passport-jose/dist/strategy.js

Passport JWT strategy with EdDSA, ES256 and modern cryptographic algorithm support via JOSE

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.Strategy = void 0;
const passport_strategy_1 = require("passport-strategy");
const jose = __importStar(require("jose"));
class Strategy extends passport_strategy_1.Strategy {
    name = 'jwt';
    _getKeyOrSecret;
    _verify;
    _jwtFromRequest;
    _passReqToCallback;
    _verifyOpts;
    constructor(options, verify) {
        super();
        const _sumOptions = options;
        if (_sumOptions.withSecretOrKey && _sumOptions.withKeyProvider) {
            throw new TypeError('JwtStrategy has been given both a withSecretOrKey and a withKeyProvider');
        }
        else if (!_sumOptions.withSecretOrKey && !_sumOptions.withKeyProvider) {
            throw new TypeError('JwtStrategy requires either a withSecretOrKey or a withKeyProvider');
        }
        if (options.withKeyProvider) {
            this._getKeyOrSecret = options.withKeyProvider;
        }
        else {
            this._getKeyOrSecret = (_request, _jwt, done) => done(null, options.withSecretOrKey);
        }
        this._verify = verify;
        if (!this._verify) {
            throw new TypeError('JwtStrategy requires a verify callback');
        }
        this._jwtFromRequest = options.jwtFromRequest;
        if (!this._jwtFromRequest) {
            throw new TypeError('JwtStrategy requires a function to retrieve jwt from requests (see option jwtFromRequest)');
        }
        this._passReqToCallback = Boolean(options.passReqToCallback);
        this._verifyOpts = {
            audience: options.audience,
            issuer: options.issuer,
            algorithms: options.algorithms,
            clockTolerance: options.clockTolerance,
            subject: options.subject,
            maxTokenAge: options.maxTokenAge,
            typ: options.typ,
            requiredClaims: options.requiredClaims,
            crit: options.crit,
        };
    }
    static JwtVerifier(token, secretOrKeyOrGetKey, options, callback) {
        jose
            .jwtVerify(token, secretOrKeyOrGetKey, options)
            .then(({ payload }) => callback(null, payload))
            .catch(callback);
    }
    authenticate(req) {
        const token = this._jwtFromRequest(req);
        if (!token) {
            return this.fail(this._challenge('No auth token'), 400);
        }
        this._getKeyOrSecret(req, token, (secretOrKeyError, secretOrKey) => {
            if (secretOrKeyError) {
                return this.fail(typeof secretOrKeyError === 'string' ? secretOrKeyError : secretOrKeyError.message, 400);
            }
            Strategy.JwtVerifier(token, secretOrKey, this._verifyOpts, (err, payload) => {
                if (err) {
                    return this.fail(this._challenge(err.message), 400);
                }
                if (!payload) {
                    return this.fail(this._challenge('Invalid token payload'), 400);
                }
                const verified = (err, user, info) => {
                    if (err) {
                        return this.error(err);
                    }
                    else if (!user) {
                        return this.fail(info, 400);
                    }
                    else {
                        return this.success(user, info);
                    }
                };
                try {
                    if (this._passReqToCallback) {
                        this._verify(req, payload, verified);
                    }
                    else {
                        this._verify(payload, verified);
                    }
                }
                catch (err) {
                    this.error(err);
                }
            });
        });
    }
    _challenge(description, code) {
        let challenge = 'Bearer realm="Users"';
        if (code) {
            challenge += `, error="${code}"`;
        }
        if (description) {
            challenge += `, error_description="${description}"`;
        }
        return challenge;
    }
}
exports.Strategy = Strategy;