npm - @superblocksteam/shared - Versions diffs - 0.9521.0 → 0.9523.0 - Mend

@superblocksteam/shared 0.9521.0 → 0.9523.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/index.d.ts +0 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +0 -1
package/dist/index.js.map +1 -1
package/dist-esm/index.d.ts +0 -1
package/dist-esm/index.d.ts.map +1 -1
package/dist-esm/index.js +0 -1
package/dist-esm/index.js.map +1 -1
package/package.json +1 -5
package/src/index.ts +0 -1
package/dist/jwt/index.d.ts +0 -2
package/dist/jwt/index.d.ts.map +0 -1
package/dist/jwt/index.js +0 -18
package/dist/jwt/index.js.map +0 -1
package/dist/jwt/verifier.d.ts +0 -39
package/dist/jwt/verifier.d.ts.map +0 -1
package/dist/jwt/verifier.js +0 -37
package/dist/jwt/verifier.js.map +0 -1
package/dist/jwt/verifier.test.d.ts +0 -2
package/dist/jwt/verifier.test.d.ts.map +0 -1
package/dist/jwt/verifier.test.js +0 -108
package/dist/jwt/verifier.test.js.map +0 -1
package/dist-esm/jwt/index.d.ts +0 -2
package/dist-esm/jwt/index.d.ts.map +0 -1
package/dist-esm/jwt/index.js +0 -2
package/dist-esm/jwt/index.js.map +0 -1
package/dist-esm/jwt/verifier.d.ts +0 -39
package/dist-esm/jwt/verifier.d.ts.map +0 -1
package/dist-esm/jwt/verifier.js +0 -30
package/dist-esm/jwt/verifier.js.map +0 -1
package/dist-esm/jwt/verifier.test.d.ts +0 -2
package/dist-esm/jwt/verifier.test.d.ts.map +0 -1
package/dist-esm/jwt/verifier.test.js +0 -106
package/dist-esm/jwt/verifier.test.js.map +0 -1
package/src/jwt/index.ts +0 -1
package/src/jwt/verifier.test.ts +0 -144
package/src/jwt/verifier.ts +0 -61

package/dist/index.d.ts CHANGED Viewed

@@ -20,5 +20,4 @@ export * from './utils/tracedEventEmitter';
 export * from './utils/unreachable';
 export * from './tracing/methodTracing';
 export * from './tracing/errorSanitizer';
-export * from './jwt';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC~~;AACzC,cAAc,OAAO,CAAC~~"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -36,5 +36,4 @@ __exportStar(require("./utils/tracedEventEmitter"), exports);
 __exportStar(require("./utils/unreachable"), exports);
 __exportStar(require("./tracing/methodTracing"), exports);
 __exportStar(require("./tracing/errorSanitizer"), exports);
-__exportStar(require("./jwt"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,0CAAwB;AACxB,0CAAwB;AACxB,0CAAwB;AACxB,4CAA0B;AAC1B,8CAA4B;AAC5B,kDAAgC;AAChC,8CAA4B;AAC5B,mDAAiC;AACjC,iDAA+B;AAC/B,0CAAwB;AACxB,+CAA6B;AAC7B,uDAAqC;AACrC,2CAAyB;AACzB,4CAA0B;AAC1B,6CAA2B;AAC3B,gDAA8B;AAC9B,yCAAuB;AACvB,6DAA2C;AAC3C,sDAAoC;AACpC,0DAAwC;AACxC,2DAAyC~~;AACzC,wCAAsB~~"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAAyB;AACzB,0CAAwB;AACxB,0CAAwB;AACxB,0CAAwB;AACxB,4CAA0B;AAC1B,8CAA4B;AAC5B,kDAAgC;AAChC,8CAA4B;AAC5B,mDAAiC;AACjC,iDAA+B;AAC/B,0CAAwB;AACxB,+CAA6B;AAC7B,uDAAqC;AACrC,2CAAyB;AACzB,4CAA0B;AAC1B,6CAA2B;AAC3B,gDAA8B;AAC9B,yCAAuB;AACvB,6DAA2C;AAC3C,sDAAoC;AACpC,0DAAwC;AACxC,2DAAyC"}

