jwt-auths 1.0.2 → 1.0.4

package/README.md

@@ -3,40 +3,68 @@
 A simple and secure JWT authentication library for Node.js, providing functions to create access tokens and refresh tokens.
 
 ## 🚀 Features
-- Generate access tokens with a secret key.
-- Refresh tokens for extended authentication sessions.
-- Secure and easy to use.
+🔐 Create JWT tokens with a secret key.
+🪪 Generate access tokens with customizable expiration and algorithm.
+📥 Decode JWT tokens without verifying the signature.
+✅ Verify token authenticity and integrity.
+⌛ Check if a token is expired.
 
 ## 📦 Installation
 ```sh
-npm install @brang/jwt-auth
+npm install jwt-auths
 ```
 
 ## 🔧 Usage
 ### Import the package
 ```js
-const jwtAuth = require('@brang/jwt-auth');
+const jwtAuth = require('jwt-auths');
 ```
 
 ### Create an Access Token
 ```js
-const accessToken = jwtAuth.createAccessToken({ userId: 123 }, 'your-secret-key', '1h');
-console.log(accessToken);
+const accessToken = jwtAuth.createAccessToken('your-secret-key', { userId: 123 }, { expiresIn: '1h', algorithm: 'HS256' });
 ```
+The createAccessToken function generates a new JWT access token. It now takes the secret key first, followed by the payload (your user data), and an optional options object for configuration.
+
 **Parameters:**
-- `payload` (Object) - User data to encode in the token.
-- `secretKey` (String) - Secret key for signing the token.
-- `expiresIn` (String) - Expiration time (e.g., `"1h"`, `"7d"`).
+- `secretKey` (String) - The secret key used for signing the token. This should be a strong, securely stored string.
+- `payload` (Object) - A JavaScript object containing the user data you want to encode in the token. It's best practice to include non-sensitive data here, such as `userId`, `role`, or `username`.
+- `options` (Object, optional) - An object to customize the token's properties. If not provided, the default options will be used.
+    - `expiresIn` (String | Number) - The expiration time for the token (e.g., `"1h"`, `"7d"`, or `3600` for 1 hour in seconds). By default, this is set to `'15m'` (15 minutes), as defined in 
+    - `algorithm` (String) - The algorithm used to sign the token (e.g., `"HS256"`, `"RS256"`). The default algorithm is `'HS256'`.
 
-### Refresh Token
+#### The default options object looks like this:
 ```js
-const newAccessToken = jwtAuth.refreshToken(oldToken, 'your-secret-key', '1h');
-console.log(newAccessToken);
+const defaultAccessTokenOptions = {
+  expiresIn: '15m',
+  algorithm: 'HS256',
+};
+```
+### Create an Access Token
+```js
+const refreshToken = jwtAuth.createRefreshToken('your-secret-key', { userId: 123 }, { expiresIn: '7d', algorithm: 'HS256' });
+```
+
+### Verify Access Token & Refresh Token
+```js
+const payload = jwtAuth.verifyAccessToken(token, 'your-secret-key');
+```
+```js
+const payload = jwtAuth.verifyRefreshToken(token, 'your-secret-key');
+```
+
+### Check If a Token Is Expired
+```js
+const isExpired = jwtAuth.isTokenExpired(token);
+```
+### Validate JWT Format
+```js
+const isValidFormat = jwtAuth.isValidJwtFormat(token);
+```
+### Decode a Token (Without Verifying)
+```js
+const decoded = jwtAuth.decodeToken(token);
 ```
-**Parameters:**
-- `oldToken` (String) - Expired or near-expired token.
-- `secretKey` (String) - Secret key used for verification.
-- `expiresIn` (String) - Expiration time for the new token.
 
 ## 🛡️ Security Best Practices
 - Use strong secret keys and store them securely (e.g., environment variables).

package/dist/index.d.mts

@@ -1,5 +1,24 @@
-declare const createAccessToken: (jwtsecret: String, expiredDate: String | undefined, payload: any, algorithm?: String) => String;
+import { JwtPayload } from 'jsonwebtoken';
 
-declare const createRefreshToken: (jwtsecret: String, expiredDate: String | undefined, payload: any, algorithm?: String) => String;
+type Payload$1 = string | object | Buffer;
+interface TokenOptions$1 {
+    expiresIn?: string | number;
+    algorithm?: Algorithm | string;
+}
+declare const createAccessToken: (secret: string, payload: Payload$1, options?: TokenOptions$1) => string;
 
-export { createAccessToken, createRefreshToken };
+type Payload = string | object | Buffer;
+interface TokenOptions {
+    expiresIn?: string | number;
+    algorithm?: Algorithm | string;
+}
+declare const createRefreshToken: (secret: string, payload: Payload, options?: TokenOptions) => string;
+
+declare const verifyAccessToken: (token: string, secret: string) => JwtPayload | string;
+declare const verifyRefreshToken: (token: string, secret: string) => JwtPayload | string;
+declare const isTokenExpired: (token: string) => boolean;
+declare const isValidJwtFormat: (token: string) => boolean;
+
+declare const decodeToken: (token: string) => null | JwtPayload | string;
+
+export { createAccessToken, createRefreshToken, decodeToken, isTokenExpired, isValidJwtFormat, verifyAccessToken, verifyRefreshToken };

package/dist/index.d.ts

@@ -1,5 +1,24 @@
-declare const createAccessToken: (jwtsecret: String, expiredDate: String | undefined, payload: any, algorithm?: String) => String;
+import { JwtPayload } from 'jsonwebtoken';
 
