2.5.3

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.5.1",
+  "version": "2.5.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@tsndr/cloudflare-worker-jwt",
-      "version": "2.5.1",
+      "version": "2.5.3",
       "license": "MIT",
       "devDependencies": {
         "@cloudflare/workers-types": "^4.20240208.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.5.1",
+  "version": "2.5.3",
   "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
   "type": "module",
   "exports": "./index.js",

src/index.ts

@@ -221,10 +221,10 @@ export async function verify(token: string, secret: string | JsonWebKey | Crypto
 
         const now = Math.floor(Date.now() / 1000)
 
-        if (payload.nbf && payload.nbf > now && Math.abs(payload.nbf - now) > (options.clockTolerance ?? 0))
+        if (payload.nbf && payload.nbf > now && (payload.nbf - now) > (options.clockTolerance ?? 0))
             throw new Error("NOT_YET_VALID")
 
-        if (payload.exp && payload.exp <= now && Math.abs(payload.exp - now) > (options.clockTolerance ?? 0))
+        if (payload.exp && payload.exp <= now && (now - payload.exp) > (options.clockTolerance ?? 0))
             throw new Error("EXPIRED")
 
         const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["verify"])

src/utils.ts

@@ -23,7 +23,7 @@ export function base64StringToArrayBuffer(b64str: string): ArrayBuffer {
 }
 
 export function textToArrayBuffer(str: string): ArrayBuffer {
-    return byteStringToBytes(decodeURI(encodeURIComponent(str)))
+    return byteStringToBytes(str)
 }
 
 export function arrayBufferToText(arrayBuffer: ArrayBuffer): string {