package/dist-esm/index.d.ts CHANGED Viewed

@@ -20,5 +20,4 @@ export * from './utils/tracedEventEmitter';
 export * from './utils/unreachable';
 export * from './tracing/methodTracing';
 export * from './tracing/errorSanitizer';
-export * from './jwt';
 //# sourceMappingURL=index.d.ts.map

package/dist-esm/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC~~;AACzC,cAAc,OAAO,CAAC~~"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}

package/dist-esm/index.js CHANGED Viewed

@@ -20,5 +20,4 @@ export * from './utils/tracedEventEmitter';
 export * from './utils/unreachable';
 export * from './tracing/methodTracing';
 export * from './tracing/errorSanitizer';
-export * from './jwt';
 //# sourceMappingURL=index.js.map

package/dist-esm/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC~~;AACzC,cAAc,OAAO,CAAC~~"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,UAAU,CAAC;AACzB,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,eAAe,CAAC;AAC9B,cAAc,QAAQ,CAAC;AACvB,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@superblocksteam/shared",
-  "version": "0.9521.0",
+  "version": "0.9523.0",
   "description": "Superblocks Shared Resources",
   "repository": "https://github.com/superblocksteam/shared.git",
   "license": "Superblocks Community Software License",
@@ -35,9 +35,6 @@
     "isomorphic-ws": "^5.0.0",
     "js-base64": "^3.7.5",
     "json5": "2.2.3",
-    "jsonwebtoken": "^9.0.2",
-    "jwks-rsa": "^3.1.0",
-    "jwt-decode": "^4.0.0",
     "lodash": "^4.17.21",
     "normalizr": "3.6.2",
     "pino": "6.11.0",
@@ -52,7 +49,6 @@
     "@swc/core": "^1.10.14",
     "@swc/jest": "0.2.37",
     "@types/jest": "29.5.12",
-    "@types/jsonwebtoken": "^9.0.7",
     "@types/lodash": "^4.17.0",
     "@types/node": "20.17.24",
     "@types/semver": "^7.5.6",

package/src/index.ts CHANGED Viewed

@@ -20,4 +20,3 @@ export * from './utils/tracedEventEmitter';
 export * from './utils/unreachable';
 export * from './tracing/methodTracing';
 export * from './tracing/errorSanitizer';
-export * from './jwt';

package/dist/jwt/index.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './verifier';
2	- //# sourceMappingURL=index.d.ts.map

package/dist/jwt/index.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/dist/jwt/index.js DELETED Viewed

@@ -1,18 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./verifier"), exports);
-//# sourceMappingURL=index.js.map

package/dist/jwt/index.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6CAA2B"}

package/dist/jwt/verifier.d.ts DELETED Viewed

@@ -1,39 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import { JwtPayload, VerifyOptions } from 'jsonwebtoken';
-import { Agent as HttpAgent } from 'http';
-import { Agent as HttpsAgent } from 'https';
-/**
- * Verifies JWTs using a JWKS endpoint to resolve signing keys on demand.
- */
-export declare class JwtVerifier {
-    private readonly jwks;
-    constructor(options: JwtVerifierOptions);
-    verify<T extends JwtPayload>(token: string, options?: VerifyOptions): Promise<T>;
-}
-/**
- * Options that configure how the verifier fetches and caches JWKS signing keys.
- */
-export interface JwtVerifierOptions {
-    jwksUri: string;
-    rateLimit?: boolean;
-    cache?: boolean;
-    cacheMaxEntries?: number;
-    cacheMaxAge?: number;
-    jwksRequestsPerMinute?: number;
-    proxy?: string;
-    requestHeaders?: Headers;
-    timeout?: number;
-    requestAgent?: HttpAgent | HttpsAgent;
-    fetcher?(jwksUri: string): Promise<{
-        keys: unknown;
-    }>;
-    getKeysInterceptor?(): Promise<JwtKey[]>;
-}
-export type Headers = Record<string, string>;
-export interface JwtKey {
-    kid: string;
-    alg: string;
-    [key: string]: unknown;
-}
-//# sourceMappingURL=verifier.d.ts.map

package/dist/jwt/verifier.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":";;AAEA,OAAO,EAAa,UAAU,EAAU,aAAa,EAAE,MAAM,cAAc,CAAC;AAG5E,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,KAAK,IAAI,UAAU,EAAE,MAAM,OAAO,CAAC;AAE5C;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAqB;gBAC9B,OAAO,EAAE,kBAAkB;IAIjC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC;CAiBvF;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC;IACtC,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACtD,kBAAkB,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC1C;AAED,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE7C,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}

