From 43879de15ecd663ede1cbe0f53286246c9b92c47 Mon Sep 17 00:00:00 2001
From: Tobias Schneider <mail@tobias-schneider.io>
Date: Wed, 1 Jun 2022 15:09:25 +0200
Subject: [PATCH] Implement `throwError` option for `.verify()`.

---
 index.d.ts   |  3 +++
 index.js     | 12 +++++++++---
 package.json |  2 +-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/index.d.ts b/index.d.ts
index 30cf1ea..34967b8 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -13,6 +13,7 @@ declare class JWT {
      * @param {object} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
      * @param {string} secret A string which is used to sign the payload.
      * @param {JWTSignOptions | JWTAlgorithm} options The options object or the algorithm.
+     * @throws {Error} If there's a validation issue.
      * @returns {Promise<string>} Returns token as a `string`.
      */
     sign(payload: object, secret: string, options?: JWTSignOptions | JWTAlgorithm): Promise<string>
@@ -23,6 +24,7 @@ declare class JWT {
      * @param {string} token The token string generated by `jwt.sign()`.
      * @param {string} secret The string which was used to sign the payload.
      * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
+     * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
      * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 
      */
     verify(token: string, secret: string, options?: JWTVerifyOptions | JWTAlgorithm): Promise<boolean>
@@ -46,6 +48,7 @@ type JWTSignOptions = {
 
 type JWTVerifyOptions = {
     algorithm?: JWTAlgorithm
+    throwError?: boolean
 }
 
 export = _exports
\ No newline at end of file
diff --git a/index.js b/index.js
index 660229d..c908383 100644
--- a/index.js
+++ b/index.js
@@ -79,7 +79,7 @@ class JWT {
         const signature = await crypto.subtle.sign(importAlgorithm, key, this._utf8ToUint8Array(partialToken))
         return `${partialToken}.${Base64URL.stringify(new Uint8Array(signature))}`
     }
-    async verify(token, secret, options = { algorithm: 'HS256' }) {
+    async verify(token, secret, options = { algorithm: 'HS256', throwError: false }) {
         if (typeof options === 'string')
             options = { algorithm: options }
         if (typeof token !== 'string')
@@ -95,10 +95,16 @@ class JWT {
         if (!importAlgorithm)
             throw new Error('algorithm not found')
         const payload = this.decode(token)
-        if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1000))
+        if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1000)) {
+            if (options.throwError)
+                throw 'NOT_YET_VALID'
             return false
-        if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000))
+        }
+        if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000)) {
+            if (options.throwError)
+                throw 'EXPIRED'
             return false
+        }
         let keyFormat = 'raw'
         let keyData
         if (secret.startsWith('-----BEGIN')) {
diff --git a/package.json b/package.json
index b3b5a4e..c7fab46 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "1.1.7",
+  "version": "1.2.0",
   "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
   "main": "index.js",
   "repository": {