@nats-io/jwt/lib/util.js

NATS jwt.js

"use strict";
// Copyright 2020-2024 The NATS Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.equivalent = exports.issuer = exports.randomID = exports.randomValues = exports.extend = exports.defaultUser = exports.defaultUserPermissionsLimits = exports.defaultUserLimits = exports.defaultPermissions = exports.defaultPermission = exports.defaultResponsePermissions = exports.defaultNatsLimits = exports.version = exports.isGeneric = exports.isActivation = exports.isUser = exports.isAccount = exports.isOperator = void 0;
const types_1 = require("./types");
const jwt_1 = require("./jwt");
/**
 * Returns true if the ClaimsData is for an Operator
 * @param c
 */
function isOperator(c) {
    const gen = c.nats;
    const type = version(c) === 1 ? c.type : gen.type;
    return type === types_1.Types.Operator;
}
exports.isOperator = isOperator;
/**
 * Returns true if the ClaimsData is for an Account
 * @param c
 */
function isAccount(c) {
    const gen = c.nats;
    const type = version(c) === 1 ? c.type : gen.type;
    return type === types_1.Types.Account;
}
exports.isAccount = isAccount;
/**
 * Returns true if the ClaimsData is for a User
 * @param c
 */
function isUser(c) {
    const gen = c.nats;
    const type = version(c) === 1 ? c.type : gen.type;
    return type === types_1.Types.User;
}
exports.isUser = isUser;
/**
 * Returns true if the ClaimsData is for an Activation
 * @param c
 */
function isActivation(c) {
    const gen = c.nats;
    const type = version(c) === 1 ? c.type : gen.type;
    return type === types_1.Types.Activation;
}
exports.isActivation = isActivation;
/**
 * Returns true if the ClaimsData is generic
 * @param c
 */
function isGeneric(c) {
    return !isAccount(c) && !isUser(c) && !isActivation(c);
}
exports.isGeneric = isGeneric;
/**
 * Returns the version of the JWT
 * @param c
 */
function version(c) {
    const gen = c.nats;
    return gen.version ? gen.version : 1;
}
exports.version = version;
function defaultNatsLimits() {
    return { data: -1, payload: -1, subs: -1 };
}
exports.defaultNatsLimits = defaultNatsLimits;
function defaultResponsePermissions() {
    return { max: 0, ttl: 0 };
}
exports.defaultResponsePermissions = defaultResponsePermissions;
function defaultPermission() {
    return { allow: [], deny: [] };
}
exports.defaultPermission = defaultPermission;
function defaultPermissions() {
    const perms = {
        pub: defaultPermission(),
        sub: defaultPermission(),
    };
    perms.resp = defaultResponsePermissions();
    return perms;
}
exports.defaultPermissions = defaultPermissions;
function defaultUserLimits() {
    return { src: [], times: [], locale: "" };
}
exports.defaultUserLimits = defaultUserLimits;
function defaultUserPermissionsLimits(d = {}) {
    return extend(defaultNatsLimits(), defaultUserLimits(), defaultPermissions(), { bearer_token: false, allowed_connection_types: [] }, d);
}
exports.defaultUserPermissionsLimits = defaultUserPermissionsLimits;
function defaultUser(d = {}) {
    return extend({ data: -1, payload: -1, subs: -1 }, d);
}
exports.defaultUser = defaultUser;
function extend(a, ...b) {
    for (let i = 0; i < b.length; i++) {
        const o = b[i];
        //@ts-ignore: raw
        Object.assign(a, o);
    }
    return a;
}
exports.extend = extend;
function randomValues(array) {
    for (let i = 0; i < array.length; i++) {
        array[i] = Math.floor(Math.random() * 255);
    }
}
exports.randomValues = randomValues;
function randomID() {
    const buf = new Uint8Array(12);
    randomValues(buf);
    const a = Array.from(buf);
    return btoa(String.fromCharCode(...a));
}
exports.randomID = randomID;
function issuer(claim) {
    const ia = claim.nats;
    return ia.issuer_account ? ia.issuer_account : claim.iss;
}
exports.issuer = issuer;
async function equivalent(a, b, debug = false) {
    // remove the iat - issued at, and the jti as these will be
    // different unless the same JWT
    const replacer = (k, v) => {
        return (k === "iat" || k === "jti") ? undefined : v;
    };
    // if we are looking at an account claim, we need to expand
    // any tokens we have as we also must remove iat and jti
    const expandTokens = (c) => {
        c.nats.imports = c.nats.imports ?? [];
        c.nats.imports.forEach((im) => {
            if (im.token) {
                const td = (0, jwt_1.decode)(im.token);
                im.token = JSON.stringify(td, replacer, " ");
            }
        });
    };
    const ca = await (0, jwt_1.decode)(a);
    if (isAccount(ca)) {
        expandTokens(ca);
    }
    const cb = await (0, jwt_1.decode)(b);
    if (isAccount(cb)) {
        expandTokens(cb);
    }
    const as = JSON.stringify(ca, replacer, " ");
    const bs = JSON.stringify(cb, replacer, " ");
    if (debug) {
        console.log(as, "===", bs);
    }
    return as === bs;
}
exports.equivalent = equivalent;
//# sourceMappingURL=util.js.map