hono 4.10.0 → 4.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/utils/jwt/jwt.js +27 -1
- package/dist/cjs/utils/jwt/types.js +18 -0
- package/dist/types/helper/factory/index.d.ts +2 -2
- package/dist/types/utils/jwt/jwt.d.ts +2 -0
- package/dist/types/utils/jwt/types.d.ts +10 -0
- package/dist/utils/jwt/jwt.js +29 -1
- package/dist/utils/jwt/types.js +16 -0
- package/package.json +1 -1
|
@@ -62,7 +62,8 @@ const verify = async (token, publicKey, algOrOptions) => {
|
|
|
62
62
|
iss: optsIn.iss,
|
|
63
63
|
nbf: optsIn.nbf ?? true,
|
|
64
64
|
exp: optsIn.exp ?? true,
|
|
65
|
-
iat: optsIn.iat ?? true
|
|
65
|
+
iat: optsIn.iat ?? true,
|
|
66
|
+
aud: optsIn.aud
|
|
66
67
|
};
|
|
67
68
|
const tokenParts = token.split(".");
|
|
68
69
|
if (tokenParts.length !== 3) {
|
|
@@ -93,6 +94,31 @@ const verify = async (token, publicKey, algOrOptions) => {
|
|
|
93
94
|
throw new import_types.JwtTokenIssuer(opts.iss, payload.iss);
|
|
94
95
|
}
|
|
95
96
|
}
|
|
97
|
+
if (opts.aud) {
|
|
98
|
+
if (!payload.aud) {
|
|
99
|
+
throw new import_types.JwtPayloadRequiresAud(payload);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
if (payload.aud) {
|
|
103
|
+
const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
|
|
104
|
+
const matched = audiences.some((aud) => {
|
|
105
|
+
if (opts.aud instanceof RegExp && opts.aud.test(aud)) {
|
|
106
|
+
return true;
|
|
107
|
+
} else if (typeof opts.aud === "string") {
|
|
108
|
+
if (aud === opts.aud) {
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
} else if (Array.isArray(opts.aud)) {
|
|
112
|
+
if (opts.aud.includes(aud)) {
|
|
113
|
+
return true;
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
return false;
|
|
117
|
+
});
|
|
118
|
+
if (opts.aud && !matched) {
|
|
119
|
+
throw new import_types.JwtTokenAudience(opts.aud, payload.aud);
|
|
120
|
+
}
|
|
121
|
+
}
|
|
96
122
|
const headerPayload = token.substring(0, token.lastIndexOf("."));
|
|
97
123
|
const verified = await (0, import_jws.verifying)(
|
|
98
124
|
publicKey,
|
|
@@ -22,6 +22,8 @@ __export(types_exports, {
|
|
|
22
22
|
JwtAlgorithmNotImplemented: () => JwtAlgorithmNotImplemented,
|
|
23
23
|
JwtHeaderInvalid: () => JwtHeaderInvalid,
|
|
24
24
|
JwtHeaderRequiresKid: () => JwtHeaderRequiresKid,
|
|
25
|
+
JwtPayloadRequiresAud: () => JwtPayloadRequiresAud,
|
|
26
|
+
JwtTokenAudience: () => JwtTokenAudience,
|
|
25
27
|
JwtTokenExpired: () => JwtTokenExpired,
|
|
26
28
|
JwtTokenInvalid: () => JwtTokenInvalid,
|
|
27
29
|
JwtTokenIssuedAt: () => JwtTokenIssuedAt,
|
|
@@ -86,6 +88,20 @@ class JwtTokenSignatureMismatched extends Error {
|
|
|
86
88
|
this.name = "JwtTokenSignatureMismatched";
|
|
87
89
|
}
|
|
88
90
|
}
|
|
91
|
+
class JwtPayloadRequiresAud extends Error {
|
|
92
|
+
constructor(payload) {
|
|
93
|
+
super(`required "aud" in jwt payload: ${JSON.stringify(payload)}`);
|
|
94
|
+
this.name = "JwtPayloadRequiresAud";
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
class JwtTokenAudience extends Error {
|
|
98
|
+
constructor(expected, aud) {
|
|
99
|
+
super(
|
|
100
|
+
`expected audience "${Array.isArray(expected) ? expected.join(", ") : expected}", got "${aud}"`
|
|
101
|
+
);
|
|
102
|
+
