Update docs

.decode() syntax change to support headers
.verify() bugfix
2022-06-04 17:29:50 +02:00 · 2022-06-04 17:23:53 +02:00 · 2022-06-04 14:53:59 +02:00 · 2022-06-04 14:40:06 +02:00
5 changed files with 46 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ async () => {
        return
    // Decoding token
-    const payload = jwt.decode(token)
+    const { payload } = jwt.decode(token)
 }
 ```
@@ -62,15 +62,20 @@ async () => {
        return
    // Decoding token
-    const payload = jwt.decode(token) // { name: 'John Doe', email: 'john.doe@gmail.com', ... }
+    const { payload } = jwt.decode(token) // { name: 'John Doe', email: 'john.doe@gmail.com', ... }
 }
 ```
 ## Usage
 - [Sign](#sign)
 - [Verify](#verify)
 - [Decode](#decode)
 <hr>
-### `jwt.sign(payload, secret, [options])`
+### Sign
 #### `jwt.sign(payload, secret, [options])`
 Signs a payload and returns the token.
@@ -87,7 +92,8 @@ Returns token as a `string`.
 <hr>
-### `jwt.verify(token, secret, [options])`
+### Verify
 #### `jwt.verify(token, secret, [options])`
 Verifies the integrity of the token and returns a boolean value.
@@ -102,7 +108,8 @@ Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherw
 <hr>
-### `jwt.decode(token)`
+### Decode
 #### `jwt.decode(token)`
 Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
@@ -111,7 +118,19 @@ Argument    | Type     | Satus    | Default | Description
 `token`     | `string` | required | -       | The token string generated by `jwt.sign()`.
 #### `return`
-Returns payload `object`.
+Returns an `object` containing `header` and `payload`:
 ```javascript
 {
    header: {
        alg: 'HS256',
        typ: 'JWT'
    },
    payload: {
        name: 'John Doe',
        email: 'john.doe@gmail.com'
    }
 }
 ```
 ### Available Algorithms
 - ES256
--- a/index.d.ts
+++ b/index.d.ts
@@ -33,9 +33,9 @@ declare class JWT {
     * Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
     * 
     * @param {string} token The token string generated by `jwt.sign()`.
-     * @returns {object | null} Returns payload `object`.
+     * @returns {JWTDecodeReturn} Returns an `object` containing `header` and `payload`.
     */
-    decode(token: string): object | null
+    decode(token: string): JWTDecodeReturn
 }
 declare const _exports: JWT
@@ -52,4 +52,9 @@ type JWTVerifyOptions = {
    throwError?: boolean
 }
 type JWTDecodeReturn = {
    header: object,
    payload: object
 }
 export = _exports
--- a/index.js
+++ b/index.js
@@ -113,10 +113,13 @@ class JWT {
        } else
            keyData = this._utf8ToUint8Array(secret)
        const key = await crypto.subtle.importKey(keyFormat, keyData, importAlgorithm, false, ['verify'])
-        return await crypto.subtle.verify(importAlgorithm, key, Base64URL.parse(tokenParts[2]), `${tokenParts[0]}.${tokenParts[1]}`)
+        return await crypto.subtle.verify(importAlgorithm, key, Base64URL.parse(tokenParts[2]), this._utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`))
    }
    decode(token) {
-        return this._decodePayload(token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/'))
+        return {
            header: this._decodePayload(token.split('.')[0].replace(/-/g, '+').replace(/_/g, '/')),
            payload: this._decodePayload(token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/'))
        }
    }
 }
--- a/index.test.js
+++ b/index.test.js
@@ -1,4 +1,4 @@
-const { subtle } = require('crypto').webcrypto
+const { subtle } = require('node:crypto').webcrypto
 Object.defineProperty(global, 'crypto', {
    value: { subtle }
 })
@@ -115,12 +115,14 @@ test.each(Object.entries(secrets))(`Self test: %s`, async (algorithm, key) => {
        privateKey = key.private
        publicKey = key.public
    }
    const token = await JWT.sign(testPayload, privateKey, { algorithm })
    expect(token).toMatch(/^[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+$/)
    const verified = await JWT.verify(token, publicKey, { algorithm })
    expect(verified).toBeTruthy()
-    const payload = JWT.decode(token)
+    
-    expect(payload).toBeTruthy()
+    const { payload } = JWT.decode(token)
    expect({
        sub: payload.sub,
        name: payload.name
@@ -151,9 +153,11 @@ test.each(Object.entries(externalTokens))('Verify external tokens: %s', async (a
        privateKey = key.private
        publicKey = key.public
    }
    const verified = await JWT.verify(token, publicKey, { algorithm })
    expect(verified).toBeTruthy()
-    const payload = JWT.decode(token)
+
    const { payload } = JWT.decode(token)
    expect({
        sub: payload.sub,
        name: payload.name
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "1.3.0",
+  "version": "1.4.0",
  "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
  "main": "index.js",
  "scripts": {
Author	SHA1	Message	Date
Tobias Schneider	f846695242	Update docs	2022-06-04 17:29:50 +02:00
Tobias Schneider	695e1c0dfe	`.decode()` syntax change to support headers	2022-06-04 17:23:53 +02:00
Tobias Schneider	64da4c625f	`.verify()` bugfix	2022-06-04 14:53:59 +02:00
Tobias Schneider	e4038ae0a7	Just to make sure	2022-06-04 14:40:06 +02:00