@txstate-mws/graphql-server
Version:
A simple graphql server designed to work with typegraphql.
56 lines (55 loc) • 1.92 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.QueryDigest = void 0;
exports.composeQueryDigest = composeQueryDigest;
const jose_1 = require("jose");
const crypto_1 = require("crypto");
// https://nodejs.org/api/crypto.html#crypto
function composeQueryDigest(clientId, query) {
return (0, crypto_1.createHmac)('sha256', clientId).update(query).digest('hex');
}
class QueryDigest {
constructor(req) {
this.jwtToken = this.tokenFromReq(req);
}
static init() {
const secret = process.env.JWT_QUERY_DIGEST_PUBLIC_KEY;
if (secret != null) {
this.jwtQueryPublicKey = (0, crypto_1.createPublicKey)(secret);
}
else {
throw new Error('JWT query signature secret has not been set. The server is misconfigured.');
}
}
tokenFromReq(req) {
const token = req.body.extensions?.querySignature;
// If token header is an array then drop as undefined;
// for security there should only be one x-query-digest header
if (typeof token === 'string') {
return token;
}
else {
return undefined;
}
}
async getVerifiedDigest() {
if (this.jwtToken) {
try {
// NOTE: eventually we may get jwtQueryPublicKey from server via async request.
const claim = await (0, jose_1.jwtVerify)(this.jwtToken, QueryDigest.jwtQueryPublicKey);
const payload = claim.payload;
return payload.qd;
}
catch (e) {
// Treat token with invalid signature as if token doesn't exist
// but log failure signature validation.
console.error(e);
return undefined;
}
}
else {
return undefined;
}
}
}
exports.QueryDigest = QueryDigest;