package/dist/jwt/verifier.js DELETED Viewed

@@ -1,37 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.JwtVerifier = void 0;
-const jwks_rsa_1 = __importDefault(require("jwks-rsa"));
-const jwt_decode_1 = require("jwt-decode");
-const jsonwebtoken_1 = require("jsonwebtoken");
-const lodash_1 = require("lodash");
-const errors_1 = require("../errors");
-/**
- * Verifies JWTs using a JWKS endpoint to resolve signing keys on demand.
- */
-class JwtVerifier {
-    constructor(options) {
-        this.jwks = (0, jwks_rsa_1.default)(options);
-    }
-    async verify(token, options) {
-        const decodedHeader = (0, jwt_decode_1.jwtDecode)(token, { header: true });
-        if ((0, lodash_1.isEmpty)(decodedHeader.kid)) {
-            throw new errors_1.UnauthorizedError('Invalid JWT as kid header is missing.');
-        }
-        const publicKey = (await this.jwks.getSigningKey(decodedHeader.kid)).getPublicKey();
-        if ((0, lodash_1.isEmpty)(publicKey)) {
-            throw new errors_1.UnauthorizedError('JWT could not be verified as no corresponding public key was found.');
-        }
-        try {
-            return (0, jsonwebtoken_1.verify)(token, publicKey, options);
-        }
-        catch (err) {
-            throw new errors_1.UnauthorizedError(`JWT verification failed: ${err.message}`);
-        }
-    }
-}
-exports.JwtVerifier = JwtVerifier;
-//# sourceMappingURL=verifier.js.map

package/dist/jwt/verifier.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":";;;;;;AAAA,wDAA+B;AAC/B,2CAAuC;AACvC,+CAA4E;AAC5E,mCAAiC;AACjC,sCAA8C;AAI9C;;GAEG;AACH,MAAa,WAAW;IAEtB,YAAY,OAA2B;QACrC,IAAI,CAAC,IAAI,GAAG,IAAA,kBAAO,EAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM,CAAuB,KAAa,EAAE,OAAuB;QACvE,MAAM,aAAa,GAAG,IAAA,sBAAS,EAAY,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,IAAI,IAAA,gBAAO,EAAC,aAAa,CAAC,GAAG,CAAC,EAAE;YAC9B,MAAM,IAAI,0BAAiB,CAAC,uCAAuC,CAAC,CAAC;SACtE;QAED,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;QACpF,IAAI,IAAA,gBAAO,EAAC,SAAS,CAAC,EAAE;YACtB,MAAM,IAAI,0BAAiB,CAAC,qEAAqE,CAAC,CAAC;SACpG;QAED,IAAI;YACF,OAAO,IAAA,qBAAM,EAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAM,CAAC;SAC/C;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,0BAAiB,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;SACnF;IACH,CAAC;CACF;AAvBD,kCAuBC"}

package/dist/jwt/verifier.test.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=verifier.test.d.ts.map

package/dist/jwt/verifier.test.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"verifier.test.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":""}

