2.1.1

Revert "support for base64 secrets"
This reverts commit 67f1a8e5ed.
2022-10-09 20:48:01 +02:00 · 2022-10-09 20:47:29 +02:00
3 changed files with 20 additions and 22 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.1.0",
+  "version": "2.1.1",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "@tsndr/cloudflare-worker-jwt",
-      "version": "2.1.0",
+      "version": "2.1.1",
      "license": "MIT",
      "devDependencies": {
        "@cloudflare/workers-types": "^3.13.0",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "2.1.0",
+  "version": "2.1.1",
  "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
  "main": "index.js",
  "types": "index.d.ts",
--- a/src/index.ts
+++ b/src/index.ts
@@ -129,17 +129,6 @@ const algorithms: JwtAlgorithms = {
    RS512: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-512' } }
 }

-function _parseSecret(secret: string): { raw: boolean, key: ArrayBuffer } {
-    if (secret.startsWith('-----BEGIN'))
-        return { raw: false, key: _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, '')) }
-
-    // Check for Base64
-    if (/^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/.test(secret))
-        return { raw: true, key: base64UrlParse(secret) }
-    else
-        return { raw: true, key: _utf8ToUint8Array(secret) }
-}
-
 function _utf8ToUint8Array(str: string): Uint8Array {
    return base64UrlParse(btoa(unescape(encodeURIComponent(str))))
 }
@@ -211,9 +200,14 @@ export async function sign(payload: JwtPayload, secret: string, options: JwtSign

    const payloadAsJSON = JSON.stringify(payload)
    const partialToken = `${base64UrlStringify(_utf8ToUint8Array(JSON.stringify({ ...options.header, alg: options.algorithm })))}.${base64UrlStringify(_utf8ToUint8Array(payloadAsJSON))}`
-    const parsedSecret = _parseSecret(secret)
-
-    const key = await crypto.subtle.importKey(parsedSecret.raw ? 'raw' : 'pkcs8', parsedSecret.key, algorithm, false, ['sign'])
+    let keyFormat = 'raw'
+    let keyData
+    if (secret.startsWith('-----BEGIN')) {
+        keyFormat = 'pkcs8'
+        keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, ''))
+    } else
+        keyData = _utf8ToUint8Array(secret)
+    const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['sign'])
    const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken))

    return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}`
@@ -275,11 +269,15 @@ export async function verify(token: string, secret: string, options: JwtVerifyOp

        return false
    }
-
-    const parsedSecret = _parseSecret(secret)
-    const key = await crypto.subtle.importKey(parsedSecret.raw ? 'raw' : 'spki', parsedSecret.key, algorithm, false, ['verify'])
-
-    return crypto.subtle.verify(algorithm, key, base64UrlParse(tokenParts[2]), _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`))
+    let keyFormat = 'raw'
+    let keyData
+    if (secret.startsWith('-----BEGIN')) {
+        keyFormat = 'spki'
+        keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, ''))
+    } else
+        keyData = _utf8ToUint8Array(secret)
+    const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['verify'])
+    return await crypto.subtle.verify(algorithm, key, base64UrlParse(tokenParts[2]), _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`))
 }

 /**
Author	SHA1	Message	Date
Tobias Schneider	fb573d928a	2.1.1	2022-10-09 20:48:01 +02:00
Tobias Schneider	382ad66ea9	Revert "support for base64 secrets" This reverts commit `67f1a8e5ed`.	2022-10-09 20:47:29 +02:00