joye-backend-utility 8.0.0 → 8.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/jwt.js
CHANGED
|
@@ -22,7 +22,7 @@ const jwtVerify = async (token) => new Promise(resolve => {
|
|
|
22
22
|
if (!((_a = decodedHeader === null || decodedHeader === void 0 ? void 0 : decodedHeader.header) === null || _a === void 0 ? void 0 : _a.alg) || decodedHeader.header.alg === 'none') {
|
|
23
23
|
return resolve(new Error('Invalid token algorithm'));
|
|
24
24
|
}
|
|
25
|
-
jwt.verify(token, JWT_PUBLIC_KEY.replace(/\\n/gm, '\n'), { algorithms: ALLOWED_JWT_ALGORITHMS }, async (err, decoded) => {
|
|
25
|
+
jwt.verify(token, JWT_PUBLIC_KEY.replace(/\\n/gm, '\n'), { algorithms: ALLOWED_JWT_ALGORITHMS, ignoreExpiration: false }, async (err, decoded) => {
|
|
26
26
|
if (err) {
|
|
27
27
|
return resolve(err);
|
|
28
28
|
}
|
|
@@ -14,6 +14,41 @@ const run = async () => {
|
|
|
14
14
|
const hsToken = jwt.sign(payload, 'not-rs256-key', { algorithm: 'HS256' });
|
|
15
15
|
const hsResult = await (0, jwt_1.jwtVerify)(hsToken);
|
|
16
16
|
assert.ok(hsResult instanceof Error, 'Expected HS256 token to be rejected');
|
|
17
|
+
// Expiration-focused checks (mock verify/decode to isolate jwtVerify behavior)
|
|
18
|
+
const originalVerify = jwt.verify;
|
|
19
|
+
const originalDecode = jwt.decode;
|
|
20
|
+
try {
|
|
21
|
+
jwt.decode = () => ({ header: { alg: 'RS256' } });
|
|
22
|
+
// Valid token path
|
|
23
|
+
let capturedOptions = null;
|
|
24
|
+
jwt.verify = (_token, _key, options, callback) => {
|
|
25
|
+
capturedOptions = options;
|
|
26
|
+
callback(null, { userId: payload.userId });
|
|
27
|
+
};
|
|
28
|
+
const validResult = await (0, jwt_1.jwtVerify)('valid-rs256-token');
|
|
29
|
+
assert.ok(!(validResult instanceof Error), 'Expected valid token to be accepted');
|
|
30
|
+
assert.deepStrictEqual(capturedOptions.algorithms, ['RS256'], 'Expected RS256 algorithm allowlist');
|
|
31
|
+
assert.strictEqual(capturedOptions.ignoreExpiration, false, 'Expected ignoreExpiration to be false');
|
|
32
|
+
// Near-expiry token path (still valid)
|
|
33
|
+
jwt.verify = (_token, _key, _options, callback) => {
|
|
34
|
+
callback(null, { userId: payload.userId, exp: Math.floor(Date.now() / 1000) + 2 });
|
|
35
|
+
};
|
|
36
|
+
const nearExpiryResult = await (0, jwt_1.jwtVerify)('near-expiry-rs256-token');
|
|
37
|
+
assert.ok(!(nearExpiryResult instanceof Error), 'Expected near-expiry token to be accepted');
|
|
38
|
+
// Expired token path
|
|
39
|
+
jwt.verify = (_token, _key, _options, callback) => {
|
|
40
|
+
const expiredError = new Error('jwt expired');
|
|
41
|
+
expiredError.name = 'TokenExpiredError';
|
|
42
|
+
callback(expiredError, null);
|
|
43
|
+
};
|
|
44
|
+
const expiredResult = await (0, jwt_1.jwtVerify)('expired-rs256-token');
|
|
45
|
+
assert.ok(expiredResult instanceof Error, 'Expected expired token to be rejected');
|
|
46
|
+
assert.strictEqual(expiredResult.name, 'TokenExpiredError', 'Expected TokenExpiredError for expired token');
|
|
47
|
+
}
|
|
48
|
+
finally {
|
|
49
|
+
jwt.verify = originalVerify;
|
|
50
|
+
jwt.decode = originalDecode;
|
|
51
|
+
}
|
|
17
52
|
console.log('JWT algorithm validation tests passed.');
|
|
18
53
|
};
|
|
19
54
|
run().catch(error => {
|