@twin.org/api-auth-entity-storage-service 0.0.1-next.27 → 0.0.1-next.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/cjs/index.cjs +6 -11
  2. package/dist/esm/index.mjs +8 -13
  3. package/dist/types/utils/tokenHelper.d.ts +1 -1
  4. package/docs/changelog.md +1 -1
  5. package/locales/en.json +1 -1
  6. package/package.json +4 -4
package/dist/cjs/index.cjs CHANGED
@@ -71,13 +71,12 @@ class TokenHelper {
71
71
  * @returns The new token and its expiry date.
72
72
  */
73
73
  static async createToken(vaultConnector, signingKeyName, subject, ttlMinutes) {
74
- // Verify was a success so we can now generate a new token.
75
74
  const nowSeconds = Math.trunc(Date.now() / 1000);
76
75
  const ttlSeconds = ttlMinutes * 60;
77
- const jwt = await web.Jwt.encodeWithSigner({ alg: web.JwtAlgorithms.EdDSA }, {
76
+ const jwt = await web.Jwt.encodeWithSigner({ alg: "EdDSA" }, {
78
77
  sub: subject,
79
78
  exp: nowSeconds + ttlSeconds
80
- }, async (alg, key, payload) => vaultConnector.sign(signingKeyName, payload));
79
+ }, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload));
81
80
  return {
82
81
  token: jwt,
83
82
  expiry: (nowSeconds + ttlSeconds) * 1000
@@ -95,14 +94,10 @@ class TokenHelper {
95
94
  if (!core.Is.stringValue(token)) {
96
95
  throw new core.UnauthorizedError(this._CLASS_NAME, "missing");
97
96
  }
98
- const decoded = await web.Jwt.verifyWithVerifier(token, async (alg, key, payload, signature) => vaultConnector.verify(signingKeyName, payload, signature));
99
- // If the signature validation failed or some of the header/payload data
100
- // is not properly populated then it is unauthorized.
101
- if (!decoded.verified ||
102
- !core.Is.object(decoded.header) ||
103
- !core.Is.object(decoded.payload) ||
104
- !core.Is.stringValue(decoded.payload.sub)) {
105
- throw new core.UnauthorizedError(this._CLASS_NAME, "invalidToken");
97
+ const decoded = await web.Jwt.verifyWithVerifier(token, async (t) => vaultModels.VaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t));
98
+ // If some of the header/payload data is not properly populated then it is unauthorized.
99
+ if (!core.Is.stringValue(decoded.payload.sub)) {
100
+ throw new core.UnauthorizedError(this._CLASS_NAME, "payloadMissingSubject");
106
101
  }
107
102
  else if (!core.Is.empty(decoded.payload?.exp) &&
108
103
  decoded.payload.exp < Math.trunc(Date.now() / 1000)) {
package/dist/esm/index.mjs CHANGED
@@ -1,8 +1,8 @@
1
1
  import { property, entity, EntitySchemaFactory, EntitySchemaHelper } from '@twin.org/entity';
2
2
  import { HttpErrorHelper } from '@twin.org/api-models';
3
3
  import { Is, UnauthorizedError, Guards, BaseError, ComponentFactory, Converter, GeneralError } from '@twin.org/core';
4
- import { VaultConnectorFactory } from '@twin.org/vault-models';
5
- import { Jwt, JwtAlgorithms, HeaderTypes, HttpStatusCode } from '@twin.org/web';
4
+ import { VaultConnectorHelper, VaultConnectorFactory } from '@twin.org/vault-models';
5
+ import { Jwt, HeaderTypes, HttpStatusCode } from '@twin.org/web';
6
6
  import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
7
7
  import { Blake2b } from '@twin.org/crypto';
8
8
 
