@hellocoop/email-verification/dist/cjs/utils/time.js

Functions for generating and verifying JWT tokens used in the Email Verification Protocol

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TIME_VALIDATION_WINDOW = void 0;
exports.getCurrentTimestamp = getCurrentTimestamp;
exports.validateIatClaim = validateIatClaim;
exports.ensureIatClaim = ensureIatClaim;
exports.validateIatForVerification = validateIatForVerification;
const errors_js_1 = require("../errors.js");
/**
 * Time window for iat validation in seconds (60 seconds as per spec)
 */
exports.TIME_VALIDATION_WINDOW = 60;
/**
 * Gets current Unix timestamp in seconds
 * @returns Current time as Unix timestamp
 */
function getCurrentTimestamp() {
    return Math.floor(Date.now() / 1000);
}
/**
 * Validates that an iat (issued at) claim is within the acceptable time window
 * @param iat - Issued at timestamp from JWT payload
 * @param windowSeconds - Time window in seconds (default: 60)
 * @throws TimeValidationError if iat is outside the acceptable window
 */
function validateIatClaim(iat, windowSeconds = exports.TIME_VALIDATION_WINDOW) {
    const currentTime = getCurrentTimestamp();
    const timeDifference = Math.abs(currentTime - iat);
    if (timeDifference > windowSeconds) {
        throw new errors_js_1.TimeValidationError(`Token iat claim is outside acceptable time window. ` +
            `Current time: ${currentTime}, Token iat: ${iat}, ` +
            `Difference: ${timeDifference}s, Max allowed: ${windowSeconds}s`);
    }
}
/**
 * Ensures iat claim is present, setting it to current time if not provided
 * @param payload - Token payload that may contain iat
 * @returns Updated payload with iat set to current time if it was missing
 */
function ensureIatClaim(payload) {
    const currentTime = getCurrentTimestamp();
    if (payload.iat !== undefined) {
        // If iat is provided, use it as-is (allows testing with expired tokens)
        return { ...payload, iat: payload.iat };
    }
    // If iat is not provided, set it to current time
    return { ...payload, iat: currentTime };
}
/**
 * Validates iat claim during token verification
 * @param iat - Issued at timestamp from JWT payload
 * @param windowSeconds - Time window in seconds (default: 60)
 * @throws TimeValidationError if iat is missing or outside acceptable window
 */
function validateIatForVerification(iat, windowSeconds = exports.TIME_VALIDATION_WINDOW) {
    if (iat === undefined) {
        throw new errors_js_1.TimeValidationError('Token is missing required iat claim');
    }
    validateIatClaim(iat, windowSeconds);
}
//# sourceMappingURL=time.js.map