this.name = "JwtTokenAudience";
|
|
103
|
+
}
|
|
104
|
+
}
|
|
89
105
|
var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
|
|
90
106
|
CryptoKeyUsage2["Encrypt"] = "encrypt";
|
|
91
107
|
CryptoKeyUsage2["Decrypt"] = "decrypt";
|
|
@@ -103,6 +119,8 @@ var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
|
|
|
103
119
|
JwtAlgorithmNotImplemented,
|
|
104
120
|
JwtHeaderInvalid,
|
|
105
121
|
JwtHeaderRequiresKid,
|
|
122
|
+
JwtPayloadRequiresAud,
|
|
123
|
+
JwtTokenAudience,
|
|
106
124
|
JwtTokenExpired,
|
|
107
125
|
JwtTokenInvalid,
|
|
108
126
|
JwtTokenIssuedAt,
|
|
@@ -344,12 +344,12 @@ export declare class Factory<E extends Env = Env, P extends string = string> {
|
|
|
344
344
|
defaultAppOptions?: HonoOptions<E>;
|
|
345
345
|
});
|
|
346
346
|
createApp: (options?: HonoOptions<E>) => Hono<E>;
|
|
347
|
-
createMiddleware: <I extends Input = {}, R extends HandlerResponse<any> =
|
|
347
|
+
createMiddleware: <I extends Input = {}, R extends HandlerResponse<any> | void = void>(middleware: MiddlewareHandler<E, P, I, R extends void ? Response : R>) => MiddlewareHandler<E, P, I, R extends void ? Response : R>;
|
|
348
348
|
createHandlers: CreateHandlersInterface<E, P>;
|
|
349
349
|
}
|
|
350
350
|
export declare const createFactory: <E extends Env = Env, P extends string = string>(init?: {
|
|
351
351
|
initApp?: InitApp<E>;
|
|
352
352
|
defaultAppOptions?: HonoOptions<E>;
|
|
353
353
|
}) => Factory<E, P>;
|
|
354
|
-
export declare const createMiddleware: <E extends Env = any, P extends string = string, I extends Input = {}, R extends HandlerResponse<any> =
|
|
354
|
+
export declare const createMiddleware: <E extends Env = any, P extends string = string, I extends Input = {}, R extends HandlerResponse<any> | void = void>(middleware: MiddlewareHandler<E, P, I, R extends void ? Response : R>) => MiddlewareHandler<E, P, I, R extends void ? Response : R>;
|
|
355
355
|
export {};
|
|
@@ -22,6 +22,8 @@ export type VerifyOptions = {
|
|
|
22
22
|
exp?: boolean;
|
|
23
23
|
/** Verify the `iat` claim (default: `true`) */
|
|
24
24
|
iat?: boolean;
|
|
25
|
+
/** Acceptable audience(s) for the token */
|
|
26
|
+
aud?: string | string[] | RegExp;
|
|
25
27
|
};
|
|
26
28
|
export type VerifyOptionsWithAlg = {
|
|
27
29
|
/** The algorithm used for decoding the token */
|
|
@@ -29,6 +29,12 @@ export declare class JwtHeaderRequiresKid extends Error {
|
|
|
29
29
|
export declare class JwtTokenSignatureMismatched extends Error {
|
|
30
30
|
constructor(token: string);
|
|
31
31
|
}
|
|
32
|
+
export declare class JwtPayloadRequiresAud extends Error {
|
|
33
|
+
constructor(payload: object);
|
|
34
|
+
}
|
|
35
|
+
export declare class JwtTokenAudience extends Error {
|
|
36
|
+
constructor(expected: string | string[] | RegExp, aud: string | string[]);
|
|
37
|
+
}
|
|
32
38
|
export declare enum CryptoKeyUsage {
|
|
33
39
|
Encrypt = "encrypt",
|
|
34
40
|
Decrypt = "decrypt",
|
|
@@ -60,5 +66,9 @@ export type JWTPayload = {
|
|
|
60
66
|
* The token is checked to ensure it has been issued by a trusted issuer.
|
|
61
67
|
*/
|
|
62
68
|
iss?: string;
|
|
69
|
+
/**
|
|
70
|
+
* The token is checked to ensure it is intended for a specific audience.
