@valbuild/server 0.12.0 → 0.13.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/jest.config.js +4 -0
- package/package.json +5 -3
- package/src/LocalValServer.ts +94 -0
- package/src/ProxyValServer.ts +403 -0
- package/src/SerializedModuleContent.ts +8 -0
- package/src/Service.ts +108 -0
- package/src/ValFS.ts +22 -0
- package/src/ValFSHost.ts +66 -0
- package/src/ValModuleLoader.test.ts +75 -0
- package/src/ValModuleLoader.ts +128 -0
- package/src/ValQuickJSRuntime.ts +47 -0
- package/src/ValServer.ts +23 -0
- package/src/ValSourceFileHandler.ts +57 -0
- package/src/createRequestHandler.ts +24 -0
- package/src/expressHelpers.ts +5 -0
- package/src/getCompilerOptions.ts +50 -0
- package/src/hosting.ts +156 -0
- package/src/index.ts +12 -0
- package/src/jwt.ts +83 -0
- package/src/patch/ts/ops.test.ts +820 -0
- package/src/patch/ts/ops.ts +803 -0
- package/src/patch/ts/syntax.ts +371 -0
- package/src/patch/ts/valModule.test.ts +26 -0
- package/src/patch/ts/valModule.ts +110 -0
- package/src/patch/validation.ts +73 -0
- package/src/patchValFile.ts +102 -0
- package/src/readValFile.test.ts +49 -0
- package/src/readValFile.ts +73 -0
package/src/jwt.ts
ADDED
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
import crypto from "crypto";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
|
|
4
|
+
export function decodeJwt(token: string, secretKey?: string): unknown | null {
|
|
5
|
+
const [headerBase64, payloadBase64, signatureBase64, ...rest] =
|
|
6
|
+
token.split(".");
|
|
7
|
+
if (!headerBase64 || !payloadBase64 || !signatureBase64 || rest.length > 0) {
|
|
8
|
+
console.debug(
|
|
9
|
+
"Invalid JWT: format is not exactly {header}.{payload}.{signature}",
|
|
10
|
+
token
|
|
11
|
+
);
|
|
12
|
+
return null;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
try {
|
|
16
|
+
const parsedHeader = JSON.parse(
|
|
17
|
+
Buffer.from(headerBase64, "base64").toString("utf8")
|
|
18
|
+
) as unknown;
|
|
19
|
+
const headerVerification = JwtHeaderSchema.safeParse(parsedHeader);
|
|
20
|
+
if (!headerVerification.success) {
|
|
21
|
+
console.debug("Invalid JWT: invalid header", parsedHeader);
|
|
22
|
+
return null;
|
|
23
|
+
}
|
|
24
|
+
if (headerVerification.data.typ !== jwtHeader.typ) {
|
|
25
|
+
console.debug("Invalid JWT: invalid header typ", parsedHeader);
|
|
26
|
+
return null;
|
|
27
|
+
}
|
|
28
|
+
if (headerVerification.data.alg !== jwtHeader.alg) {
|
|
29
|
+
console.debug("Invalid JWT: invalid header alg", parsedHeader);
|
|
30
|
+
return null;
|
|
31
|
+
}
|
|
32
|
+
} catch (err) {
|
|
33
|
+
console.debug("Invalid JWT: could not parse header", err);
|
|
34
|
+
return null;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
if (secretKey) {
|
|
38
|
+
const signature = crypto
|
|
39
|
+
.createHmac("sha256", secretKey)
|
|
40
|
+
.update(`${headerBase64}.${payloadBase64}`)
|
|
41
|
+
.digest("base64");
|
|
42
|
+
if (signature !== signatureBase64) {
|
|
43
|
+
console.debug("Invalid JWT: invalid signature");
|
|
44
|
+
return null;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
try {
|
|
48
|
+
const parsedPayload = JSON.parse(
|
|
49
|
+
Buffer.from(payloadBase64, "base64").toString("utf8")
|
|
50
|
+
) as unknown;
|
|
51
|
+
return parsedPayload;
|
|
52
|
+
} catch (err) {
|
|
53
|
+
console.debug("Invalid JWT: could not parse payload", err);
|
|
54
|
+
return null;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
export function getExpire(): number {
|
|
59
|
+
return Math.floor(Date.now() / 1000) + 60 * 60 * 24 * 4; // 4 days
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
const JwtHeaderSchema = z.object({
|
|
63
|
+
alg: z.literal("HS256"),
|
|
64
|
+
typ: z.literal("JWT"),
|
|
65
|
+
});
|
|
66
|
+
type JwtHeader = z.infer<typeof JwtHeaderSchema>;
|
|
67
|
+
const jwtHeader: JwtHeader = {
|
|
68
|
+
alg: "HS256",
|
|
69
|
+
typ: "JWT",
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
const jwtHeaderBase64 = Buffer.from(JSON.stringify(jwtHeader)).toString(
|
|
73
|
+
"base64"
|
|
74
|
+
);
|
|
75
|
+
|
|
76
|
+
export function encodeJwt(payload: object, sessionKey: string): string {
|
|
77
|
+
// NOTE: this is only used for authentication, not for authorization (i.e. what a user can do) - this is handled when actually doing operations
|
|
78
|
+
const payloadBase64 = Buffer.from(JSON.stringify(payload)).toString("base64");
|
|
79
|
+
return `${jwtHeaderBase64}.${payloadBase64}.${crypto
|
|
80
|
+
.createHmac("sha256", sessionKey)
|
|
81
|
+
.update(`${jwtHeaderBase64}.${payloadBase64}`)
|
|
82
|
+
.digest("base64")}`;
|
|
83
|
+
}
|