UNPKG

workspace-integrations

Version:

Webex Workspace Integrations NodeJS SDK

github.com/cisco-ce/workspace-integrations-nodejs

cisco-ce/workspace-integrations-nodejs

75 lines (74 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.decodeAndVerify = void 0; // const jwt = require('jsonwebtoken'); // const jwksClient = require('jwks-rsa'); const jsonwebtoken_1 = require("jsonwebtoken"); const jwks_rsa_1 = require("jwks-rsa"); // the 'region' field in the jwt matches the key here: const keyUrls = { 'us-west-2_r': 'https://xapi-r.wbx2.com/jwks', 'us-east-2_a': 'https://xapi-a.wbx2.com/jwks', 'eu-central-1_k': 'https://xapi-k.wbx2.com/jwks', 'us-east-1_int13': 'https://xapi-intb.wbx2.com/jwks', 'us-gov-west-1_a1': 'https://xapi.gov.ciscospark.com/jwks', }; const inMemoryJti = new Set(); const defaultRegion = 'us-east-2_a'; async function getKey(jwksUri, kid) { const client = new jwks_rsa_1.JwksClient({ jwksUri, }); const key = await client.getSigningKey(kid); const signingKey = key.getPublicKey(); return signingKey; } async function validate(jwtToken) { const decoded = (0, jsonwebtoken_1.decode)(jwtToken, { complete: true }); if (!decoded) { throw new Error('Not able to decode JWT'); } const { header, payload } = decoded; if (typeof payload !== 'object' || typeof header !== 'object') { throw new Error('Not able to decode JWT'); } const { kid } = header; const { region, expiryTime, iat, jti } = payload; if (!jti || inMemoryJti.has(jti)) { throw new Error('JWT jti not valid'); } else { inMemoryJti.add(jti); } if (expiryTime) { const expiry = new Date(expiryTime); const now = new Date(); if (now.getTime() > expiry.getTime()) { throw new Error('JWT expired'); } } else { const fiveMinutesAgo = Date.now() - 5 * 60 * 1000; const expiry = iat ? iat * 1000 : 0; if (expiry < fiveMinutesAgo) { throw new Error('JWT iat too old'); } } const keyUrl = keyUrls[region || defaultRegion]; if (!kid) { throw new Error('Not able to find kid'); } const key = await getKey(keyUrl, kid); return (0, jsonwebtoken_1.verify)(jwtToken, key); } async function decodeAndVerify(jwtToken) { try { return await validate(jwtToken); } catch (e) { // console.log(e); console.log(e instanceof Error ? e.message : e); return false; } } exports.decodeAndVerify = decodeAndVerify;