1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.decode = exports.verify = exports.sign = void 0;
const encode_1 = require("../../utils/encode");
const types_1 = require("./types");
const types_2 = require("./types");
var CryptoKeyFormat;
(function (CryptoKeyFormat) {
CryptoKeyFormat["RAW"] = "raw";
CryptoKeyFormat["PKCS8"] = "pkcs8";
CryptoKeyFormat["SPKI"] = "spki";
CryptoKeyFormat["JWK"] = "jwk";
})(CryptoKeyFormat || (CryptoKeyFormat = {}));
var CryptoKeyUsage;
(function (CryptoKeyUsage) {
CryptoKeyUsage["Ecrypt"] = "encrypt";
CryptoKeyUsage["Decrypt"] = "decrypt";
CryptoKeyUsage["Sign"] = "sign";
CryptoKeyUsage["Verify"] = "verify";
CryptoKeyUsage["Deriverkey"] = "deriveKey";
CryptoKeyUsage["DeriveBits"] = "deriveBits";
CryptoKeyUsage["WrapKey"] = "wrapKey";
CryptoKeyUsage["UnwrapKey"] = "unwrapKey";
})(CryptoKeyUsage || (CryptoKeyUsage = {}));
const param = (name) => {
switch (name.toUpperCase()) {
case 'HS256':
return {
name: 'HMAC',
hash: {
name: 'SHA-256',
},
};
case 'HS384':
return {
name: 'HMAC',
hash: {
name: 'SHA-384',
},
};
case 'HS512':
return {
name: 'HMAC',
hash: {
name: 'SHA-512',
},
};
default:
throw new types_2.JwtAlgorithmNotImplemented(name);
}
};
const signing = async (data, secret, alg = types_1.AlgorithmTypes.HS256) => {
if (!crypto.subtle || !crypto.subtle.importKey) {
throw new Error('`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.');
}
const cryptoKey = await crypto.subtle.importKey(CryptoKeyFormat.RAW, (0, encode_1.utf8ToUint8Array)(secret), param(alg), false, [CryptoKeyUsage.Sign]);
return await crypto.subtle.sign(param(alg), cryptoKey, (0, encode_1.utf8ToUint8Array)(data));
};
const sign = async (payload, secret, alg = types_1.AlgorithmTypes.HS256) => {
const encodedPayload = await (0, encode_1.encodeBase64URL)(JSON.stringify(payload));
const encodedHeader = await (0, encode_1.encodeBase64URL)(JSON.stringify({ alg, typ: 'JWT' }));
const partialToken = `${encodedHeader}.${encodedPayload}`;
const signature = await (0, encode_1.arrayBufferToBase64URL)(await signing(partialToken, secret, alg));
return `${partialToken}.${signature}`;
};
exports.sign = sign;
const verify = async (token, secret, alg = types_1.AlgorithmTypes.HS256) => {
const tokenParts = token.split('.');
if (tokenParts.length !== 3) {
throw new types_2.JwtTokenInvalid(token);
}
const { payload } = (0, exports.decode)(token);
if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1000)) {
throw new types_2.JwtTokenNotBefore(token);
}
if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000)) {
throw new types_2.JwtTokenExpired(token);
}
const signature = await (0, encode_1.arrayBufferToBase64URL)(await signing(tokenParts.slice(0, 2).join('.'), secret, alg));
if (signature !== tokenParts[2]) {
throw new types_2.JwtTokenSignatureMismatched(token);
}
return true;
};
exports.verify = verify;
// eslint-disable-next-line
const decode = (token) => {
try {
const [h, p] = token.split('.');
const header = JSON.parse((0, encode_1.decodeBase64URL)(h));
const payload = JSON.parse((0, encode_1.decodeBase64URL)(p));
return {
header,
payload,
};
}
catch (e) {
throw new types_2.JwtTokenInvalid(token);
}
};
exports.decode = decode;
|
