@aikidosec/firewall/helpers/tryDecodeAsJWT.js

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.tryDecodeAsJWT = tryDecodeAsJWT;
/**
 * This function tries to decode your input as if it is a JSON Web Token, if it fails to do so it returns {jwt: false}.
 * @param jwt A (possible) JWT
 * @returns The JWT if it's valid, otherwise it returns false
 * @example
 * tryDecodeAsJWT("invalid"); // Returns {jwt: false}
 */
function tryDecodeAsJWT(jwt) {
    if (!jwt.includes(".")) {
        return { jwt: false };
    }
    const parts = jwt.split(".");
    if (parts.length !== 3) {
        return { jwt: false };
    }
    try {
        return {
            jwt: true,
            object: JSON.parse(Buffer.from(parts[1], "base64").toString("utf8")),
        };
    }
    catch {
        return {
            jwt: false,
        };
    }
}