hono 4.10.1 → 4.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cjs/utils/jwt/jwt.js +27 -1
  2. package/dist/cjs/utils/jwt/types.js +18 -0
  3. package/dist/types/utils/jwt/jwt.d.ts +2 -0
  4. package/dist/types/utils/jwt/types.d.ts +10 -0
  5. package/dist/utils/jwt/jwt.js +29 -1
  6. package/dist/utils/jwt/types.js +16 -0
  7. package/package.json +1 -1
package/dist/cjs/utils/jwt/jwt.js CHANGED
@@ -62,7 +62,8 @@ const verify = async (token, publicKey, algOrOptions) => {
62
62
  iss: optsIn.iss,
63
63
  nbf: optsIn.nbf ?? true,
64
64
  exp: optsIn.exp ?? true,
65
- iat: optsIn.iat ?? true
65
+ iat: optsIn.iat ?? true,
66
+ aud: optsIn.aud
66
67
  };
67
68
  const tokenParts = token.split(".");
68
69
  if (tokenParts.length !== 3) {
@@ -93,6 +94,31 @@ const verify = async (token, publicKey, algOrOptions) => {
93
94
  throw new import_types.JwtTokenIssuer(opts.iss, payload.iss);
94
95
  }
95
96
  }
97
+ if (opts.aud) {
98
+ if (!payload.aud) {
99
+ throw new import_types.JwtPayloadRequiresAud(payload);
100
+ }
101
+ }
102
+ if (payload.aud) {
103
+ const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
104
+ const matched = audiences.some((aud) => {
105
+ if (opts.aud instanceof RegExp && opts.aud.test(aud)) {
106
+ return true;
107
+ } else if (typeof opts.aud === "string") {
108
+ if (aud === opts.aud) {
109
+ return true;
110
+ }
111
+ } else if (Array.isArray(opts.aud)) {
112
+ if (opts.aud.includes(aud)) {
113
+ return true;
114
+ }
115
+ }
116
+ return false;
117
+ });
118
+ if (opts.aud && !matched) {
119
+ throw new import_types.JwtTokenAudience(opts.aud, payload.aud);
120
+ }
121
+ }
96
122
  const headerPayload = token.substring(0, token.lastIndexOf("."));
97
123
  const verified = await (0, import_jws.verifying)(
98
124
  publicKey,
package/dist/cjs/utils/jwt/types.js CHANGED
@@ -22,6 +22,8 @@ __export(types_exports, {
22
22
  JwtAlgorithmNotImplemented: () => JwtAlgorithmNotImplemented,
23
23
  JwtHeaderInvalid: () => JwtHeaderInvalid,
24
24
  JwtHeaderRequiresKid: () => JwtHeaderRequiresKid,
25
+ JwtPayloadRequiresAud: () => JwtPayloadRequiresAud,
26
+ JwtTokenAudience: () => JwtTokenAudience,
25
27
  JwtTokenExpired: () => JwtTokenExpired,
26
28
  JwtTokenInvalid: () => JwtTokenInvalid,
27
29
  JwtTokenIssuedAt: () => JwtTokenIssuedAt,
@@ -86,6 +88,20 @@ class JwtTokenSignatureMismatched extends Error {
86
88
  this.name = "JwtTokenSignatureMismatched";
87
89
  }
88
90
  }
91
+ class JwtPayloadRequiresAud extends Error {
92
+ constructor(payload) {
93
+ super(`required "aud" in jwt payload: ${JSON.stringify(payload)}`);
94
+ this.name = "JwtPayloadRequiresAud";
95
+ }
96
+ }
97
+ class JwtTokenAudience extends Error {
98
+ constructor(expected, aud) {
99
+ super(
100
+ `expected audience "${Array.isArray(expected) ? expected.join(", ") : expected}", got "${aud}"`
101
+ );
102
+ this.name = "JwtTokenAudience";
103
+ }
104
+ }
89
105
  var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
90
106
  CryptoKeyUsage2["Encrypt"] = "encrypt";
91
107
  CryptoKeyUsage2["Decrypt"] = "decrypt";
@@ -103,6 +119,8 @@ var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
103
119
  JwtAlgorithmNotImplemented,
104
120
  JwtHeaderInvalid,
105
121
  JwtHeaderRequiresKid,
122
+ JwtPayloadRequiresAud,
123
+ JwtTokenAudience,
106
124
  JwtTokenExpired,
107
125
  JwtTokenInvalid,
108
126
  JwtTokenIssuedAt,
package/dist/types/utils/jwt/jwt.d.ts CHANGED
@@ -22,6 +22,8 @@ export type VerifyOptions = {
22
22
  exp?: boolean;
23
23
  /** Verify the `iat` claim (default: `true`) */
24
24
  iat?: boolean;
25
+ /** Acceptable audience(s) for the token */
26
+ aud?: string | string[] | RegExp;
25
27
  };
26
28
  export type VerifyOptionsWithAlg = {
27
29
  /** The algorithm used for decoding the token */
package/dist/types/utils/jwt/types.d.ts CHANGED
@@ -29,6 +29,12 @@ export declare class JwtHeaderRequiresKid extends Error {
29
29
  export declare class JwtTokenSignatureMismatched extends Error {
30
30
  constructor(token: string);
31
31
  }
32
+ export declare class JwtPayloadRequiresAud extends Error {
33
+ constructor(payload: object);
34
+ }
35
+ export declare class JwtTokenAudience extends Error {
36
+ constructor(expected: string | string[] | RegExp, aud: string | string[]);
37
+ }
32
38
  export declare enum CryptoKeyUsage {
33
39
  Encrypt = "encrypt",
34
40
  Decrypt = "decrypt",
@@ -60,5 +66,9 @@ export type JWTPayload = {
60
66
  * The token is checked to ensure it has been issued by a trusted issuer.
