azion/packages/jwt/dist/index.mjs

Azion Packages for Edge Computing.

var u=class extends Error{constructor(r){super(`${r} is not an implemented algorithm`),this.name="JwtAlgorithmNotImplemented"}},m=class extends Error{constructor(r){super(`invalid JWT token: ${r}`),this.name="JwtTokenInvalid"}},d=class extends Error{constructor(r){super(`token (${r}) is being used before it's valid`),this.name="JwtTokenNotBefore"}},f=class extends Error{constructor(r){super(`token (${r}) expired`),this.name="JwtTokenExpired"}},y=class extends Error{constructor(r,t){super(`Incorrect "iat" claim must be a older than "${r}" (iat: "${t}")`),this.name="JwtTokenIssuedAt"}},S=class extends Error{constructor(r){super(`jwt header is invalid: ${JSON.stringify(r)}`),this.name="JwtHeaderInvalid"}},l=class extends Error{constructor(r){super(`token(${r}) signature mismatched`),this.name="JwtTokenSignatureMismatched"}};var h=(s=>(s.HS256="HS256",s.HS384="HS384",s.HS512="HS512",s.RS256="RS256",s.RS384="RS384",s.RS512="RS512",s.PS256="PS256",s.PS384="PS384",s.PS512="PS512",s.ES256="ES256",s.ES384="ES384",s.ES512="ES512",s.EdDSA="EdDSA",s))(h||{});var g=e=>P(e.replace(/_|-/g,r=>({_:"/","-":"+"})[r]??r)),w=e=>W(e).replace(/\/|\+/g,r=>({"/":"_","+":"-"})[r]??r),W=e=>{let r="",t=new Uint8Array(e);for(let a=0,n=t.length;a<n;a++)r+=String.fromCharCode(t[a]);return btoa(r)},P=e=>{let r=atob(e),t=new Uint8Array(new ArrayBuffer(r.length)),a=r.length/2;for(let n=0,o=r.length-1;n<=a;n++,o--)t[n]=r.charCodeAt(n),t[o]=r.charCodeAt(o);return t};var c=new TextEncoder,E=new TextDecoder;async function K(e,r,t){let a=v(r),n=await j(e,a);return await crypto.subtle.sign(a,n,t)}async function I(e,r,t,a){let n=v(r),o=await D(e,n);return await crypto.subtle.verify(n,o,t,a)}function x(e){return P(e.replace(/-+(BEGIN|END).*/g,"").replace(/\s/g,""))}async function j(e,r){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(R(e)){if(e.type!=="private")throw new Error(`unexpected non private key: CryptoKey.type is ${e.type}`);return e}let t=["sign"];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,r,!1,t):e.includes("PRIVATE")?await crypto.subtle.importKey("pkcs8",x(e),r,!1,t):await crypto.subtle.importKey("raw",c.encode(e),r,!1,t)}async function D(e,r){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(R(e)){if(e.type==="public"||e.type==="secret")return e;e=await H(e)}if(typeof e=="string"&&e.includes("PRIVATE")){let a=await crypto.subtle.importKey("pkcs8",x(e),r,!0,["sign"]);e=await H(a)}let t=["verify"];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,r,!1,t):e.includes("PUBLIC")?await crypto.subtle.importKey("spki",x(e),r,!1,t):await crypto.subtle.importKey("raw",c.encode(e),r,!1,t)}async function H(e){if(e.type!=="private")throw new Error(`unexpected key type: ${e.type}`);if(!e.extractable)throw new Error("unexpected private key is unextractable");let r=await crypto.subtle.exportKey("jwk",e),{kty:t}=r,{alg:a,e:n,n:o}=r,{crv:i,x:p,y:b}=r;return{kty:t,alg:a,e:n,n:o,crv:i,x:p,y:b,key_ops:["verify"]}}function v(e){switch(e){case"HS256":return{name:"HMAC",hash:{name:"SHA-256"}};case"HS384":return{name:"HMAC",hash:{name:"SHA-384"}};case"HS512":return{name:"HMAC",hash:{name:"SHA-512"}};case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}};case"RS384":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-384"}};case"RS512":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-512"}};case"PS256":return{name:"RSA-PSS",hash:{name:"SHA-256"},saltLength:32};case"PS384":return{name:"RSA-PSS",hash:{name:"SHA-384"},saltLength:48};case"PS512":return{name:"RSA-PSS",hash:{name:"SHA-512"},saltLength:64};case"ES256":return{name:"ECDSA",hash:{name:"SHA-256"},namedCurve:"P-256"};case"ES384":return{name:"ECDSA",hash:{name:"SHA-384"},namedCurve:"P-384"};case"ES512":return{name:"ECDSA",hash:{name:"SHA-512"},namedCurve:"P-521"};case"EdDSA":return{name:"Ed25519",namedCurve:"Ed25519"};default:throw new u(e)}}function R(e){return e instanceof CryptoKey}var J=e=>w(c.encode(JSON.stringify(e))).replace(/=/g,""),$=e=>w(e).replace(/=/g,""),T=e=>JSON.parse(E.decode(g(e)));function k(e){if(typeof e=="object"&&e!==null){let r=e;return"alg"in r&&Object.values(h).includes(r.alg)&&(!("typ"in r)||r.typ==="JWT")}return!1}var B=async(e,r,t="HS256")=>{let a=J(e),o=`${J({alg:t,typ:"JWT"})}.${a}`,i=await K(r,t,c.encode(o)),p=$(i);return`${o}.${p}`},C=async(e,r,t="HS256")=>{let a=e.split(".");if(a.length!==3)throw new m(e);let{header:n,payload:o}=A(e);if(!k(n))throw new S(n);let i=Math.floor(Date.now()/1e3);if(o.nbf&&o.nbf>i)throw new d(e);if(o.exp&&o.exp<=i)throw new f(e);if(o.iat&&i<o.iat)throw new y(i,o.iat);let p=e.substring(0,e.lastIndexOf("."));if(!await I(r,t,g(a[2]),c.encode(p)))throw new l(e);return o},A=e=>{try{let[r,t]=e.split("."),a=T(r),n=T(t);return{header:a,payload:n}}catch{throw new m(e)}};var L={decode:A,sign:B,verify:C};var te=L;export{A as decode,te as default,B as sign,C as verify};