package/dist/jwt/verifier.test.js DELETED Viewed

@@ -1,108 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const crypto_1 = require("crypto");
-const jsonwebtoken_1 = require("jsonwebtoken");
-const verifier_1 = require("./verifier");
-const KEY_ID = 'test-key';
-const createSigningMaterial = (kid = KEY_ID) => {
-    const { publicKey, privateKey } = (0, crypto_1.generateKeyPairSync)('rsa', {
-        modulusLength: 2048
-    });
-    const jwk = {
-        ...publicKey.export({ format: 'jwk' }),
-        kid,
-        alg: 'RS256',
-        use: 'sig'
-    };
-    return {
-        jwk,
-        privateKeyPem: privateKey.export({ type: 'pkcs1', format: 'pem' }).toString()
-    };
-};
-const buildJwtVerifier = (jwk) => {
-    const getKeysInterceptor = jest.fn(async () => [jwk]);
-    const options = {
-        jwksUri: 'https://example.com/.well-known/jwks.json',
-        cache: false,
-        getKeysInterceptor
-    };
-    return { verifier: new verifier_1.JwtVerifier(options), getKeysInterceptor };
-};
-describe('JwtVerifier', () => {
-    let signingMaterial;
-    beforeAll(() => {
-        signingMaterial = createSigningMaterial();
-    });
-    it('verifies a token with a matching JWKS entry', async () => {
-        const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-        const payload = {
-            sub: 'user-123',
-            scope: 'read:all'
-        };
-        const token = (0, jsonwebtoken_1.sign)(payload, signingMaterial.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid
-        });
-        const result = await verifier.verify(token);
-        expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
-        expect(result.sub).toBe(payload.sub);
-        expect(result.scope).toBe(payload.scope);
-    });
-    it('throws UnauthorizedError when the signature does not match the JWKS entry', async () => {
-        const { verifier } = buildJwtVerifier(signingMaterial.jwk);
-        const mismatchedKey = createSigningMaterial();
-        const invalidToken = (0, jsonwebtoken_1.sign)({ sub: 'user-456' }, mismatchedKey.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid
-        });
-        await expect(verifier.verify(invalidToken)).rejects.toMatchObject({
-            status: 401,
-            message: expect.stringContaining('invalid signature')
-        });
-    });
-    it('honors JwtVerifyOptions when audience and issuer match', async () => {
-        const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-        const audience = 'target-app';
-        const issuer = 'https://issuer.example.com';
-        const token = (0, jsonwebtoken_1.sign)({ sub: 'user-789' }, signingMaterial.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid,
-            audience,
-            issuer
-        });
-        const result = await verifier.verify(token, {
-            algorithms: ['RS256'],
-            audience,
-            issuer
-        });
-        expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
-        expect(result.sub).toBe('user-789');
-        expect(result.aud).toBe(audience);
-        expect(result.iss).toBe(issuer);
-    });
-    it('rejects when VerifyOptions constraints fail', async () => {
-        const { verifier } = buildJwtVerifier(signingMaterial.jwk);
-        const audience = 'target-app';
-        const issuer = 'https://issuer.example.com';
-        const token = (0, jsonwebtoken_1.sign)({ sub: 'user-987' }, signingMaterial.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid,
-            audience,
-            issuer
-        });
-        await expect(verifier.verify(token, {
-            algorithms: ['RS256'],
-            audience: `${audience}-mismatch`,
-            issuer
-        })).rejects.toMatchObject({
-            status: 401,
-            message: expect.stringContaining('jwt audience invalid')
-        });
-    });
-    it('rejects malformed tokens before attempting JWKS lookup', async () => {
-        const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-        await expect(verifier.verify('definitely-not-a-jwt')).rejects.toThrow('Invalid token specified');
-        expect(getKeysInterceptor).not.toHaveBeenCalled();
-    });
-});
-//# sourceMappingURL=verifier.test.js.map

package/dist/jwt/verifier.test.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"verifier.test.js","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":";;AAAA,mCAA6C;AAC7C,+CAAgD;AAEhD,yCAAqE;AAOrE,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAC,GAAG,GAAG,MAAM,EAAmB,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAA,4BAAmB,EAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG;QACV,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACtC,GAAG;QACH,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACe,CAAC;IAE5B,OAAO;QACL,GAAG;QACH,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9E,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAA2B,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAuB;QAClC,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,KAAK;QACZ,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,IAAI,sBAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;AACpE,CAAC,CAAC;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,eAAgC,CAAC;IACrC,SAAS,CAAC,GAAG,EAAE;QACb,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,UAAU;SAClB,CAAC;QAEF,MAAM,KAAK,GAAG,IAAA,mBAAI,EAAC,OAAO,EAAE,eAAe,CAAC,aAAa,EAAE;YACzD,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAe,KAAK,CAAC,CAAC;QAE1D,MAAM,CAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;QAE9C,MAAM,YAAY,GAAG,IAAA,mBAAI,EAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,aAAa,CAAC,aAAa,EAAE;YAC1E,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;YAChE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC;SACtD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAA,mBAAI,EAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,eAAe,CAAC,aAAa,EAAE;YACrE,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;YAC9B,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAgB,KAAK,EAAE;YACzD,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,CAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAA,mBAAI,EAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,eAAe,CAAC,aAAa,EAAE;YACrE,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;YAC9B,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,MAAM,CACV,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE;YACrB,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ,EAAE,GAAG,QAAQ,WAAW;YAChC,MAAM;SACP,CAAC,CACH,CAAC,OAAO,CAAC,aAAa,CAAC;YACtB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,sBAAsB,CAAC;SACzD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QACjG,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist-esm/jwt/index.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './verifier';
2	- //# sourceMappingURL=index.d.ts.map

