UNPKG

middy-middleware-jwt-auth

Version:

A middy JSON web token authorization middleware inspired by express-jwt.

github.com/dbartholomae/middy-middleware-jwt-auth

dbartholomae/middy-middleware-jwt-auth

49 lines (48 loc) 3.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
/** * # JWT Auth Middleware * ## Errors * All errors are created via [http-errors](https://www.npmjs.com/package/http-errors) and therefore follow that format. * This allows to use middleware like * [httpErrorHandler](https://github.com/middyjs/middy/blob/master/docs/middlewares.md#httperrorhandler) to handle these * errors. In addition to a human readable message they contain a machine readable error type in the property `type`. * The following error types (status codes) exist: * * __EventAuthNotEmpty (400)__ is thrown if event.auth was not undefined before hitting this middleware. * This is necessary to avoid attacks where no Authorization header is set and event.auth is set directly * to circumvent the check. * * __WrongAuthFormat (401)__ is thrown if the Authorization header is not of the form "Bearer token" * * __MultipleAuthorizationHeadersSet (400)__ is thrown if both authorization and Authorization headers are set * * __TokenExpiredError (401)__ is thrown if the token expired. `expiredAt` is set to the date when the token expired. * * __NotBeforeError (401)__ is thrown if the token isn't valid yet. `date` is set to the date when it will become valid. * * __InvalidToken (401)__ is thrown if the token cannot be verified with the secret or public key * * __TokenPayloadMalformedError (400)__ is thrown if a token payload type guard is given and if it rejects the token payload * used to set up the middleware */ /** An additional comment to make sure Typedoc attributes the comment above to the file itself */ import middy from "@middy/core"; import { EncryptionAlgorithms, IAuthOptions, isAuthOptions } from "./interfaces/IAuthOptions"; /** The actual middleware */ export declare class JWTAuthMiddleware<Payload> { private options; static create<Payload = unknown>(options: IAuthOptions<Payload>): JWTAuthMiddleware<Payload>; /** The logger used in the module */ private readonly logger; /** Creates a new JWT Auth middleware */ constructor(options: IAuthOptions<Payload>); /** * Checks for an authentication token, saves its content to event.auth and throws errors if anything fishy goes on. * It will pass if no authorization header is present, but will ensure that event.auth is undefined in those cases. * Authorization or authorization headers will both be checked. If both exist, the middleware will throw an error. * If options.tokenSource is set, then that function will be used to retrieve the token and Headers will serve as * fallback. * @param event - The event to check */ before: middy.MiddlewareFn; /** Extracts a token from an authorization header. */ private getTokenFromAuthHeader; /** Extracts a token from a source defined in the options. */ private getTokenFromSource; } declare const _default: typeof JWTAuthMiddleware.create; export default _default; export { EncryptionAlgorithms, IAuthOptions, isAuthOptions }; export { IAuthorizedEvent, isAuthorizedEvent, } from "./interfaces/IAuthorizedEvent";