-declare const createRefreshToken: (jwtsecret: String, expiredDate: String | undefined, payload: any, algorithm?: String) => String;
+type Payload$1 = string | object | Buffer;
+interface TokenOptions$1 {
+    expiresIn?: string | number;
+    algorithm?: Algorithm | string;
+}
+declare const createAccessToken: (secret: string, payload: Payload$1, options?: TokenOptions$1) => string;
 
-export { createAccessToken, createRefreshToken };
+type Payload = string | object | Buffer;
+interface TokenOptions {
+    expiresIn?: string | number;
+    algorithm?: Algorithm | string;
+}
+declare const createRefreshToken: (secret: string, payload: Payload, options?: TokenOptions) => string;
+
+declare const verifyAccessToken: (token: string, secret: string) => JwtPayload | string;
+declare const verifyRefreshToken: (token: string, secret: string) => JwtPayload | string;
+declare const isTokenExpired: (token: string) => boolean;
+declare const isValidJwtFormat: (token: string) => boolean;
+
+declare const decodeToken: (token: string) => null | JwtPayload | string;
+
+export { createAccessToken, createRefreshToken, decodeToken, isTokenExpired, isValidJwtFormat, verifyAccessToken, verifyRefreshToken };

package/dist/index.js

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,35 +17,84 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
   createAccessToken: () => createAccessToken,
-  createRefreshToken: () => createRefreshToken
+  createRefreshToken: () => createRefreshToken,
+  decodeToken: () => decodeToken,
+  isTokenExpired: () => isTokenExpired,
+  isValidJwtFormat: () => isValidJwtFormat,
+  verifyAccessToken: () => verifyAccessToken,
+  verifyRefreshToken: () => verifyRefreshToken
 });
 module.exports = __toCommonJS(index_exports);
 
 // src/cors/createToken.ts
 var jwt = require("jsonwebtoken");
-var createAccessToken = (jwtsecret, expiredDate = "15m", payload, algorithm = "HS256") => {
-  return jwt.sign(payload, jwtsecret, {
-    algorithm,
-    expiresIn: expiredDate
+var defaultAccessTokenOptions = {
+  expiresIn: "15m",
+  algorithm: "HS256"
+};
+var createAccessToken = (secret, payload, options = defaultAccessTokenOptions) => {
+  return jwt.sign(payload, secret, {
+    algorithm: options.algorithm,
+    expiresIn: options.expiresIn
   });
 };
 
 // src/cors/refreshToken.ts
 var jwt2 = require("jsonwebtoken");
-var createRefreshToken = (jwtsecret, expiredDate = "7d", payload, algorithm = "HS256") => {
-  return jwt2.sign(payload, jwtsecret, {
-    algorithm,
-    expiresIn: expiredDate
+var defaultRefreshTokenOptions = {
+  expiresIn: "7d",
+  algorithm: "HS256"
+};
+var createRefreshToken = (secret, payload, options = defaultRefreshTokenOptions) => {
+  return jwt2.sign(payload, secret, {
+    algorithm: options.algorithm,
+    expiresIn: options.expiresIn
   });
 };
+
+// src/cors/verifyToken.ts
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+var verifyAccessToken = (token, secret) => {
+  return import_jsonwebtoken.default.verify(token, secret);
+};
+var verifyRefreshToken = (token, secret) => {
+  return import_jsonwebtoken.default.verify(token, secret);
+};
+var isTokenExpired = (token) => {
+  const decoded = import_jsonwebtoken.default.decode(token);
+  if (!decoded?.exp) return true;
+  return decoded.exp * 1e3 < Date.now();
+};
+var isValidJwtFormat = (token) => {
+  return /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/.test(token);
+};
+
+// src/cors/decodeToken.ts
+var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"));
+var decodeToken = (token) => {
+  return import_jsonwebtoken2.default.decode(token);
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   createAccessToken,
-  createRefreshToken
+  createRefreshToken,
+  decodeToken,
+  isTokenExpired,
+  isValidJwtFormat,
+  verifyAccessToken,
+  verifyRefreshToken
 });

package/dist/index.mjs

@@ -7,22 +7,58 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
 
 // src/cors/createToken.ts
 var jwt = __require("jsonwebtoken");
-var createAccessToken = (jwtsecret, expiredDate = "15m", payload, algorithm = "HS256") => {
-  return jwt.sign(payload, jwtsecret, {
-    algorithm,
-    expiresIn: expiredDate
+var defaultAccessTokenOptions = {
+  expiresIn: "15m",
+  algorithm: "HS256"
+};
+var createAccessToken = (secret, payload, options = defaultAccessTokenOptions) => {
+  return jwt.sign(payload, secret, {
+    algorithm: options.algorithm,
+    expiresIn: options.expiresIn
   });
 };
 