package/dist-esm/jwt/index.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/dist-esm/jwt/index.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export * from './verifier';
2	- //# sourceMappingURL=index.js.map

package/dist-esm/jwt/index.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC"}

package/dist-esm/jwt/verifier.d.ts DELETED Viewed

@@ -1,39 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-import { JwtPayload, VerifyOptions } from 'jsonwebtoken';
-import { Agent as HttpAgent } from 'http';
-import { Agent as HttpsAgent } from 'https';
-/**
- * Verifies JWTs using a JWKS endpoint to resolve signing keys on demand.
- */
-export declare class JwtVerifier {
-    private readonly jwks;
-    constructor(options: JwtVerifierOptions);
-    verify<T extends JwtPayload>(token: string, options?: VerifyOptions): Promise<T>;
-}
-/**
- * Options that configure how the verifier fetches and caches JWKS signing keys.
- */
-export interface JwtVerifierOptions {
-    jwksUri: string;
-    rateLimit?: boolean;
-    cache?: boolean;
-    cacheMaxEntries?: number;
-    cacheMaxAge?: number;
-    jwksRequestsPerMinute?: number;
-    proxy?: string;
-    requestHeaders?: Headers;
-    timeout?: number;
-    requestAgent?: HttpAgent | HttpsAgent;
-    fetcher?(jwksUri: string): Promise<{
-        keys: unknown;
-    }>;
-    getKeysInterceptor?(): Promise<JwtKey[]>;
-}
-export type Headers = Record<string, string>;
-export interface JwtKey {
-    kid: string;
-    alg: string;
-    [key: string]: unknown;
-}
-//# sourceMappingURL=verifier.d.ts.map

package/dist-esm/jwt/verifier.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

package/dist-esm/jwt/verifier.js DELETED Viewed

@@ -1,30 +0,0 @@
-import jwksRsa from 'jwks-rsa';
-import { jwtDecode } from 'jwt-decode';
-import { verify } from 'jsonwebtoken';
-import { isEmpty } from 'lodash';
-import { UnauthorizedError } from '../errors';
-/**
- * Verifies JWTs using a JWKS endpoint to resolve signing keys on demand.
- */
-export class JwtVerifier {
-    constructor(options) {
-        this.jwks = jwksRsa(options);
-    }
-    async verify(token, options) {
-        const decodedHeader = jwtDecode(token, { header: true });
-        if (isEmpty(decodedHeader.kid)) {
-            throw new UnauthorizedError('Invalid JWT as kid header is missing.');
-        }
-        const publicKey = (await this.jwks.getSigningKey(decodedHeader.kid)).getPublicKey();
-        if (isEmpty(publicKey)) {
-            throw new UnauthorizedError('JWT could not be verified as no corresponding public key was found.');
-        }
-        try {
-            return verify(token, publicKey, options);
-        }
-        catch (err) {
-            throw new UnauthorizedError(`JWT verification failed: ${err.message}`);
-        }
-    }
-}
-//# sourceMappingURL=verifier.js.map

package/dist-esm/jwt/verifier.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAyB,MAAM,EAAiB,MAAM,cAAc,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAI9C;;GAEG;AACH,MAAM,OAAO,WAAW;IAEtB,YAAY,OAA2B;QACrC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM,CAAuB,KAAa,EAAE,OAAuB;QACvE,MAAM,aAAa,GAAG,SAAS,CAAY,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,IAAI,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE;YAC9B,MAAM,IAAI,iBAAiB,CAAC,uCAAuC,CAAC,CAAC;SACtE;QAED,MAAM,SAAS,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;QACpF,IAAI,OAAO,CAAC,SAAS,CAAC,EAAE;YACtB,MAAM,IAAI,iBAAiB,CAAC,qEAAqE,CAAC,CAAC;SACpG;QAED,IAAI;YACF,OAAO,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAM,CAAC;SAC/C;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,iBAAiB,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;SACnF;IACH,CAAC;CACF"}

