UNPKG

@veloze/jwt

Version:

todo

github.com/commenthol/veloze-jwt

commenthol/veloze-jwt

121 lines (103 loc) 3.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import * as jose from 'jose' import { HttpError } from 'veloze/src/HttpError.js' import { decodeJwt } from './decodeJwt.js' /** @typedef {import('veloze').Request} Request */ /** @typedef {import('veloze').Response} Response */ /** @typedef {import('veloze').Handler} Handler */ /** @typedef {import('jose').JWTVerifyOptions} JWTVerifyOptions */ /** @typedef {import('./decodeJwt.js').DecodedJWT} DecodedJWT */ /** @typedef {import('./jwks.js').KeyLike} KeyLike */ /** @typedef {import('./jwks.js').GetKeyLikeFn} GetKeyLikeFn */ /** * @typedef {object} JwtAuth * @property {string|Uint8Array|GetKeyLikeFn} secret * @property {string} [requestProperty='auth'] property on the request object to set the decoded JWT payload on */ /** @typedef {JwtAuth & JWTVerifyOptions} JwtOptions*/ /** * @throws {HttpError} throws validation errors as HttpError(401) * @param {JwtOptions} options * @returns {Handler} */ export function jwtAuth(options) { const { secret, requestProperty = 'auth', ...verifyOptions } = options || {} if (!secret) throw new TypeError('need secret') const _secret = typeof secret === 'string' ? new TextEncoder().encode(secret) : secret const getKey = typeof secret === 'function' ? secret : async () => _secret return async function _jwtAuth(req, _res) { req[requestProperty] = undefined const { authorization } = req.headers if (!authorization) { throw new HttpError(401) } const [type, token] = String(authorization).split(' ', 2) if (type !== 'Bearer') { throw new HttpError(401, 'Bearer token authorization expected') } if (!token) { throw new HttpError(401, 'No bearer token found') } /** @type {DecodedJWT} */ let decodedToken let key try { decodedToken = decodeJwt(token) key = await getKey(decodedToken) } catch (/** @type {Error|any} */ err) { throw new HttpError(401, 'Invalid Token', err) } if (!key) { throw new HttpError(401) } try { // @ts-expect-error const decoded = await jose.jwtVerify(token, key, verifyOptions) req[requestProperty] = decoded.payload } catch (/** @type {Error|any} */ err) { throw new HttpError(401, 'Invalid Token', err) } await immediate() } } /** * does not throw on errors, just passes. If valid token was found, sets * req[requestProperty] * @param {JwtOptions} options * @returns {Handler} */ export function jwtAuthPass(options) { const { secret, requestProperty = 'auth', ...verifyOptions } = options || {} if (!secret) throw new TypeError('need secret') const _secret = typeof secret === 'string' ? new TextEncoder().encode(secret) : secret const getKey = typeof secret === 'function' ? secret : async () => _secret return async function _jwtAuthPass(req, _res) { req[requestProperty] = undefined const { authorization } = req.headers if (!authorization) { return } const [type, token] = String(authorization).split(' ', 2) if (type !== 'Bearer' || !token) { return } /** @type {DecodedJWT} */ let decodedToken let key try { decodedToken = decodeJwt(token) key = await getKey(decodedToken) if (!key) { return } // @ts-expect-error const decoded = await jose.jwtVerify(token, key, verifyOptions) req[requestProperty] = decoded.payload await immediate() } catch (/** @type {Error|any} */ err) { return } } } const immediate = () => new Promise((resolve) => setImmediate(() => resolve(0)))