UNPKG

jaunty

Version:

A simple, all-in-one, lightweight JWT authentication and authorization middleware for express.

github.com/labsvisual/jaunty

labsvisual/jaunty

151 lines (96 loc) 3.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
const jwt = require( 'jsonwebtoken' ); const Utils = require( './utils' ); const Errors = require( './errors' ); /** * Creates a new instance of the Jaunty JWT middleware. * * @param {object} opts - the options to use for configuring the instance * @param {string} opts.signingSecret - the secret which was used to sign the JWT * @param {Set<string>} [opts.ignoreAuthentication] - contains a set of routes which are ignored by the middleware * @param {object} [opts.attachments] - specifies where, if any, Jaunty should deserialize the user * @param {string} [opts.attachments.request=user] - specifies the name of the property on the request object * where the deserilized user data resides * * @returns {function} a middleware function */ module.exports.createInstance = function createInstance( opts ) { opts = Utils.normalizeOptions( opts ); if ( opts.validate ) { if ( opts.validate.length === 2 ) { opts.validate = Utils.wrapCallbackInPromise( opts.validate ); } } else { opts.validate = Utils.NOOP; } const verifyJwt = Utils.wrapCallbackInPromise( jwt.verify ); const jauntyMiddleware = async function jauntyMiddleware( request, _, next ) { if ( request.method.toLowerCase() === 'options' || ( opts.ignoreAuthentication.has( request.originalUrl ) ) ) { return next(); } let token; let decodedToken; if ( request.headers && request.headers.authorization ) { const [ scheme, jwtToken ] = request.headers.authorization.split( ' ' ); if ( !scheme || !jwtToken || scheme.toLowerCase() !== 'bearer' ) { return next( new Errors.BadSchemeError( 'Invalid header format received.' ) ); } token = jwtToken; } else { return next( new Errors.BadSchemeError( 'Request headers for authorization were not set.' ) ); } try { /* * Decode the token first because this operation is cheap and if the * token is invalid (encoding-wise), we can reject it here. */ decodedToken = jwt.decode( token, { complete: true } ); } catch ( error ) { /* istanbul ignore next */ return next( new Errors.BadTokenError() ); } // https://github.com/brianloveswords/node-jws/blob/master/lib/verify-stream.js#L62 // https://github.com/auth0/node-jsonwebtoken/blob/master/decode.js#L6 if ( !decodedToken ) { return next( new Errors.BadTokenError() ); } try { await verifyJwt( token, opts.signingSecret ); } catch ( error ) { return next( new Errors.UnauthorizedError() ); } try { const resolution = await opts.validate( decodedToken ); if ( typeof resolution !== 'object' ) { return next( new TypeError( 'Expected the "options.validate" method to return an Object. ' + `Got "${ typeof resolution }".` ) ); } if ( resolution.isValid ) { request[ opts.attachments.request ] = ( resolution.__NOOP__ ) ? { isNoop: true, ...decodedToken } : resolution.payload || decodedToken.payload; return next(); } return next( new Errors.UnauthorizedError() ); } catch ( error ) { return next( error ); } }; jauntyMiddleware.unless = require( 'express-unless' ); return jauntyMiddleware; }; module.exports.Errors = Errors; module.exports.createACL = require( './acl' );