package/dist-esm/jwt/verifier.test.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=verifier.test.d.ts.map

package/dist-esm/jwt/verifier.test.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"verifier.test.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":""}

package/dist-esm/jwt/verifier.test.js DELETED Viewed

@@ -1,106 +0,0 @@
-import { generateKeyPairSync } from 'crypto';
-import { sign } from 'jsonwebtoken';
-import { JwtVerifier } from './verifier';
-const KEY_ID = 'test-key';
-const createSigningMaterial = (kid = KEY_ID) => {
-    const { publicKey, privateKey } = generateKeyPairSync('rsa', {
-        modulusLength: 2048
-    });
-    const jwk = {
-        ...publicKey.export({ format: 'jwk' }),
-        kid,
-        alg: 'RS256',
-        use: 'sig'
-    };
-    return {
-        jwk,
-        privateKeyPem: privateKey.export({ type: 'pkcs1', format: 'pem' }).toString()
-    };
-};
-const buildJwtVerifier = (jwk) => {
-    const getKeysInterceptor = jest.fn(async () => [jwk]);
-    const options = {
-        jwksUri: 'https://example.com/.well-known/jwks.json',
-        cache: false,
-        getKeysInterceptor
-    };
-    return { verifier: new JwtVerifier(options), getKeysInterceptor };
-};
-describe('JwtVerifier', () => {
-    let signingMaterial;
-    beforeAll(() => {
-        signingMaterial = createSigningMaterial();
-    });
-    it('verifies a token with a matching JWKS entry', async () => {
-        const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-        const payload = {
-            sub: 'user-123',
-            scope: 'read:all'
-        };
-        const token = sign(payload, signingMaterial.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid
-        });
-        const result = await verifier.verify(token);
-        expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
-        expect(result.sub).toBe(payload.sub);
-        expect(result.scope).toBe(payload.scope);
-    });
-    it('throws UnauthorizedError when the signature does not match the JWKS entry', async () => {
-        const { verifier } = buildJwtVerifier(signingMaterial.jwk);
-        const mismatchedKey = createSigningMaterial();
-        const invalidToken = sign({ sub: 'user-456' }, mismatchedKey.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid
-        });
-        await expect(verifier.verify(invalidToken)).rejects.toMatchObject({
-            status: 401,
-            message: expect.stringContaining('invalid signature')
-        });
-    });
-    it('honors JwtVerifyOptions when audience and issuer match', async () => {
-        const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-        const audience = 'target-app';
-        const issuer = 'https://issuer.example.com';
-        const token = sign({ sub: 'user-789' }, signingMaterial.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid,
-            audience,
-            issuer
-        });
-        const result = await verifier.verify(token, {
-            algorithms: ['RS256'],
-            audience,
-            issuer
-        });
-        expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
-        expect(result.sub).toBe('user-789');
-        expect(result.aud).toBe(audience);
-        expect(result.iss).toBe(issuer);
-    });
-    it('rejects when VerifyOptions constraints fail', async () => {
-        const { verifier } = buildJwtVerifier(signingMaterial.jwk);
-        const audience = 'target-app';
-        const issuer = 'https://issuer.example.com';
-        const token = sign({ sub: 'user-987' }, signingMaterial.privateKeyPem, {
-            algorithm: 'RS256',
-            keyid: signingMaterial.jwk.kid,
-            audience,
-            issuer
-        });
-        await expect(verifier.verify(token, {
-            algorithms: ['RS256'],
-            audience: `${audience}-mismatch`,
-            issuer
-        })).rejects.toMatchObject({
-            status: 401,
-            message: expect.stringContaining('jwt audience invalid')
-        });
-    });
-    it('rejects malformed tokens before attempting JWKS lookup', async () => {
-        const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-        await expect(verifier.verify('definitely-not-a-jwt')).rejects.toThrow('Invalid token specified');
-        expect(getKeysInterceptor).not.toHaveBeenCalled();
-    });
-});
-//# sourceMappingURL=verifier.test.js.map

