@rxstack/security
Version:
RxStack Security Module
89 lines • 4.53 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.TokenEncoder = void 0;
const injection_js_1 = require("injection-js");
const exceptions_1 = require("../exceptions");
const interfaces_1 = require("../interfaces");
const security_configuration_1 = require("../security-configuration");
const service_registry_1 = require("@rxstack/service-registry");
const jwt = require('jsonwebtoken');
let TokenEncoder = class TokenEncoder {
constructor(secretManager, config) {
this.secretManager = secretManager;
this.config = config;
}
encode(payload) {
return __awaiter(this, void 0, void 0, function* () {
const iss = (typeof payload === 'object' && payload['iss']) ? payload['iss'] : this.config.default_issuer;
payload['iss'] = iss;
const secretLoader = this.secretManager.get(iss);
const key = yield secretLoader.loadKey(interfaces_1.KeyType.PRIVATE_KEY);
let secretOrPrivateKey;
if (typeof key === 'string') {
secretOrPrivateKey = key;
}
else {
// @ts-ignore
secretOrPrivateKey = { key: key, passphrase: secretLoader.config.secret['passphrase'] };
}
try {
return jwt.sign(payload, secretOrPrivateKey, {
algorithm: secretLoader.config.signature_algorithm,
expiresIn: this.config.ttl
});
}
catch (e) {
throw new exceptions_1.JWTEncodeFailureException('An error occurred while trying to encode the JWT token. ' +
'Please verify your configuration (private key/passphrase)', e.message);
}
});
}
decode(token) {
return __awaiter(this, void 0, void 0, function* () {
let iss;
try {
const decoded = jwt.decode(token, { json: true, complete: true });
iss = decoded.payload['iss'] ? decoded.payload['iss'] : this.config.default_issuer;
}
catch (e) {
throw new exceptions_1.JWTDecodeFailureException('Invalid JWT Token', e.message);
}
const secretLoader = this.secretManager.get(iss);
const loadedPublicKey = yield secretLoader.loadKey(interfaces_1.KeyType.PUBLIC_KEY);
const options = {
algorithms: [secretLoader.config.signature_algorithm],
issuer: iss
};
try {
return jwt.verify(token, loadedPublicKey, options);
}
catch (e) {
throw new exceptions_1.JWTDecodeFailureException('Invalid JWT Token', e.message);
}
});
}
};
exports.TokenEncoder = TokenEncoder;
exports.TokenEncoder = TokenEncoder = __decorate([
(0, injection_js_1.Injectable)(),
__metadata("design:paramtypes", [service_registry_1.ServiceRegistry, security_configuration_1.SecurityConfiguration])
], TokenEncoder);
//# sourceMappingURL=token-encoder.js.map