Docs fix

2022-06-04 22:29:46 +02:00 · 2022-06-04 22:29:30 +02:00 · 2022-06-04 17:43:48 +02:00 · 2022-06-04 17:43:11 +02:00 · 2022-06-04 17:42:33 +02:00 · 2022-06-04 17:40:47 +02:00
6 changed files with 55 additions and 18 deletions
--- a/README.md
+++ b/README.md
@@ -8,6 +8,9 @@ A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.
 - [Install](#install)
 - [Examples](#examples)
 - [Usage](#usage)
+    - [Sign](#sign)
+    - [Verify](#verify)
+    - [Decode](#decode)


 ## Install
@@ -36,7 +39,7 @@ async () => {
        return

    // Decoding token
-    const payload = jwt.decode(token)
+    const { payload } = jwt.decode(token)
 }
 ```

@@ -62,15 +65,20 @@ async () => {
        return

    // Decoding token
-    const payload = jwt.decode(token) // { name: 'John Doe', email: 'john.doe@gmail.com', ... }
+    const { payload } = jwt.decode(token) // { name: 'John Doe', email: 'john.doe@gmail.com', ... }
 }
 ```

 ## Usage

+- [Sign](#sign)
+- [Verify](#verify)
+- [Decode](#decode)
+
 <hr>

-### `jwt.sign(payload, secret, [options])`
+### Sign
+#### `jwt.sign(payload, secret, [options])`

 Signs a payload and returns the token.

@@ -80,14 +88,15 @@ Argument    | Type     | Satus    | Default | Description
 ----------- | -------- | -------- | ------- | -----------
 `payload`   | `object` | required | -       | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
 `secret`    | `string` | required | -       | A string which is used to sign the payload.
-`options`   | `object`, `string` | optional | `{ algorithm: 'HS256' }` | The options object supporting `algorithm` and `keyid` or just the algorithm string. (See [Available Algorithms](#available-algorithms))
+`options`   | `object` | optional | `{ algorithm: 'HS256' }` | The options object supporting `algorithm` and `keyid`. (See [Available Algorithms](#available-algorithms))

 #### `return`
 Returns token as a `string`.

 <hr>

-### `jwt.verify(token, secret, [options])`
+### Verify
+#### `jwt.verify(token, secret, [options])`

 Verifies the integrity of the token and returns a boolean value.

@@ -95,14 +104,18 @@ Argument    | Type     | Satus    | Default | Description
 ----------- | -------- | -------- | ------- | -----------
 `token`     | `string` | required | -       | The token string generated by `jwt.sign()`.
 `secret`    | `string` | required | -       | The string which was used to sign the payload.
-`algorithm` | `object`, `string` | optional | `{ algorithm: 'HS256', throwError: false }` | The options object supporting `algorithm` or just the algorithm string. (See [Available Algorithms](#available-algorithms))
+`options`   | `object` | optional | `{ algorithm: 'HS256', throwError: false }` | The options object supporting `algorithm` and `throwError`. (See [Available Algorithms](#available-algorithms))
+
+#### `throws`
+If `options.throwError` is `true` and the token is invalid, an error will be thrown.

 #### `return`
 Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 

 <hr>

-### `jwt.decode(token)`
+### Decode
+#### `jwt.decode(token)`

 Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!

@@ -111,7 +124,19 @@ Argument    | Type     | Satus    | Default | Description
 `token`     | `string` | required | -       | The token string generated by `jwt.sign()`.

