2.4.7

add algorithm to header
clean up
2024-02-21 21:12:20 +01:00 · 2024-02-21 21:04:15 +01:00 · 2024-02-21 21:03:44 +01:00
4 changed files with 26 additions and 11 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.4.6",
+  "version": "2.4.7",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@tsndr/cloudflare-worker-jwt",
-      "version": "2.4.6",
+      "version": "2.4.7",
      "license": "MIT",
      "devDependencies": {
        "@cloudflare/workers-types": "^4.20240208.0",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.4.6",
+  "version": "2.4.7",
  "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
  "type": "module",
  "exports": "./index.js",
--- a/src/index.ts
+++ b/src/index.ts
@@ -34,6 +34,13 @@ export type JwtHeader<T = {}> = {
     * @default "JWT"
     */
    typ?: string
+
+    /**
+     * Algorithm (default: `"HS256"`)
+     *
+     * @default "HS256"
+     */
+    alg?: JwtAlgorithm
 } & T

 /**
@@ -196,7 +203,13 @@ export async function verify(token: string, secret: string | JsonWebKey | Crypto
    if (!algorithm)
        throw new Error('algorithm not found')

-    const { payload } = decode(token)
+    const { header, payload } = decode(token)
+
+    if (header?.alg !== options.algorithm) {
+        if (options.throwError)
+            throw new Error('ALG_MISMATCH')
+        return false
+    }

    try {
        if (!payload)
@@ -214,7 +227,6 @@ export async function verify(token: string, secret: string | JsonWebKey | Crypto
    } catch(err) {
        if (options.throwError)
            throw err
-
        return false
    }
 }
--- a/src/test.ts
+++ b/src/test.ts
@@ -0,0 +1,3 @@
+import { sign } from './index'
+
+console.log(await sign())
Author	SHA1	Message	Date
Toby	78554d9332	2.4.7	2024-02-21 21:12:20 +01:00
Toby	dff880c02d	add algorithm to header	2024-02-21 21:04:15 +01:00
Toby	cf24b34f63	clean up	2024-02-21 21:03:44 +01:00