UNPKG

@portive/auth

Version:

A library to help generate auth tokens for use with Portive's cloud services for open source components

65 lines (64 loc) 2.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
import { signJWT } from "@portive/jwt-utils"; import { AuthHeaderStruct, AuthPayloadStruct, } from "@portive/api-types"; /** * Takes an `apiKey` comprising of the parts separates by underscores. The * first part being a preamble checking that it starts with `PRTV`, the * second is the API key id, and the last pare is the API secret key. * * The key has these properties for a few reasons: * * 1. Easy to cut and paste. Double-click and underscores and alphanumeric * are all selected. * 2. `PRTV` makes sure we haven't confused the API key with some other API key * 3. We encode it into one so that we don't need multiple environment vars * to store the API key which also ensures the key id and secret key stay * together. * * e.g. PRTV_xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx */ export function parseApiKey(apiKey) { const parts = apiKey.split("_"); if (parts.length !== 3) { throw new Error(`Expected apiKey to split on _ into exactly 3 parts but is ${parts.length}`); } const [keyType, keyId, secretKey] = parts; if (keyType !== "PRTV") throw new Error(`Expected first part of API key to be PRTV but is ${JSON.stringify(keyType)}`); return { keyType, keyId, secretKey, }; } /** * Takes the API key id and the API secret key and merges them into a single * API key which includes the `PRTV` preamble. * * e.g. PRTV_xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx */ export function stringifyApiKey({ keyId, secretKey, }) { return `PRTV_${keyId}_${secretKey}`; } /** * A lower level version of `generateAuth` which `generateAuth` uses. * Takes the `claims`, `keyId`, `secretKey` and `expiresIn` as separate * arguments to improve readability. * * Probably okay to merge this into `generateAuth` later. */ export function _createAuthToken(claims, { keyId, secretKey, expiresIn, }) { const jwt = signJWT(claims, AuthPayloadStruct, AuthHeaderStruct, secretKey, { keyid: keyId, expiresIn, }); return jwt; } /** * Takes an apiKey (which includes the `keyId` and `secretKey`) and a set of * PermitOptions and then generates a permit from it. */ export function createAuthToken(apiKey, { expiresIn, ...claims } // PermitPrivateClaims & { expiresIn: ExpiresIn } ) { const { keyId, secretKey } = parseApiKey(apiKey); return _createAuthToken(claims, { keyId, secretKey, expiresIn }); }