@openstax/ts-utils 1.28.1 → 1.29.0

package/dist/esm/services/launchParams/verifier.d.ts

@@ -3,6 +3,7 @@ import type { JWK } from 'node-jose';
 import { ConfigProviderForConfig } from '../../config';
 declare type Config = {
     trustedDomain: string;
+    bypassSignatureVerification: string;
 };
 interface Initializer<C> {
     configSpace?: C;
@@ -15,6 +16,7 @@ interface Initializer<C> {
  */
 export declare const createLaunchVerifier: <C extends string = "launch">({ configSpace, fetcher }: Initializer<C>) => (configProvider: { [key in C]: {
     trustedDomain: import("../../config").ConfigValueProvider<string>;
+    bypassSignatureVerification: import("../../config").ConfigValueProvider<string>;
 }; }) => (_services: {}, getDefaultToken?: (() => string) | undefined) => {
     verify: <T = undefined>(...args: T extends undefined ? [] | [string] : [(input: any) => T] | [string, (input: any) => T]) => Promise<T extends undefined ? jwt.JwtPayload : T>;
 };

package/dist/esm/services/launchParams/verifier.js

@@ -11,6 +11,7 @@ import { once } from '../../misc/helpers';
 export const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvider) => {
     const config = configProvider[ifDefined(configSpace, 'launch')];
     const getTrustedDomain = once(() => resolveConfigValue(config.trustedDomain));
+    const getBypassSignatureVerification = once(async () => (await resolveConfigValue(config.bypassSignatureVerification)) === 'true');
     const getJwksClient = memoize((jwksUri) => new JwksClient({ fetcher, jwksUri }));
     const getJwksKey = memoize(async (jwksUri, kid) => {
         const client = getJwksClient(jwksUri);
@@ -37,25 +38,26 @@ export const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvide
         }
     };
     return (_services, getDefaultToken) => {
-        const verify = (...args) => {
+        const verify = async (...args) => {
             const [inputToken, validator] = args.length === 1
                 ? typeof args[0] === 'string'
                     ? [args[0], undefined]
                     : [undefined, args[0]]
                 : args;
+            const bypassSignatureVerification = await getBypassSignatureVerification();
             return new Promise((resolve, reject) => {
                 const token = inputToken !== null && inputToken !== void 0 ? inputToken : getDefaultToken === null || getDefaultToken === void 0 ? void 0 : getDefaultToken();
                 if (!token) {
                     return reject(new InvalidRequestError('Missing token for launch verification'));
                 }
-                return jwt.verify(token, getKey, {}, (err, payload) => {
+                const resolvePayload = (err, payload) => {
                     if (err && err instanceof TokenExpiredError) {
                         reject(new SessionExpiredError());
                     }
                     else if (err) {
                         reject(err);
                     }
-                    else if (typeof payload !== 'object') {
+                    else if (typeof payload !== 'object' || payload === null) {
                         reject(new Error('received JWT token with unexpected non-JSON payload'));
                     }
                     else if (!payload.sub) {
@@ -76,7 +78,13 @@ export const createLaunchVerifier = ({ configSpace, fetcher }) => (configProvide
                         // conditional return types are annoying
                         resolve((validator ? validator(parsed) : parsed));
                     }
-                });
+                };
+                if (bypassSignatureVerification) {
+                    return resolvePayload(null, jwt.decode(token));
+                }
+                else {
+                    return jwt.verify(token, getKey, {}, resolvePayload);
+                }
             });
         };
         return { verify };