package/dist-esm/jwt/verifier.test.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"verifier.test.js","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AAC7C,OAAO,EAAc,IAAI,EAAE,MAAM,cAAc,CAAC;AAEhD,OAAO,EAAE,WAAW,EAA8B,MAAM,YAAY,CAAC;AAOrE,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAC,GAAG,GAAG,MAAM,EAAmB,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG;QACV,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACtC,GAAG;QACH,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACe,CAAC;IAE5B,OAAO;QACL,GAAG;QACH,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9E,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAA2B,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,IAAI,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAuB;QAClC,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,KAAK;QACZ,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;AACpE,CAAC,CAAC;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,eAAgC,CAAC;IACrC,SAAS,CAAC,GAAG,EAAE;QACb,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,UAAU;SAClB,CAAC;QAEF,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,aAAa,EAAE;YACzD,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAe,KAAK,CAAC,CAAC;QAE1D,MAAM,CAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;QAE9C,MAAM,YAAY,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,aAAa,CAAC,aAAa,EAAE;YAC1E,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;SAC/B,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;YAChE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC;SACtD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,eAAe,CAAC,aAAa,EAAE;YACrE,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;YAC9B,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAgB,KAAK,EAAE;YACzD,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,CAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,eAAe,CAAC,aAAa,EAAE;YACrE,SAAS,EAAE,OAAO;YAClB,KAAK,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;YAC9B,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,MAAM,CACV,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE;YACrB,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ,EAAE,GAAG,QAAQ,WAAW;YAChC,MAAM;SACP,CAAC,CACH,CAAC,OAAO,CAAC,aAAa,CAAC;YACtB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,sBAAsB,CAAC;SACzD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QACjG,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/src/jwt/index.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export * from './verifier';

package/src/jwt/verifier.test.ts DELETED Viewed

@@ -1,144 +0,0 @@
-import { generateKeyPairSync } from 'crypto';
-import { JwtPayload, sign } from 'jsonwebtoken';
-import { JwtVerifier, JwtVerifierOptions, JwtKey } from './verifier';
-type SigningMaterial = {
-  privateKeyPem: string;
-  jwk: JwtKey;
-};
-const KEY_ID = 'test-key';
-const createSigningMaterial = (kid = KEY_ID): SigningMaterial => {
-  const { publicKey, privateKey } = generateKeyPairSync('rsa', {
-    modulusLength: 2048
-  });
-  const jwk = {
-    ...publicKey.export({ format: 'jwk' }),
-    kid,
-    alg: 'RS256',
-    use: 'sig'
-  } as SigningMaterial['jwk'];
-  return {
-    jwk,
-    privateKeyPem: privateKey.export({ type: 'pkcs1', format: 'pem' }).toString()
-  };
-};
-const buildJwtVerifier = (jwk: SigningMaterial['jwk']) => {
-  const getKeysInterceptor = jest.fn(async () => [jwk]);
-  const options: JwtVerifierOptions = {
-    jwksUri: 'https://example.com/.well-known/jwks.json',
-    cache: false,
-    getKeysInterceptor
-  };
-  return { verifier: new JwtVerifier(options), getKeysInterceptor };
-};
-describe('JwtVerifier', () => {
-  let signingMaterial: SigningMaterial;
-  beforeAll(() => {
-    signingMaterial = createSigningMaterial();
-  });
-  it('verifies a token with a matching JWKS entry', async () => {
-    const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-    type TokenPayload = JwtPayload & { scope: string };
-    const payload: TokenPayload = {
-      sub: 'user-123',
-      scope: 'read:all'
-    };
-    const token = sign(payload, signingMaterial.privateKeyPem, {
-      algorithm: 'RS256',
-      keyid: signingMaterial.jwk.kid
-    });
-    const result = await verifier.verify<TokenPayload>(token);
-    expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
-    expect(result.sub).toBe(payload.sub);
-    expect(result.scope).toBe(payload.scope);
-  });
-  it('throws UnauthorizedError when the signature does not match the JWKS entry', async () => {
-    const { verifier } = buildJwtVerifier(signingMaterial.jwk);
-    const mismatchedKey = createSigningMaterial();
-    const invalidToken = sign({ sub: 'user-456' }, mismatchedKey.privateKeyPem, {
-      algorithm: 'RS256',
-      keyid: signingMaterial.jwk.kid
-    });
-    await expect(verifier.verify(invalidToken)).rejects.toMatchObject({
-      status: 401,
-      message: expect.stringContaining('invalid signature')
-    });
-  });
-  it('honors JwtVerifyOptions when audience and issuer match', async () => {
-    const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-    type ScopedPayload = JwtPayload & { sub: string };
-    const audience = 'target-app';
-    const issuer = 'https://issuer.example.com';
-    const token = sign({ sub: 'user-789' }, signingMaterial.privateKeyPem, {
-      algorithm: 'RS256',
-      keyid: signingMaterial.jwk.kid,
-      audience,
-      issuer
-    });
-    const result = await verifier.verify<ScopedPayload>(token, {
-      algorithms: ['RS256'],
-      audience,
-      issuer
-    });
-    expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
-    expect(result.sub).toBe('user-789');
-    expect(result.aud).toBe(audience);
-    expect(result.iss).toBe(issuer);
-  });
-  it('rejects when VerifyOptions constraints fail', async () => {
-    const { verifier } = buildJwtVerifier(signingMaterial.jwk);
-    const audience = 'target-app';
-    const issuer = 'https://issuer.example.com';
-    const token = sign({ sub: 'user-987' }, signingMaterial.privateKeyPem, {
-      algorithm: 'RS256',
-      keyid: signingMaterial.jwk.kid,
-      audience,
-      issuer
-    });
-    await expect(
-      verifier.verify(token, {
-        algorithms: ['RS256'],
-        audience: `${audience}-mismatch`,
-        issuer
-      })
-    ).rejects.toMatchObject({
-      status: 401,
-      message: expect.stringContaining('jwt audience invalid')
-    });
-  });
-  it('rejects malformed tokens before attempting JWKS lookup', async () => {
-    const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
-    await expect(verifier.verify('definitely-not-a-jwt')).rejects.toThrow('Invalid token specified');
-    expect(getKeysInterceptor).not.toHaveBeenCalled();
-  });
-});

