UNPKG

azion

Version:

Azion Packages for Edge Computing.

3 lines (2 loc) 5.38 kB
"use strict";Object.defineProperties(exports,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}});class g extends Error{constructor(t){super(`${t} is not an implemented algorithm`),this.name="JwtAlgorithmNotImplemented"}}class h extends Error{constructor(t){super(`invalid JWT token: ${t}`),this.name="JwtTokenInvalid"}}class J extends Error{constructor(t){super(`token (${t}) is being used before it's valid`),this.name="JwtTokenNotBefore"}}class x extends Error{constructor(t){super(`token (${t}) expired`),this.name="JwtTokenExpired"}}class K extends Error{constructor(t,r){super(`Incorrect "iat" claim must be a older than "${t}" (iat: "${r}")`),this.name="JwtTokenIssuedAt"}}class R extends Error{constructor(t){super(`jwt header is invalid: ${JSON.stringify(t)}`),this.name="JwtHeaderInvalid"}}class C extends Error{constructor(t){super(`token(${t}) signature mismatched`),this.name="JwtTokenSignatureMismatched"}}var i=(e=>(e.Encrypt="encrypt",e.Decrypt="decrypt",e.Sign="sign",e.Verify="verify",e.DeriveKey="deriveKey",e.DeriveBits="deriveBits",e.WrapKey="wrapKey",e.UnwrapKey="unwrapKey",e))(i||{}),m=(e=>(e.HS256="HS256",e.HS384="HS384",e.HS512="HS512",e.RS256="RS256",e.RS384="RS384",e.RS512="RS512",e.PS256="PS256",e.PS384="PS384",e.PS512="PS512",e.ES256="ES256",e.ES384="ES384",e.ES512="ES512",e.EdDSA="EdDSA",e))(m||{});const y=e=>E(e.replace(/_|-/g,t=>({_:"/","-":"+"})[t]??t)),b=e=>I(e).replace(/\/|\+/g,t=>({"/":"_","+":"-"})[t]??t),I=e=>{let t="";const r=new Uint8Array(e);for(let n=0,a=r.length;n<a;n++)t+=String.fromCharCode(r[n]);return btoa(t)},E=e=>{const t=atob(e),r=new Uint8Array(new ArrayBuffer(t.length)),n=t.length/2;for(let a=0,s=t.length-1;a<=n;a++,s--)r[a]=t.charCodeAt(a),r[s]=t.charCodeAt(s);return r},u=new TextEncoder,$=new TextDecoder;async function D(e,t,r){const n=v(t),a=await B(e,n);return await crypto.subtle.sign(n,a,r)}async function j(e,t,r,n){const a=v(t),s=await T(e,a);return await crypto.subtle.verify(a,s,r,n)}function d(e){return E(e.split(` `).filter(t=>!t.includes("BEGIN")&&!t.includes("END")).join("").replace(/\s/g,""))}async function B(e,t){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(P(e)){if(e.type!=="private")throw new Error(`unexpected non private key: CryptoKey.type is ${e.type}`);return e}const r=[i.Sign];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,t,!1,r):e.includes("PRIVATE")?await crypto.subtle.importKey("pkcs8",d(e),t,!1,r):await crypto.subtle.importKey("raw",u.encode(e),t,!1,r)}async function T(e,t){if(!crypto.subtle||!crypto.subtle.importKey)throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");if(P(e)){if(e.type==="public"||e.type==="secret")return e;e=await p(e)}if(typeof e=="string"&&e.includes("PRIVATE")){const n=await crypto.subtle.importKey("pkcs8",d(e),t,!0,[i.Sign]);e=await p(n)}const r=[i.Verify];return typeof e=="object"?await crypto.subtle.importKey("jwk",e,t,!1,r):e.includes("PUBLIC")?await crypto.subtle.importKey("spki",d(e),t,!1,r):await crypto.subtle.importKey("raw",u.encode(e),t,!1,r)}async function p(e){if(e.type!=="private")throw new Error(`unexpected key type: ${e.type}`);if(!e.extractable)throw new Error("unexpected private key is unextractable");const t=await crypto.subtle.exportKey("jwk",e),{kty:r}=t,{alg:n,e:a,n:s}=t,{crv:o,x:c,y:l}=t;return{kty:r,alg:n,e:a,n:s,crv:o,x:c,y:l,key_ops:[i.Verify]}}function v(e){switch(e){case"HS256":return{name:"HMAC",hash:{name:"SHA-256"}};case"HS384":return{name:"HMAC",hash:{name:"SHA-384"}};case"HS512":return{name:"HMAC",hash:{name:"SHA-512"}};case"RS256":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}};case"RS384":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-384"}};case"RS512":return{name:"RSASSA-PKCS1-v1_5",hash:{name:"SHA-512"}};case"PS256":return{name:"RSA-PSS",hash:{name:"SHA-256"},saltLength:32};case"PS384":return{name:"RSA-PSS",hash:{name:"SHA-384"},saltLength:48};case"PS512":return{name:"RSA-PSS",hash:{name:"SHA-512"},saltLength:64};case"ES256":return{name:"ECDSA",hash:{name:"SHA-256"},namedCurve:"P-256"};case"ES384":return{name:"ECDSA",hash:{name:"SHA-384"},namedCurve:"P-384"};case"ES512":return{name:"ECDSA",hash:{name:"SHA-512"},namedCurve:"P-521"};case"EdDSA":return{name:"Ed25519",namedCurve:"Ed25519"};default:throw new g(e)}}function P(e){return e instanceof CryptoKey}const w=e=>b(u.encode(JSON.stringify(e))).replace(/=/g,""),N=e=>b(e).replace(/=/g,""),f=e=>JSON.parse($.decode(y(e)));function _(e){if(typeof e=="object"&&e!==null){const t=e;return"alg"in t&&Object.values(m).includes(t.alg)&&(!("typ"in t)||t.typ==="JWT")}return!1}const A=async(e,t,r="HS256")=>{const n=w(e),s=`${w({alg:r,typ:"JWT"})}.${n}`,o=await D(t,r,u.encode(s)),c=N(o);return`${s}.${c}`},H=async(e,t,r="HS256")=>{const n=e.split(".");if(n.length!==3)throw new h(e);const{header:a,payload:s}=S(e);if(!_(a))throw new R(a);const o=Math.floor(Date.now()/1e3);if(s.nbf&&s.nbf>o)throw new J(e);if(s.exp&&s.exp<=o)throw new x(e);if(s.iat&&o<s.iat)throw new K(o,s.iat);const c=e.substring(0,e.lastIndexOf("."));if(!await j(t,r,y(n[2]),u.encode(c)))throw new C(e);return s},S=e=>{try{const[t,r]=e.split("."),n=f(t),a=f(r);return{header:n,payload:a}}catch{throw new h(e)}},M={decode:S,sign:A,verify:H};exports.decode=S;exports.default=M;exports.sign=A;exports.verify=H;