@bitblit/ratchet-epsilon-common/lib/http/auth/local-web-token-manipulator.js

Tiny adapter to simplify building API gateway Lambda APIS

import { UnauthorizedError } from '../error/unauthorized-error.js';
import { RequireRatchet } from '@bitblit/ratchet-common/lang/require-ratchet';
import { Logger } from '@bitblit/ratchet-common/logger/logger';
import { StringRatchet } from '@bitblit/ratchet-common/lang/string-ratchet';
import { JwtRatchet } from '@bitblit/ratchet-node-only/jwt/jwt-ratchet';
export class LocalWebTokenManipulator {
    encryptionKeys;
    issuer;
    _ratchet;
    constructor(encryptionKeys, issuer) {
        this.encryptionKeys = encryptionKeys;
        this.issuer = issuer;
        RequireRatchet.notNullOrUndefined(encryptionKeys, 'encryptionKeys');
        RequireRatchet.noNullOrUndefinedValuesInArray(encryptionKeys, encryptionKeys.length);
        const cfg = {
            encryptionKeyPromise: Promise.resolve(encryptionKeys),
        };
        this._ratchet = new JwtRatchet(cfg);
    }
    withExtraDecryptionKeys(keys) {
        RequireRatchet.notNullOrUndefined(keys, 'keys');
        RequireRatchet.noNullOrUndefinedValuesInArray(keys, keys.length);
        const cfg = this._ratchet.copyConfig;
        cfg.decryptKeysPromise = Promise.resolve(keys);
        this._ratchet = new JwtRatchet(cfg);
        return this;
    }
    withParseFailureLogLevel(logLevel) {
        const cfg = this._ratchet.copyConfig;
        cfg.parseFailureLogLevel = logLevel;
        this._ratchet = new JwtRatchet(cfg);
        return this;
    }
    withOldKeyUseLogLevel(logLevel) {
        const cfg = this._ratchet.copyConfig;
        cfg.decryptOnlyKeyUseLogLevel = logLevel;
        this._ratchet = new JwtRatchet(cfg);
        return this;
    }
    get jwtRatchet() {
        return this._ratchet;
    }
    get selectRandomEncryptionKey() {
        return this._ratchet.selectRandomEncryptionKey();
    }
    createRefreshedJWTString(tokenString, expirationSeconds, allowExpired) {
        return this._ratchet.refreshJWTString(tokenString, allowExpired || false, expirationSeconds);
    }
    async parseAndValidateJWTStringAsync(tokenString) {
        const payload = await this._ratchet.decodeToken(tokenString, 2);
        if (JwtRatchet.hasExpiredFlag(payload)) {
            throw new UnauthorizedError('Failing JWT token read/validate - token expired on ' + payload.exp);
        }
        else {
            return payload;
        }
    }
    async createJWTStringAsync(principal, userObject, roles = ['USER'], expirationSeconds = 3600, proxyUser = null) {
        Logger.info('Creating JWT token for %s  that expires in %s', principal, expirationSeconds);
        const now = new Date().getTime();
        const expires = now + expirationSeconds * 1000;
        const tokenData = {
            exp: expires,
            iss: this.issuer,
            sub: principal,
            iat: now,
            user: userObject,
            proxy: proxyUser,
        };
        const token = await this._ratchet.createTokenString(tokenData, expirationSeconds);
        return token;
    }
    async extractTokenFromAuthorizationHeader(header) {
        let tokenString = StringRatchet.trimToEmpty(header);
        if (tokenString.toLowerCase().startsWith('bearer ')) {
            tokenString = tokenString.substring(7);
        }
        const validated = tokenString ? await this.parseAndValidateJWTStringAsync(tokenString) : null;
        return validated;
    }
}
//# sourceMappingURL=local-web-token-manipulator.js.map