61
67
  */
62
68
  iss?: string;
69
+ /**
70
+ * The token is checked to ensure it is intended for a specific audience.
71
+ */
72
+ aud?: string | string[];
63
73
  };
64
74
  export type { HonoJsonWebKey } from './jws';
package/dist/utils/jwt/jwt.js CHANGED
@@ -5,6 +5,8 @@ import { signing, verifying } from "./jws.js";
5
5
  import {
6
6
  JwtHeaderInvalid,
7
7
  JwtHeaderRequiresKid,
8
+ JwtPayloadRequiresAud,
9
+ JwtTokenAudience,
8
10
  JwtTokenExpired,
9
11
  JwtTokenInvalid,
10
12
  JwtTokenIssuedAt,
@@ -44,7 +46,8 @@ var verify = async (token, publicKey, algOrOptions) => {
44
46
  iss: optsIn.iss,
45
47
  nbf: optsIn.nbf ?? true,
46
48
  exp: optsIn.exp ?? true,
47
- iat: optsIn.iat ?? true
49
+ iat: optsIn.iat ?? true,
50
+ aud: optsIn.aud
48
51
  };
49
52
  const tokenParts = token.split(".");
50
53
  if (tokenParts.length !== 3) {
@@ -75,6 +78,31 @@ var verify = async (token, publicKey, algOrOptions) => {
75
78
  throw new JwtTokenIssuer(opts.iss, payload.iss);
76
79
  }
77
80
  }
81
+ if (opts.aud) {
82
+ if (!payload.aud) {
83
+ throw new JwtPayloadRequiresAud(payload);
84
+ }
85
+ }
86
+ if (payload.aud) {
87
+ const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
88
+ const matched = audiences.some((aud) => {
89
+ if (opts.aud instanceof RegExp && opts.aud.test(aud)) {
90
+ return true;
91
+ } else if (typeof opts.aud === "string") {
92
+ if (aud === opts.aud) {
93
+ return true;
94
+ }
95
+ } else if (Array.isArray(opts.aud)) {
96
+ if (opts.aud.includes(aud)) {
97
+ return true;
98
+ }
99
+ }
100
+ return false;
101
+ });
102
+ if (opts.aud && !matched) {
103
+ throw new JwtTokenAudience(opts.aud, payload.aud);
104
+ }
105
+ }
78
106
  const headerPayload = token.substring(0, token.lastIndexOf("."));
79
107
  const verified = await verifying(
80
108
  publicKey,
package/dist/utils/jwt/types.js CHANGED
@@ -55,6 +55,20 @@ var JwtTokenSignatureMismatched = class extends Error {
55
55
  this.name = "JwtTokenSignatureMismatched";
56
56
  }
57
57
  };
58
+ var JwtPayloadRequiresAud = class extends Error {
59
+ constructor(payload) {
60
+ super(`required "aud" in jwt payload: ${JSON.stringify(payload)}`);
61
+ this.name = "JwtPayloadRequiresAud";
62
+ }
63
+ };
64
+ var JwtTokenAudience = class extends Error {
65
+ constructor(expected, aud) {
66
+ super(
67
+ `expected audience "${Array.isArray(expected) ? expected.join(", ") : expected}", got "${aud}"`
68
+ );
69
+ this.name = "JwtTokenAudience";
70
+ }
71
+ };
58
72
  var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
59
73
  CryptoKeyUsage2["Encrypt"] = "encrypt";
60
74
  CryptoKeyUsage2["Decrypt"] = "decrypt";
@@ -71,6 +85,8 @@ export {
71
85
  JwtAlgorithmNotImplemented,
72
86
  JwtHeaderInvalid,
73
87
  JwtHeaderRequiresKid,
88
+ JwtPayloadRequiresAud,
89
+ JwtTokenAudience,
74
90
  JwtTokenExpired,
75
91
  JwtTokenInvalid,
76
92
  JwtTokenIssuedAt,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hono",
3
- "version": "4.10.1",
3
+ "version": "4.10.2",
4
4
  "description": "Web framework built on Web Standards",
5
5
  "main": "dist/cjs/index.js",
6
6
  "type": "module",