2.5.4

update dev dependencies
npm audit fix
2024-09-28 02:27:55 +02:00 · 2024-09-28 02:27:45 +02:00 · 2024-09-28 02:26:51 +02:00 · 2024-09-28 02:24:48 +02:00 · 2024-07-15 22:13:45 +02:00 · 2024-06-23 23:00:40 +02:00
5 changed files with 987 additions and 758 deletions
--- a/README.md
+++ b/README.md
@@ -86,11 +86,11 @@ Signs a payload and returns the token.
 Argument                 | Type               | Status   | Default     | Description
 ------------------------ | ------------------ | -------- | ----------- | -----------
-`payload`                | `object`           | required | -           | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
+`payload`                | `object`                            | required | -           | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
-`secret`                 | `string`           | required | -           | A string which is used to sign the payload.
+`secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -           | A string which is used to sign the payload.
-`options`                | `string`, `object` | optional | `HS256`     | Either the `algorithm` string or an object.
+`options`                | `string`, `object`                  | optional | `HS256`     | Either the `algorithm` string or an object.
-`options.algorithm`      | `string`           | optional | `HS256`     | See [Available Algorithms](#available-algorithms)
+`options.algorithm`      | `string`                            | optional | `HS256`     | See [Available Algorithms](#available-algorithms)
-`options.keyid`          | `string`           | optional | `undefined` | The `keyid` or `kid` to be set in the header of the resulting JWT.
+`options.keyid`          | `string`                            | optional | `undefined` | The `keyid` or `kid` to be set in the header of the resulting JWT.
 #### `return`
 Returns token as a `string`.
@@ -104,12 +104,12 @@ Verifies the integrity of the token and returns a boolean value.
 Argument                 | Type               | Status   | Default | Description
 ------------------------ | ------------------ | -------- | ------- | -----------
-`token`                  | `string`           | required | -       | The token string generated by `jwt.sign()`.
+`token`                  | `string`                            | required | -       | The token string generated by `jwt.sign()`.
-`secret`                 | `string`           | required | -       | The string which was used to sign the payload.
+`secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -       | The string which was used to sign the payload.
-`options`                | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object.
+`options`                | `string`, `object`                  | optional | `HS256` | Either the `algorithm` string or an object.
-`options.algorithm`      | `string`           | optional | `HS256` | See [Available Algorithms](#available-algorithms)
+`options.algorithm`      | `string`                            | optional | `HS256` | See [Available Algorithms](#available-algorithms)
-`options.clockTolerance` | `number`           | optional | `0`     | Clock tolerance in seconds, to help with slighly out of sync systems.
+`options.clockTolerance` | `number`                            | optional | `0`     | Clock tolerance in seconds, to help with slighly out of sync systems.
-`options.throwError`     | `boolean`          | optional | `false` | By default this we will only throw implementation errors, only set this to `true` if you want verification errors to be thrown as well.
+`options.throwError`     | `boolean`                           | optional | `false` | By default this we will only throw implementation errors, only set this to `true` if you want verification errors to be thrown as well.
 #### `throws`
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.5.1",
+  "version": "2.5.4",
  "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
  "type": "module",
  "exports": "./index.js",
@@ -30,9 +30,10 @@
  },
  "homepage": "https://github.com/tsndr/cloudflare-worker-jwt#readme",
  "devDependencies": {
-    "@cloudflare/workers-types": "^4.20240208.0",
+    "@cloudflare/workers-types": "^4.20240925.0",
-    "@edge-runtime/vm": "^3.2.0",
+    "@edge-runtime/vm": "^4.0.3",
-    "typescript": "^5.3.3",
+    "esbuild": "^0.24.0",
-    "vitest": "^1.3.1"
+    "typescript": "^5.6.2",
    "vitest": "^2.1.1"
  }
 }
--- a/src/index.ts
+++ b/src/index.ts
@@ -143,7 +143,7 @@ const algorithms: JwtAlgorithms = {
 * @throws {Error} If there"s a validation issue.
 * @returns {Promise<string>} Returns token as a `string`.
 */
-export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKey, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
+export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKey | CryptoKey, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
    if (typeof options === "string")
        options = { algorithm: options }
@@ -221,10 +221,10 @@ export async function verify(token: string, secret: string | JsonWebKey | Crypto
        const now = Math.floor(Date.now() / 1000)
-        if (payload.nbf && payload.nbf > now && Math.abs(payload.nbf - now) > (options.clockTolerance ?? 0))
+        if (payload.nbf && payload.nbf > now && (payload.nbf - now) > (options.clockTolerance ?? 0))
            throw new Error("NOT_YET_VALID")
-        if (payload.exp && payload.exp <= now && Math.abs(payload.exp - now) > (options.clockTolerance ?? 0))
+        if (payload.exp && payload.exp <= now && (now - payload.exp) > (options.clockTolerance ?? 0))
            throw new Error("EXPIRED")
        const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["verify"])
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -23,7 +23,7 @@ export function base64StringToArrayBuffer(b64str: string): ArrayBuffer {
 }
 export function textToArrayBuffer(str: string): ArrayBuffer {
-    return byteStringToBytes(decodeURI(encodeURIComponent(str)))
+    return byteStringToBytes(str)
 }
 export function arrayBufferToText(arrayBuffer: ArrayBuffer): string {
Author	SHA1	Message	Date
Toby	674ff1ddb5	2.5.4	2024-09-28 02:27:55 +02:00
Toby	9b5be8b554	update dev dependencies	2024-09-28 02:27:45 +02:00
Toby	fc72ce01d5	npm audit fix	2024-09-28 02:26:51 +02:00
Abiria	b46db60e45	fix: include `esbuild` as `devDependency`	2024-09-28 02:24:48 +02:00
Toby	2d7eed49da	audit fix	2024-07-15 22:13:45 +02:00
Denbeigh Stevens	7468a3e102	fix sign/verify secret typing	2024-06-23 23:00:40 +02:00
Toby	8a75c24253	2.5.3	2024-03-08 21:58:04 +01:00
Kendell R	38b8c3e2d3	Don't break `=`	2024-03-08 21:57:22 +01:00
Toby	e49bada1a5	2.5.2	2024-03-01 20:32:48 +01:00
Toby	c75c26044f	remove math abs	2024-03-01 20:31:24 +01:00