UNPKG

hono

Version:

Web framework built on Web Standards

hono.dev

honojs/hono

112 lines (111 loc) 3.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
// src/middleware/jwt/jwt.ts import { getCookie, getSignedCookie } from "../../helper/cookie/index.js"; import { HTTPException } from "../../http-exception.js"; import { Jwt } from "../../utils/jwt/index.js"; import "../../context.js"; var jwt = (options) => { const verifyOpts = options.verification || {}; if (!options || !options.secret) { throw new Error('JWT auth middleware requires options for "secret"'); } if (!crypto.subtle || !crypto.subtle.importKey) { throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it."); } return async function jwt2(ctx, next) { const headerName = options.headerName || "Authorization"; const credentials = ctx.req.raw.headers.get(headerName); let token; if (credentials) { const parts = credentials.split(/\s+/); if (parts.length !== 2) { const errDescription = "invalid credentials structure"; throw new HTTPException(401, { message: errDescription, res: unauthorizedResponse({ ctx, error: "invalid_request", errDescription }) }); } else { token = parts[1]; } } else if (options.cookie) { if (typeof options.cookie == "string") { token = getCookie(ctx, options.cookie); } else if (options.cookie.secret) { if (options.cookie.prefixOptions) { token = await getSignedCookie( ctx, options.cookie.secret, options.cookie.key, options.cookie.prefixOptions ); } else { token = await getSignedCookie(ctx, options.cookie.secret, options.cookie.key); } } else { if (options.cookie.prefixOptions) { token = getCookie(ctx, options.cookie.key, options.cookie.prefixOptions); } else { token = getCookie(ctx, options.cookie.key); } } } if (!token) { const errDescription = "no authorization included in request"; throw new HTTPException(401, { message: errDescription, res: unauthorizedResponse({ ctx, error: "invalid_request", errDescription }) }); } let payload; let cause; try { payload = await Jwt.verify(token, options.secret, { alg: options.alg, ...verifyOpts }); } catch (e) { cause = e; } if (!payload) { throw new HTTPException(401, { message: "Unauthorized", res: unauthorizedResponse({ ctx, error: "invalid_token", statusText: "Unauthorized", errDescription: "token verification failure" }), cause }); } ctx.set("jwtPayload", payload); await next(); }; }; function unauthorizedResponse(opts) { return new Response("Unauthorized", { status: 401, statusText: opts.statusText, headers: { "WWW-Authenticate": `Bearer realm="${opts.ctx.req.url}",error="${opts.error}",error_description="${opts.errDescription}"` } }); } var verifyWithJwks = Jwt.verifyWithJwks; var verify = Jwt.verify; var decode = Jwt.decode; var sign = Jwt.sign; export { decode, jwt, sign, verify, verifyWithJwks };