UNPKG

@theoptimalpartner/jwt-auth-validator

Version:

JWT token validation package with offline JWKS validation and Redis-based token revocation support

92 lines 3.95 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import { SSMClient, GetParameterCommand } from '@aws-sdk/client-ssm'; export class SSMService { static client = null; static certificateCache = new Map(); static getClient() { if (!this.client) { const clientConfig = { region: process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1' }; if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) { clientConfig.credentials = { accessKeyId: process.env.AWS_ACCESS_KEY_ID, secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY, ...(process.env.AWS_SESSION_TOKEN && { sessionToken: process.env.AWS_SESSION_TOKEN }) }; } if (process.env.AWS_SSM_ENDPOINT) { clientConfig.endpoint = process.env.AWS_SSM_ENDPOINT; } this.client = new SSMClient(clientConfig); } return this.client; } static async getCACertificate(certPath, certName) { const fullPath = `/${certPath}/${certName}`; if (this.certificateCache.has(fullPath)) { console.log('📋 Using cached certificate from SSM'); const cached = this.certificateCache.get(fullPath); if (cached) { return cached; } } try { const region = process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1'; const hasCredentials = !!(process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY); console.log(`📡 Getting certificate from Parameter Store: ${fullPath}`); console.log(`🌍 AWS Region: ${region}`); console.log(`🔑 Credentials configured: ${hasCredentials ? 'Yes' : 'No (using IAM role/profile)'}`); const client = this.getClient(); const command = new GetParameterCommand({ Name: fullPath, WithDecryption: true, }); const response = await client.send(command); if (!response.Parameter || typeof response.Parameter.Value !== 'string') { throw new Error(`Certificate parameter not found or invalid: ${fullPath}`); } this.certificateCache.set(fullPath, response.Parameter.Value); console.log('✅ Certificate obtained from SSM and cached'); return response.Parameter.Value; } catch (error) { console.error(`❌ Error getting certificate from SSM (${fullPath}):`, error); throw error; } } static async getParameter(parameterName, withDecryption = true) { if (this.certificateCache.has(parameterName)) { const cached = this.certificateCache.get(parameterName); if (cached) { return cached; } } try { const client = this.getClient(); const command = new GetParameterCommand({ Name: parameterName, WithDecryption: withDecryption, }); const response = await client.send(command); if (!response.Parameter || typeof response.Parameter.Value !== 'string') { throw new Error(`Parameter not found or invalid: ${parameterName}`); } this.certificateCache.set(parameterName, response.Parameter.Value); return response.Parameter.Value; } catch (error) { console.error(`❌ Error getting parameter from SSM (${parameterName}):`, error); throw error; } } static clearCache() { this.certificateCache.clear(); } static getCacheStats() { return { size: this.certificateCache.size, keys: Array.from(this.certificateCache.keys()) }; } } //# sourceMappingURL=ssm-service.js.map