package/src/jwt/verifier.ts DELETED Viewed

@@ -1,61 +0,0 @@
-import jwksRsa from 'jwks-rsa';
-import { jwtDecode } from 'jwt-decode';
-import { JwtHeader, JwtPayload, verify, VerifyOptions } from 'jsonwebtoken';
-import { isEmpty } from 'lodash';
-import { UnauthorizedError } from '../errors';
-import { Agent as HttpAgent } from 'http';
-import { Agent as HttpsAgent } from 'https';
-/**
- * Verifies JWTs using a JWKS endpoint to resolve signing keys on demand.
- */
-export class JwtVerifier {
-  private readonly jwks: jwksRsa.JwksClient;
-  constructor(options: JwtVerifierOptions) {
-    this.jwks = jwksRsa(options);
-  }
-  async verify<T extends JwtPayload>(token: string, options?: VerifyOptions): Promise<T> {
-    const decodedHeader = jwtDecode<JwtHeader>(token, { header: true });
-    if (isEmpty(decodedHeader.kid)) {
-      throw new UnauthorizedError('Invalid JWT as kid header is missing.');
-    }
-    const publicKey = (await this.jwks.getSigningKey(decodedHeader.kid)).getPublicKey();
-    if (isEmpty(publicKey)) {
-      throw new UnauthorizedError('JWT could not be verified as no corresponding public key was found.');
-    }
-    try {
-      return verify(token, publicKey, options) as T;
-    } catch (err) {
-      throw new UnauthorizedError(`JWT verification failed: ${(err as Error).message}`);
-    }
-  }
-}
-/**
- * Options that configure how the verifier fetches and caches JWKS signing keys.
- */
-export interface JwtVerifierOptions {
-  jwksUri: string;
-  rateLimit?: boolean;
-  cache?: boolean;
-  cacheMaxEntries?: number;
-  cacheMaxAge?: number;
-  jwksRequestsPerMinute?: number;
-  proxy?: string;
-  requestHeaders?: Headers;
-  timeout?: number;
-  requestAgent?: HttpAgent | HttpsAgent;
-  fetcher?(jwksUri: string): Promise<{ keys: unknown }>;
-  getKeysInterceptor?(): Promise<JwtKey[]>;
-}
-export type Headers = Record<string, string>;
-export interface JwtKey {
-  kid: string;
-  alg: string;
-  [key: string]: unknown;
-}