UNPKG

@theoptimalpartner/jwt-auth-validator

Version:

JWT token validation package with offline JWKS validation and Redis-based token revocation support

137 lines 4.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import jwt from 'jsonwebtoken'; export class TokenBlacklistService { redisService = null; initialized = false; constructor(redisService) { if (redisService) { this.redisService = redisService; } } initialize(redisService) { if (redisService) { this.redisService = redisService; } if (!this.redisService) { throw new Error('Redis service is required for token blacklist'); } this.initialized = true; } async addToBlacklist(token, expiresAt) { if (!this.initialized || !this.redisService) { throw new Error('TokenBlacklistService not initialized'); } try { const currentTime = Math.floor(Date.now() / 1000); const ttl = Math.max(0, expiresAt - currentTime); if (ttl > 0) { const tokenHash = this.getTokenHash(token); await this.redisService.saveRevokedToken(tokenHash, ttl); } } catch (error) { console.error('Error adding token to blacklist:', error); throw error; } } async isBlacklisted(token) { if (!this.initialized || !this.redisService) { return false; } try { const tokenHash = this.getTokenHash(token); return await this.redisService.isTokenRevoked(tokenHash); } catch (error) { console.error('Error checking blacklist:', error); return false; } } getTokenId(token) { try { const decoded = jwt.decode(token); if (decoded?.jti) { return decoded.jti; } if (decoded?.sub && decoded.iat) { return `${decoded.sub}:${decoded.iat}`; } return this.getTokenHash(token); } catch (error) { console.error('Error getting token ID:', error); return this.getTokenHash(token); } } getTokenHash(token) { const tokenSuffix = token.slice(-32); return Buffer.from(tokenSuffix).toString('base64'); } async invalidateUserTokens(userId, tokens) { if (!this.initialized || !this.redisService) { throw new Error('TokenBlacklistService not initialized'); } try { const promises = tokens.map(async (token) => { try { const decoded = jwt.decode(token); if (decoded?.exp) { await this.addToBlacklist(token, decoded.exp); } } catch (error) { console.error(`Error invalidating token for user ${userId}:`, error); } }); await Promise.all(promises); } catch (error) { console.error('Error invalidating user tokens:', error); throw error; } } async addMultipleToBlacklist(tokens) { if (!this.initialized || !this.redisService) { throw new Error('TokenBlacklistService not initialized'); } try { const promises = tokens.map(({ token, expiresAt }) => this.addToBlacklist(token, expiresAt)); await Promise.all(promises); } catch (error) { console.error('Error adding multiple tokens to blacklist:', error); throw error; } } async checkMultipleTokens(tokens) { if (!this.initialized || !this.redisService) { return tokens.map(() => false); } try { const promises = tokens.map((token) => this.isBlacklisted(token)); return await Promise.all(promises); } catch (error) { console.error('Error checking multiple tokens:', error); return tokens.map(() => false); } } async getStats() { try { const connectionStatus = this.redisService?.isConnected ? 'connected' : 'disconnected'; return { service: 'Redis', connectionStatus, initialized: this.initialized, }; } catch (error) { return { service: 'Redis', connectionStatus: 'error', error: error instanceof Error ? error.message : String(error), initialized: this.initialized, }; } } } //# sourceMappingURL=token-blacklist-service.js.map