 #### `return`
-Returns payload `object`.
+Returns an `object` containing `header` and `payload`:
+```javascript
+{
+    header: {
+        alg: 'HS256',
+        typ: 'JWT'
+    },
+    payload: {
+        name: 'John Doe',
+        email: 'john.doe@gmail.com'
+    }
+}
+```

 ### Available Algorithms
 - ES256
--- a/index.d.ts
+++ b/index.d.ts
@@ -33,9 +33,9 @@ declare class JWT {
     * Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
     * 
     * @param {string} token The token string generated by `jwt.sign()`.
-     * @returns {object | null} Returns payload `object`.
+     * @returns {JWTDecodeReturn} Returns an `object` containing `header` and `payload`.
     */
-    decode(token: string): object | null
+    decode(token: string): JWTDecodeReturn
 }
 declare const _exports: JWT

@@ -52,4 +52,9 @@ type JWTVerifyOptions = {
    throwError?: boolean
 }

+type JWTDecodeReturn = {
+    header: object,
+    payload: object
+}
+
 export = _exports
--- a/index.js
+++ b/index.js
@@ -113,10 +113,13 @@ class JWT {
        } else
            keyData = this._utf8ToUint8Array(secret)
        const key = await crypto.subtle.importKey(keyFormat, keyData, importAlgorithm, false, ['verify'])
-        return await crypto.subtle.verify(importAlgorithm, key, Base64URL.parse(tokenParts[2]), `${tokenParts[0]}.${tokenParts[1]}`)
+        return await crypto.subtle.verify(importAlgorithm, key, Base64URL.parse(tokenParts[2]), this._utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`))
    }
    decode(token) {
-        return this._decodePayload(token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/'))
+        return {
+            header: this._decodePayload(token.split('.')[0].replace(/-/g, '+').replace(/_/g, '/')),
+            payload: this._decodePayload(token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/'))
+        }
    }
 }

--- a/index.test.js
+++ b/index.test.js
@@ -1,4 +1,4 @@
-const { subtle } = require('crypto').webcrypto
+const { subtle } = require('node:crypto').webcrypto
 Object.defineProperty(global, 'crypto', {
    value: { subtle }
 })
@@ -115,12 +115,14 @@ test.each(Object.entries(secrets))(`Self test: %s`, async (algorithm, key) => {
        privateKey = key.private
        publicKey = key.public
    }
+    
    const token = await JWT.sign(testPayload, privateKey, { algorithm })
    expect(token).toMatch(/^[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+$/)
+    
    const verified = await JWT.verify(token, publicKey, { algorithm })
    expect(verified).toBeTruthy()
-    const payload = JWT.decode(token)
-    expect(payload).toBeTruthy()
+    
+    const { payload } = JWT.decode(token)
    expect({
        sub: payload.sub,
        name: payload.name
@@ -151,9 +153,11 @@ test.each(Object.entries(externalTokens))('Verify external tokens: %s', async (a
        privateKey = key.private
        publicKey = key.public
    }
+    
    const verified = await JWT.verify(token, publicKey, { algorithm })
    expect(verified).toBeTruthy()
-    const payload = JWT.decode(token)
+
+    const { payload } = JWT.decode(token)
    expect({
        sub: payload.sub,
        name: payload.name
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "1.2.0",
+  "version": "1.4.1",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "1.3.0",
+  "version": "1.4.2",
  "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
  "main": "index.js",
  "scripts": {
Author	SHA1	Message	Date
Tobias Schneider	cb6209b1b6	Docs fix	2022-06-04 22:29:46 +02:00
Tobias Schneider	8f4e5e3199	Docs fix	2022-06-04 22:29:30 +02:00
Tobias Schneider	594cdd6c05	Docs fix	2022-06-04 17:43:48 +02:00
Tobias Schneider	f85abf30a8	Update docs	2022-06-04 17:43:11 +02:00
Tobias Schneider	095b1d43f3	Update docs	2022-06-04 17:42:33 +02:00
Tobias Schneider	0bc128fec1	Update docs	2022-06-04 17:40:47 +02:00
Tobias Schneider	f846695242	Update docs	2022-06-04 17:29:50 +02:00
Tobias Schneider	695e1c0dfe	`.decode()` syntax change to support headers	2022-06-04 17:23:53 +02:00
Tobias Schneider	64da4c625f	`.verify()` bugfix	2022-06-04 14:53:59 +02:00
Tobias Schneider	e4038ae0a7	Just to make sure	2022-06-04 14:40:06 +02:00