@openstax/ts-utils 1.28.1 → 1.29.0

package/dist/cjs/services/launchParams/verifier.d.ts

@@ -3,6 +3,7 @@ import type { JWK } from 'node-jose';
 import { ConfigProviderForConfig } from '../../config';
 declare type Config = {
     trustedDomain: string;
+    bypassSignatureVerification: string;
 };
 interface Initializer<C> {
     configSpace?: C;
@@ -15,6 +16,7 @@ interface Initializer<C> {
  */
 export declare const createLaunchVerifier: <C extends string = "launch">({ configSpace, fetcher }: Initializer<C>) => (configProvider: { [key in C]: {
     trustedDomain: import("../../config").ConfigValueProvider<string>;
+    bypassSignatureVerification: import("../../config").ConfigValueProvider<string>;
 }; }) => (_services: {}, getDefaultToken?: (() => string) | undefined) => {
     verify: <T = undefined>(...args: T extends undefined ? [] | [string] : [(input: any) => T] | [string, (input: any) => T]) => Promise<T extends undefined ? jwt.JwtPayload : T>;
 };

package/dist/cjs/services/launchParams/verifier.js

@@ -37,6 +37,7 @@ const helpers_1 = require("../../misc/helpers");
 const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvider) => {
     const config = configProvider[(0, guards_1.ifDefined)(configSpace, 'launch')];
     const getTrustedDomain = (0, helpers_1.once)(() => (0, config_1.resolveConfigValue)(config.trustedDomain));
+    const getBypassSignatureVerification = (0, helpers_1.once)(async () => (await (0, config_1.resolveConfigValue)(config.bypassSignatureVerification)) === 'true');
     const getJwksClient = (0, __1.memoize)((jwksUri) => new jwks_rsa_1.JwksClient({ fetcher, jwksUri }));
     const getJwksKey = (0, __1.memoize)(async (jwksUri, kid) => {
         const client = getJwksClient(jwksUri);
@@ -63,25 +64,26 @@ const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvider) => {
         }
     };
     return (_services, getDefaultToken) => {
-        const verify = (...args) => {
+        const verify = async (...args) => {
             const [inputToken, validator] = args.length === 1
                 ? typeof args[0] === 'string'
                     ? [args[0], undefined]
                     : [undefined, args[0]]
                 : args;
+            const bypassSignatureVerification = await getBypassSignatureVerification();
             return new Promise((resolve, reject) => {
                 const token = inputToken !== null && inputToken !== void 0 ? inputToken : getDefaultToken === null || getDefaultToken === void 0 ? void 0 : getDefaultToken();
                 if (!token) {
                     return reject(new errors_1.InvalidRequestError('Missing token for launch verification'));
                 }
-                return jsonwebtoken_1.default.verify(token, getKey, {}, (err, payload) => {
+                const resolvePayload = (err, payload) => {
                     if (err && err instanceof jsonwebtoken_1.TokenExpiredError) {
                         reject(new errors_1.SessionExpiredError());
                     }
                     else if (err) {
                         reject(err);
                     }
-                    else if (typeof payload !== 'object') {
+                    else if (typeof payload !== 'object' || payload === null) {
                         reject(new Error('received JWT token with unexpected non-JSON payload'));
                     }
                     else if (!payload.sub) {
@@ -102,7 +104,13 @@ const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvider) => {
                         // conditional return types are annoying
                         resolve((validator ? validator(parsed) : parsed));
                     }
-                });
+                };
+                if (bypassSignatureVerification) {
+                    return resolvePayload(null, jsonwebtoken_1.default.decode(token));
+                }
+                else {
+                    return jsonwebtoken_1.default.verify(token, getKey, {}, resolvePayload);
+                }
             });
         };
         return { verify };