UNPKG

lib0

Version:

> Monorepo of isomorphic utility functions

github.com/dmonad/lib0

dmonad/lib0

97 lines (88 loc) 2.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); var error = require('./error-8582d695.cjs'); var buffer = require('./buffer-c775e94f.cjs'); var string = require('./string-3cd7a2db.cjs'); var json = require('./json-092190a1.cjs'); var ecdsa = require('./ecdsa.cjs'); var time = require('./time-bc2081b9.cjs'); require('./environment-a22d11e0.cjs'); require('./map-0dabcc55.cjs'); require('./conditions-f5c0c102.cjs'); require('./storage.cjs'); require('./function-a29189eb.cjs'); require('./array-f0f52786.cjs'); require('./set-a0a3ea69.cjs'); require('./object-315a738b.cjs'); require('./traits.cjs'); require('./math-08e068f9.cjs'); require('./encoding-cbd8e85d.cjs'); require('./number-466d8922.cjs'); require('./binary-ac8e39e2.cjs'); require('./decoding-a2e1942e.cjs'); require('lib0/webcrypto'); require('./common.cjs'); require('./metric.cjs'); /** * @param {Object} data */ const _stringify = data => buffer.toBase64UrlEncoded(string.encodeUtf8(json.stringify(data))); /** * @param {string} base64url */ const _parse = base64url => json.parse(string.decodeUtf8(buffer.fromBase64UrlEncoded(base64url))); /** * @param {CryptoKey} privateKey * @param {Object} payload */ const encodeJwt = (privateKey, payload) => { const { name: algName, namedCurve: algCurve } = /** @type {any} */ (privateKey.algorithm); /* c8 ignore next 3 */ if (algName !== 'ECDSA' || algCurve !== 'P-384') { error.unexpectedCase(); } const header = { alg: 'ES384', typ: 'JWT' }; const jwt = _stringify(header) + '.' + _stringify(payload); return ecdsa.sign(privateKey, string.encodeUtf8(jwt)).then(signature => jwt + '.' + buffer.toBase64UrlEncoded(signature) ) }; /** * @param {CryptoKey} publicKey * @param {string} jwt */ const verifyJwt = async (publicKey, jwt) => { const [headerBase64, payloadBase64, signatureBase64] = jwt.split('.'); const verified = await ecdsa.verify(publicKey, buffer.fromBase64UrlEncoded(signatureBase64), string.encodeUtf8(headerBase64 + '.' + payloadBase64)); /* c8 ignore next 3 */ if (!verified) { throw new Error('Invalid JWT') } const payload = _parse(payloadBase64); if (payload.exp != null && time.getUnixTime() > payload.exp) { throw new Error('Expired JWT') } return { header: _parse(headerBase64), payload } }; /** * Decode a jwt without verifying it. Probably a bad idea to use this. Only use if you know the jwt was already verified! * * @param {string} jwt */ const unsafeDecode = jwt => { const [headerBase64, payloadBase64] = jwt.split('.'); return { header: _parse(headerBase64), payload: _parse(payloadBase64) } }; exports.encodeJwt = encodeJwt; exports.unsafeDecode = unsafeDecode; exports.verifyJwt = verifyJwt; //# sourceMappingURL=jwt.cjs.map