Update readme

Add support for RSA algorithm

.github/workflows/lint.yml

@@ -1,19 +0,0 @@
-name: Lint
-
-on:
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Use Node.js
-        uses: actions/setup-node@v1
-        with:
-          node-version: 15.x
-      - run: npm ci
-      - run: npm run lint --if-present

README.md

@@ -95,7 +95,7 @@ Argument    | Type     | Satus    | Default | Description
 ----------- | -------- | -------- | ------- | -----------
 `token`     | `string` | required | -       | The token string generated by `jwt.sign()`.
 `secret`    | `string` | required | -       | The string which was used to sign the payload.
-`algorithm` | `object`, `string` | optional | `{ algorithm: 'HS256' }` | The options object supporting `algorithm` or just the algorithm string. (See [Available Algorithms](#available-algorithms))
+`algorithm` | `object`, `string` | optional | `{ algorithm: 'HS256', throwError: false }` | The options object supporting `algorithm` or just the algorithm string. (See [Available Algorithms](#available-algorithms))
 
 #### `return`
 Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 
@@ -120,3 +120,6 @@ Returns payload `object`.
  - HS256
  - HS384
  - HS512
+ - RS256
+ - RS384
+ - RS512

index.d.ts

@@ -13,6 +13,7 @@ declare class JWT {
      * @param {object} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
      * @param {string} secret A string which is used to sign the payload.
      * @param {JWTSignOptions | JWTAlgorithm} options The options object or the algorithm.
+     * @throws {Error} If there's a validation issue.
      * @returns {Promise<string>} Returns token as a `string`.
      */
     sign(payload: object, secret: string, options?: JWTSignOptions | JWTAlgorithm): Promise<string>
@@ -23,6 +24,7 @@ declare class JWT {
      * @param {string} token The token string generated by `jwt.sign()`.
      * @param {string} secret The string which was used to sign the payload.
      * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
+     * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
      * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 
      */
     verify(token: string, secret: string, options?: JWTVerifyOptions | JWTAlgorithm): Promise<boolean>
@@ -37,7 +39,7 @@ declare class JWT {
 }
 declare const _exports: JWT
 
-type JWTAlgorithm = 'ES256' | 'ES384' | 'ES512' | 'HS256' | 'HS384' | 'HS512'
+type JWTAlgorithm = 'ES256' | 'ES384' | 'ES512' | 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512'
 
 type JWTSignOptions = {
     algorithm?: JWTAlgorithm,
@@ -46,6 +48,7 @@ type JWTSignOptions = {
 
 type JWTVerifyOptions = {
     algorithm?: JWTAlgorithm
+    throwError?: boolean
 }
 
 export = _exports

index.js

@@ -9,7 +9,7 @@ class Base64URL {
 
 class JWT {
     constructor() {
-        if (!crypto || !crypto.subtle)
+        if (typeof crypto === 'undefined' || !crypto.subtle)
             throw new Error('Crypto not supported!')
         this.algorithms = {
             ES256: { name: 'ECDSA', namedCurve: 'P-256', hash: { name: 'SHA-256' } },
@@ -17,7 +17,10 @@ class JWT {
             ES512: { name: 'ECDSA', namedCurve: 'P-512', hash: { name: 'SHA-512' } },
             HS256: { name: 'HMAC', hash: { name: 'SHA-256' } },
             HS384: { name: 'HMAC', hash: { name: 'SHA-384' } },
-            HS512: { name: 'HMAC', hash: { name: 'SHA-512' } }
+            HS512: { name: 'HMAC', hash: { name: 'SHA-512' } },
+            RS256: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } },
+            RS384: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-384' } },
+            RS512: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-512' } },
         }
     }
     _utf8ToUint8Array(str) {
@@ -76,7 +79,7 @@ class JWT {
         const signature = await crypto.subtle.sign(importAlgorithm, key, this._utf8ToUint8Array(partialToken))
         return `${partialToken}.${Base64URL.stringify(new Uint8Array(signature))}`
     }
-    async verify(token, secret, options = { algorithm: 'HS256' }) {
+    async verify(token, secret, options = { algorithm: 'HS256', throwError: false }) {
         if (typeof options === 'string')
             options = { algorithm: options }
         if (typeof token !== 'string')
@@ -92,10 +95,16 @@ class JWT {
         if (!importAlgorithm)
             throw new Error('algorithm not found')
         const payload = this.decode(token)
-        if (payload.nbf && payload.nbf >= Math.floor(Date.now() / 1000))
+        if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1000)) {
+            if (options.throwError)
+                throw 'NOT_YET_VALID'
             return false
-        if (payload.exp && payload.exp < Math.floor(Date.now() / 1000))
+        }
+        if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000)) {
+            if (options.throwError)
+                throw 'EXPIRED'
             return false
+        }
         let keyFormat = 'raw'
         let keyData
         if (secret.startsWith('-----BEGIN')) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "1.1.5",
+  "version": "1.2.0",
   "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
   "main": "index.js",
   "repository": {