@theoptimalpartner/jwt-auth-validator
Version:
JWT token validation package with offline JWKS validation and Redis-based token revocation support
55 lines • 2.21 kB
JavaScript
export { JWTValidator } from './jwt-validator.js';
export { JWKSService } from './jwks-service.js';
export { RedisService } from './redis-service.js';
export { TokenBlacklistService } from './token-blacklist-service.js';
export * from './types.js';
export * from './cognito-utils.js';
import { JWTValidator } from './jwt-validator.js';
import { JWKSService } from './jwks-service.js';
export function createCognitoValidator(region, userPoolId, clientId, clientSecret, redisConfig) {
const finalClientSecret = clientSecret || process.env.COGNITO_CLIENT_SECRET;
const jwksConfig = JWKSService.createCognitoConfig(region, userPoolId, clientId, finalClientSecret);
const config = {
jwks: jwksConfig,
enableRedisBlacklist: true,
forceSecureValidation: true,
};
const host = redisConfig?.host || process.env.REDIS_HOST || 'localhost';
const port = redisConfig?.port || parseInt(process.env.REDIS_PORT || '6379');
const password = redisConfig?.password || process.env.REDIS_PASSWORD || undefined;
const useTLS = redisConfig?.tls !== undefined
? redisConfig.tls
: process.env.REDIS_TLS === 'true';
const caCertPath = redisConfig?.caCertPath || process.env.REDIS_CA_CERT_PATH;
const caCertName = redisConfig?.caCertName || process.env.REDIS_CA_CERT_NAME;
config.redis = {
host,
port,
};
if (password) {
config.redis.password = password;
}
if (useTLS) {
config.redis.tls = {
rejectUnauthorized: true,
servername: host,
minVersion: 'TLSv1.2',
maxVersion: 'TLSv1.3',
};
if (caCertPath && caCertName) {
try {
const fs = require('fs');
const path = require('path');
const certPath = path.join(caCertPath, caCertName);
if (fs.existsSync(certPath)) {
config.redis.tls.ca = fs.readFileSync(certPath);
}
}
catch (error) {
console.warn('Failed to load Redis CA certificate:', error);
}
}
}
return new JWTValidator(config);
}
//# sourceMappingURL=index.js.map