|
|
71
|
+
*/
|
|
72
|
+
aud?: string | string[];
|
|
63
73
|
};
|
|
64
74
|
export type { HonoJsonWebKey } from './jws';
|
package/dist/utils/jwt/jwt.js
CHANGED
|
@@ -5,6 +5,8 @@ import { signing, verifying } from "./jws.js";
|
|
|
5
5
|
import {
|
|
6
6
|
JwtHeaderInvalid,
|
|
7
7
|
JwtHeaderRequiresKid,
|
|
8
|
+
JwtPayloadRequiresAud,
|
|
9
|
+
JwtTokenAudience,
|
|
8
10
|
JwtTokenExpired,
|
|
9
11
|
JwtTokenInvalid,
|
|
10
12
|
JwtTokenIssuedAt,
|
|
@@ -44,7 +46,8 @@ var verify = async (token, publicKey, algOrOptions) => {
|
|
|
44
46
|
iss: optsIn.iss,
|
|
45
47
|
nbf: optsIn.nbf ?? true,
|
|
46
48
|
exp: optsIn.exp ?? true,
|
|
47
|
-
iat: optsIn.iat ?? true
|
|
49
|
+
iat: optsIn.iat ?? true,
|
|
50
|
+
aud: optsIn.aud
|
|
48
51
|
};
|
|
49
52
|
const tokenParts = token.split(".");
|
|
50
53
|
if (tokenParts.length !== 3) {
|
|
@@ -75,6 +78,31 @@ var verify = async (token, publicKey, algOrOptions) => {
|
|
|
75
78
|
throw new JwtTokenIssuer(opts.iss, payload.iss);
|
|
76
79
|
}
|
|
77
80
|
}
|
|
81
|
+
if (opts.aud) {
|
|
82
|
+
if (!payload.aud) {
|
|
83
|
+
throw new JwtPayloadRequiresAud(payload);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
if (payload.aud) {
|
|
87
|
+
const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
|
|
88
|
+
const matched = audiences.some((aud) => {
|
|
89
|
+
if (opts.aud instanceof RegExp && opts.aud.test(aud)) {
|
|
90
|
+
return true;
|
|
91
|
+
} else if (typeof opts.aud === "string") {
|
|
92
|
+
if (aud === opts.aud) {
|
|
93
|
+
return true;
|
|
94
|
+
}
|
|
95
|
+
} else if (Array.isArray(opts.aud)) {
|
|
96
|
+
if (opts.aud.includes(aud)) {
|
|
97
|
+
return true;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
return false;
|
|
101
|
+
});
|
|
102
|
+
if (opts.aud && !matched) {
|
|
103
|
+
throw new JwtTokenAudience(opts.aud, payload.aud);
|
|
104
|
+
}
|
|
105
|
+
}
|
|
78
106
|
const headerPayload = token.substring(0, token.lastIndexOf("."));
|
|
79
107
|
const verified = await verifying(
|
|
80
108
|
publicKey,
|
package/dist/utils/jwt/types.js
CHANGED
|
@@ -55,6 +55,20 @@ var JwtTokenSignatureMismatched = class extends Error {
|
|
|
55
55
|
this.name = "JwtTokenSignatureMismatched";
|
|
56
56
|
}
|
|
57
57
|
};
|
|
58
|
+
var JwtPayloadRequiresAud = class extends Error {
|
|
59
|
+
constructor(payload) {
|
|
60
|
+
super(`required "aud" in jwt payload: ${JSON.stringify(payload)}`);
|
|
61
|
+
this.name = "JwtPayloadRequiresAud";
|
|
62
|
+
}
|
|
63
|
+
};
|
|
64
|
+
var JwtTokenAudience = class extends Error {
|
|
65
|
+
constructor(expected, aud) {
|
|
66
|
+
super(
|
|
67
|
+
`expected audience "${Array.isArray(expected) ? expected.join(", ") : expected}", got "${aud}"`
|
|
68
|
+
);
|
|
69
|
+
this.name = "JwtTokenAudience";
|
|
70
|
+
}
|
|
71
|
+
};
|
|
58
72
|
var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
|
|
59
73
|
CryptoKeyUsage2["Encrypt"] = "encrypt";
|
|
60
74
|
CryptoKeyUsage2["Decrypt"] = "decrypt";
|
|
@@ -71,6 +85,8 @@ export {
|
|
|
71
85
|
JwtAlgorithmNotImplemented,
|
|
72
86
|
JwtHeaderInvalid,
|
|
73
87
|
JwtHeaderRequiresKid,
|
|
88
|
+
JwtPayloadRequiresAud,
|
|
89
|
+
JwtTokenAudience,
|
|
74
90
|
JwtTokenExpired,
|
|
75
91
|
JwtTokenInvalid,
|
|
76
92
|
JwtTokenIssuedAt,
|