/authProvider/decryption.js CHANGED Viewed

@@ -21,12 +21,18 @@ const decryptionAuthProvider = (initializer) => (configProvider) => {
             }
             return { headers };
         };
-        const loadUser = async () => {
+        const getPayload = async () => {
             const [token] = (0, _1.getAuthTokenOrCookie)(request, await cookieName());
             if (!token) {
                 return undefined;
             }
-            const result = (0, decryptAndVerify_1.decryptAndVerify)(token, await encryptionPrivateKey(), await signaturePublicKey());
+            return (0, decryptAndVerify_1.decryptAndVerify)(token, await encryptionPrivateKey(), await signaturePublicKey());
+        };
+        const loadUser = async () => {
+            const result = await getPayload();
+            if (!result) {
+                return undefined;
+            }
             if ('error' in result && result.error == 'expired token') {
                 throw new errors_1.SessionExpiredError();
             }
@@ -34,12 +40,16 @@ const decryptionAuthProvider = (initializer) => (configProvider) => {
         };
         return {
             getAuthorizedFetchConfig,
+            getTokenExpiration: async () => {
+                const result = await getPayload();
+                return result ? result.exp : undefined;
+            },
             getUser: async () => {
                 if (!user) {
                     user = await loadUser();
                 }
                 return user;
-            }
+            },
         };
     };
 };

package/dist/cjs/services/authProvider/index.d.ts CHANGED Viewed

@@ -45,9 +45,9 @@ export declare type CookieAuthProviderRequest = {
     headers: HttpHeaders;
     queryStringParameters?: QueryParams;
 };
-export declare type CookieAuthProvider = (inputs: {
+export declare type CookieAuthProvider<T extends AuthProvider = AuthProvider> = (inputs: {
     request: CookieAuthProviderRequest;
-}) => AuthProvider;
+}) => T;
 export declare type StubAuthProvider = (user: User | undefined) => AuthProvider;
 export declare const stubAuthProvider: (user?: User | undefined) => AuthProvider;
 export declare const getAuthTokenOrCookie: (request: CookieAuthProviderRequest, cookieName: string, queryKey?: string) => [string, {

package/dist/cjs/services/authProvider/utils/decryptAndVerify.d.ts CHANGED Viewed

@@ -17,11 +17,13 @@ export declare const verifyJws: (jws: string, signaturePublicKey: Buffer | strin
  * @param token the encrypted token
  * @param encryptionPrivateKey the private key used to encrypt the token
  * @param signaturePublicKey the public key used to verify the decrypted token
- * @returns {user: User} (success) or {error: string} (failure)
+ * @returns {user: User; exp: number} (success) or {error: string} (failure)
  */
 export declare const decryptAndVerify: (token: string, encryptionPrivateKey: string, signaturePublicKey: string) => {
     user: User;
+    exp: number;
 } | {
     error: string;
+    exp?: number;
 };
 export {};

package/dist/cjs/services/authProvider/utils/decryptAndVerify.js CHANGED Viewed

@@ -62,7 +62,7 @@ exports.verifyJws = verifyJws;
  * @param token the encrypted token
  * @param encryptionPrivateKey the private key used to encrypt the token
  * @param signaturePublicKey the public key used to verify the decrypted token
- * @returns {user: User} (success) or {error: string} (failure)
+ * @returns {user: User; exp: number} (success) or {error: string} (failure)
  */
 const decryptAndVerify = (token, encryptionPrivateKey, signaturePublicKey) => {
     const timestamp = Math.floor(Date.now() / 1000);
@@ -84,8 +84,8 @@ const decryptAndVerify = (token, encryptionPrivateKey, signaturePublicKey) => {
         return { error: 'invalid token' };
     }
     if (payload.exp < timestamp - clockTolerance) {
-        return { error: 'expired token' };
+        return { error: 'expired token', exp: payload.exp };
     }
-    return { user: payload.sub };
+    return { user: payload.sub, exp: payload.exp };
 };
 exports.decryptAndVerify = decryptAndVerify;

package/dist/cjs/services/launchParams/signer.d.ts CHANGED Viewed

@@ -21,7 +21,7 @@ export declare const createLaunchSigner: <C extends string = "launch">({ configS
     jwks: () => Promise<{
         keys: JWK.RawKey[];
     }>;
-    sign: (subject: string) => Promise<string>;
+    sign: (subject: string, maxExpiresIn?: string | number | undefined) => Promise<string>;
 };
 export declare type LaunchSigner = ReturnType<ReturnType<typeof createLaunchSigner>>;
 export {};

package/dist/cjs/services/launchParams/signer.js CHANGED Viewed

@@ -5,6 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createLaunchSigner = void 0;
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const ms_1 = __importDefault(require("ms"));
 const node_jose_1 = require("node-jose");
 const __1 = require("../..");
 const config_1 = require("../../config");
@@ -33,9 +34,17 @@ const createLaunchSigner = ({ configSpace }) => (configProvider) => {
         return keystore;
     });
     const jwks = async () => (await getKeyStore()).toJSON(false);
-    const sign = async (subject) => {
-        const alg = await getAlg();
+    const getExpiresInWithMax = async (maxExpiresIn) => {
         const expiresIn = await getExpiresIn();
+        const maxExpiresInSeconds = typeof maxExpiresIn === 'number' ? maxExpiresIn :
+            typeof maxExpiresIn === 'string' ? Math.floor((0, ms_1.default)(maxExpiresIn) / 1000) :
+                undefined;
+        return maxExpiresInSeconds ? Math.min(Math.floor((0, ms_1.default)(expiresIn) / 1000), maxExpiresInSeconds) : expiresIn;
+    };
+    const sign = async (subject, maxExpiresIn) => {
+        const alg = await getAlg();
+        // expiresIn can be a number of seconds or a string like '1h' or '1d'
+        const expiresIn = await getExpiresInWithMax(maxExpiresIn);
         const iss = await getIss();
         const header = { alg, iss };
         return jsonwebtoken_1.default.sign({}, await getPrivateKey(), { algorithm: alg, expiresIn, header, issuer: iss, subject });