 // src/cors/refreshToken.ts
 var jwt2 = __require("jsonwebtoken");
-var createRefreshToken = (jwtsecret, expiredDate = "7d", payload, algorithm = "HS256") => {
-  return jwt2.sign(payload, jwtsecret, {
-    algorithm,
-    expiresIn: expiredDate
+var defaultRefreshTokenOptions = {
+  expiresIn: "7d",
+  algorithm: "HS256"
+};
+var createRefreshToken = (secret, payload, options = defaultRefreshTokenOptions) => {
+  return jwt2.sign(payload, secret, {
+    algorithm: options.algorithm,
+    expiresIn: options.expiresIn
   });
 };
+
+// src/cors/verifyToken.ts
+import jwt3 from "jsonwebtoken";
+var verifyAccessToken = (token, secret) => {
+  return jwt3.verify(token, secret);
+};
+var verifyRefreshToken = (token, secret) => {
+  return jwt3.verify(token, secret);
+};
+var isTokenExpired = (token) => {
+  const decoded = jwt3.decode(token);
+  if (!decoded?.exp) return true;
+  return decoded.exp * 1e3 < Date.now();
+};
+var isValidJwtFormat = (token) => {
+  return /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/.test(token);
+};
+
+// src/cors/decodeToken.ts
+import jwt4 from "jsonwebtoken";
+var decodeToken = (token) => {
+  return jwt4.decode(token);
+};
 export {
   createAccessToken,
-  createRefreshToken
+  createRefreshToken,
+  decodeToken,
+  isTokenExpired,
+  isValidJwtFormat,
+  verifyAccessToken,
+  verifyRefreshToken
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jwt-auths",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "A fully functional JWT authentication library for securely generating, verifying, and managing JSON Web Tokens.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",

package/src/cors/createToken.ts

@@ -1,8 +1,20 @@
 const jwt = require('jsonwebtoken');
 
-export const createAccessToken = (jwtsecret: String, expiredDate: String = '15m', payload: any, algorithm:String = 'HS256'):String => {
-    return jwt.sign(payload, jwtsecret, {
-        algorithm: algorithm,
-        expiresIn: expiredDate,
-    });
-}
+type Payload = string | object | Buffer;
+
+interface TokenOptions {
+  expiresIn?: string | number;
+  algorithm?: Algorithm | string;
+}
+
+const defaultAccessTokenOptions: TokenOptions = {
+  expiresIn: '15m',
+  algorithm: 'HS256',
+};
+
+export const createAccessToken = (secret: string, payload: Payload, options: TokenOptions = defaultAccessTokenOptions): string => {
+  return jwt.sign(payload, secret, {
+    algorithm: options.algorithm,
+    expiresIn: options.expiresIn,
+  });
+};

package/src/cors/decodeToken.ts

@@ -0,0 +1,5 @@
+import jwt, { JwtPayload } from 'jsonwebtoken';
+
+export const decodeToken = (token: string): null | JwtPayload | string => {
+  return jwt.decode(token);
+};

package/src/cors/refreshToken.ts

@@ -1,8 +1,20 @@
 const jwt = require('jsonwebtoken');
 
-export const createRefreshToken = (jwtsecret: String, expiredDate: String = '7d', payload: any, algorithm:String = 'HS256'):String => {
-    return jwt.sign(payload, jwtsecret, {
-        algorithm: algorithm,
-        expiresIn: expiredDate,
-    });
-}
+type Payload = string | object | Buffer;
+
+interface TokenOptions {
+  expiresIn?: string | number;
+  algorithm?: Algorithm | string;
+}
+
+const defaultRefreshTokenOptions: TokenOptions = {
+  expiresIn: '7d',
+  algorithm: 'HS256',
+};
+
+export const createRefreshToken = (secret: string, payload: Payload,options: TokenOptions = defaultRefreshTokenOptions): string => {
+  return jwt.sign(payload, secret, {
+    algorithm: options.algorithm,
+    expiresIn: options.expiresIn,
+  });
+};

package/src/cors/verifyToken.ts

@@ -0,0 +1,26 @@
+import jwt, { JwtPayload } from 'jsonwebtoken';
+
+export const verifyAccessToken = (
+  token: string,
+  secret: string
+): JwtPayload | string => {
+  return jwt.verify(token, secret);
+};
+
+export const verifyRefreshToken = (
+  token: string,
+  secret: string
+): JwtPayload | string => {
+  return jwt.verify(token, secret);
+};
+
+export const isTokenExpired = (token: string): boolean => {
+  const decoded = jwt.decode(token) as JwtPayload | null;
+  if (!decoded?.exp) return true;
+  return decoded.exp * 1000 < Date.now();
+};
+
+export const isValidJwtFormat = (token: string): boolean => {
+  return /^[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+$/.test(token);
+};
+

package/src/index.ts

@@ -1,2 +1,4 @@
 export * from './cors/createToken';
-export * from './cors/refreshToken';
+export * from './cors/refreshToken';
+export * from './cors/verifyToken';
+export * from './cors/decodeToken';