allow using cryptokey directly

2024-01-18 20:47:05 +01:00
1 changed files with 8 additions and 8 deletions
--- a/src/index.ts
+++ b/src/index.ts
@@ -211,7 +211,7 @@ function decodePayload<T = any>(raw: string): T | undefined {
 * Signs a payload and returns the token
 *
 * @param {JwtPayload} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
- * @param {string | JsonWebKey} secret A string which is used to sign the payload.
+ * @param {string | JsonWebKey | CryptoKey} secret A string which is used to sign the payload.
 * @param {JwtSignOptions | JwtAlgorithm | string} [options={ algorithm: 'HS256', header: { typ: 'JWT' } }] The options object or the algorithm.
 * @throws {Error} If there's a validation issue.
 * @returns {Promise<string>} Returns token as a `string`.
@@ -226,7 +226,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
        throw new Error('payload must be an object')
    if (!secret || (typeof secret !== 'string' && typeof secret !== 'object'))
-        throw new Error('secret must be a string or a JWK object')
+        throw new Error('secret must be a string, a JWK object or a CryptoKey object')
    if (typeof options.algorithm !== 'string')
        throw new Error('options.algorithm must be a string')
@@ -241,7 +241,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
    const partialToken = `${textToBase64Url(JSON.stringify({ ...options.header, alg: options.algorithm }))}.${textToBase64Url(JSON.stringify(payload))}`
-    const key = await importKey(secret, algorithm)
+    const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm)
    const signature = await crypto.subtle.sign(algorithm, key, textToArrayBuffer(partialToken))
    return `${partialToken}.${arrayBufferToBase64Url(signature)}`
@@ -251,12 +251,12 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
 * Verifies the integrity of the token and returns a boolean value.
 *
 * @param {string} token The token string generated by `jwt.sign()`.
- * @param {string | JsonWebKey} secret The string which was used to sign the payload.
+ * @param {string | JsonWebKey | CryptoKey} secret The string which was used to sign the payload.
 * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
 * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
 * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`.
 */
-export async function verify(token: string, secret: string | JsonWebKey, options: JwtVerifyOptions | JwtAlgorithm = { algorithm: 'HS256', throwError: false }): Promise<boolean> {
+export async function verify(token: string, secret: string | JsonWebKey | CryptoKey, options: JwtVerifyOptions | JwtAlgorithm = { algorithm: 'HS256', throwError: false }): Promise<boolean> {
    if (typeof options === 'string')
        options = { algorithm: options, throwError: false }
@@ -266,7 +266,7 @@ export async function verify(token: string, secret: string | JsonWebKey, options
        throw new Error('token must be a string')
    if (typeof secret !== 'string' && typeof secret !== 'object')
-        throw new Error('secret must be a string or a JWK object')
+        throw new Error('secret must be a string, a JWK object or a CryptoKey object')
    if (typeof options.algorithm !== 'string')
        throw new Error('options.algorithm must be a string')
@@ -293,7 +293,7 @@ export async function verify(token: string, secret: string | JsonWebKey, options
        if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000))
            throw new Error('EXPIRED')
-        const key = await importKey(secret, algorithm)
+        const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm)
        return await crypto.subtle.verify(algorithm, key, base64UrlToArrayBuffer(tokenParts[2]), textToArrayBuffer(`${tokenParts[0]}.${tokenParts[1]}`))
    } catch(err) {