tsndr/cloudflare-worker-jwt
1
0
Fork 0
Code Activity

support for base64 secrets

Browse Source
This commit is contained in:
badoge
2022-10-02 16:54:28 -07:00
committed by GitHub
parent fe1baf46b4
commit 67f1a8e5ed
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/index.ts
View File

@@ -129,6 +129,8 @@ const algorithms: JwtAlgorithms = {
RS512: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-512' } } RS512: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-512' } }
} }
const base64regex = /^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/;
function _utf8ToUint8Array(str: string): Uint8Array { function _utf8ToUint8Array(str: string): Uint8Array {
return base64UrlParse(btoa(unescape(encodeURIComponent(str)))) return base64UrlParse(btoa(unescape(encodeURIComponent(str))))
} }
@@ -193,8 +195,13 @@ export async function sign(payload: JwtPayload, secret: string, options: JwtSign
if (secret.startsWith('-----BEGIN')) { if (secret.startsWith('-----BEGIN')) {
keyFormat = 'pkcs8' keyFormat = 'pkcs8'
keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, '')) keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, ''))
} else } else{
keyData = _utf8ToUint8Array(secret) if (base64regex.test(secret)) {
keyData = base64UrlParse(secret)
} else {
keyData = _utf8ToUint8Array(secret)
}
}
const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['sign']) const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['sign'])
const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken)) const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken))
return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}` return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}`
@@ -246,8 +253,13 @@ export async function verify(token: string, secret: string, options: JwtVerifyOp
if (secret.startsWith('-----BEGIN')) { if (secret.startsWith('-----BEGIN')) {
keyFormat = 'spki' keyFormat = 'spki'
keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, '')) keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, ''))
} else } else{
keyData = _utf8ToUint8Array(secret) if (base64regex.test(secret)) {
keyData = base64UrlParse(secret)
} else {
keyData = _utf8ToUint8Array(secret)
}
}
const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['verify']) const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['verify'])
return await crypto.subtle.verify(algorithm, key, base64UrlParse(tokenParts[2]), _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`)) return await crypto.subtle.verify(algorithm, key, base64UrlParse(tokenParts[2]), _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`))
} }