@@ -69,13 +69,12 @@ class TokenHelper {
69
69
  * @returns The new token and its expiry date.
70
70
  */
71
71
  static async createToken(vaultConnector, signingKeyName, subject, ttlMinutes) {
72
- // Verify was a success so we can now generate a new token.
73
72
  const nowSeconds = Math.trunc(Date.now() / 1000);
74
73
  const ttlSeconds = ttlMinutes * 60;
75
- const jwt = await Jwt.encodeWithSigner({ alg: JwtAlgorithms.EdDSA }, {
74
+ const jwt = await Jwt.encodeWithSigner({ alg: "EdDSA" }, {
76
75
  sub: subject,
77
76
  exp: nowSeconds + ttlSeconds
78
- }, async (alg, key, payload) => vaultConnector.sign(signingKeyName, payload));
77
+ }, async (header, payload) => VaultConnectorHelper.jwtSigner(vaultConnector, signingKeyName, header, payload));
79
78
  return {
80
79
  token: jwt,
81
80
  expiry: (nowSeconds + ttlSeconds) * 1000
@@ -93,14 +92,10 @@ class TokenHelper {
93
92
  if (!Is.stringValue(token)) {
94
93
  throw new UnauthorizedError(this._CLASS_NAME, "missing");
95
94
  }
96
- const decoded = await Jwt.verifyWithVerifier(token, async (alg, key, payload, signature) => vaultConnector.verify(signingKeyName, payload, signature));
97
- // If the signature validation failed or some of the header/payload data
98
- // is not properly populated then it is unauthorized.
99
- if (!decoded.verified ||
100
- !Is.object(decoded.header) ||
101
- !Is.object(decoded.payload) ||
102
- !Is.stringValue(decoded.payload.sub)) {
103
- throw new UnauthorizedError(this._CLASS_NAME, "invalidToken");
95
+ const decoded = await Jwt.verifyWithVerifier(token, async (t) => VaultConnectorHelper.jwtVerifier(vaultConnector, signingKeyName, t));
96
+ // If some of the header/payload data is not properly populated then it is unauthorized.
97
+ if (!Is.stringValue(decoded.payload.sub)) {
98
+ throw new UnauthorizedError(this._CLASS_NAME, "payloadMissingSubject");
104
99
  }
105
100
  else if (!Is.empty(decoded.payload?.exp) &&
106
101
  decoded.payload.exp < Math.trunc(Date.now() / 1000)) {
package/dist/types/utils/tokenHelper.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { IVaultConnector } from "@twin.org/vault-models";
1
+ import { type IVaultConnector } from "@twin.org/vault-models";
2
2
  import { type IHttpHeaders, type IJwtHeader, type IJwtPayload } from "@twin.org/web";
3
3
  /**
4
4
  * Helper class for token operations.
package/docs/changelog.md CHANGED
@@ -1,5 +1,5 @@
1
1
  # @twin.org/api-auth-entity-storage-service - Changelog
2
2
 
3
- ## v0.0.1-next.27
3
+ ## v0.0.1-next.29
4
4
 
5
5
  - Initial Release
package/locales/en.json CHANGED
@@ -11,7 +11,7 @@
11
11
  },
12
12
  "tokenHelper": {
13
13
  "missing": "The JSON Web token could not be found in the authorization header",
14
- "invalid": "The JSON Web token signature could not be validated",
14
+ "payloadMissingSubject": "The JSON Web token payload does not contain a subject",
15
15
  "expired": "The JSON Web token has expired"
16
16
  }
17
17
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@twin.org/api-auth-entity-storage-service",
3
- "version": "0.0.1-next.27",
3
+ "version": "0.0.1-next.29",
4
4
  "description": "Auth Entity Storage contract implementation and REST endpoint definitions",
5
5
  "repository": {
6
6
  "type": "git",
@@ -14,9 +14,9 @@
14
14
  "node": ">=20.0.0"
15
15
  },
16
16
  "dependencies": {
17
- "@twin.org/api-auth-entity-storage-models": "0.0.1-next.27",
18
- "@twin.org/api-core": "0.0.1-next.27",
19
- "@twin.org/api-models": "0.0.1-next.27",
17
+ "@twin.org/api-auth-entity-storage-models": "0.0.1-next.29",
18
+ "@twin.org/api-core": "0.0.1-next.29",
19
+ "@twin.org/api-models": "0.0.1-next.29",
20
20
  "@twin.org/core": "next",
21
21
  "@twin.org/crypto": "next",
22
22
  "@twin.org/entity": "next",