Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
82c8402a98
|
|||
|
657cd99e56
|
|||
|
2420f57628
|
|||
|
1b4c93adb2
|
|||
|
06c5605bf2
|
|||
|
a4edaba6f0
|
|||
|
b2a3b4c25f
|
|||
|
c691324515
|
|||
|
66385f323c
|
|||
|
1b6ac02f7c
|
|||
|
95e45e67f6
|
|||
|
5e6af9cf25
|
|||
|
d3d7e10b60
|
|||
|
fdaa618f65
|
|||
|
cce5a61777
|
20
.github/workflows/publish.yml
vendored
20
.github/workflows/publish.yml
vendored
@@ -1,8 +1,9 @@
|
||||
name: Publish
|
||||
run-name: Publish ${{ github.ref_name }}
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
types: [ published ]
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
@@ -13,18 +14,27 @@ jobs:
|
||||
with:
|
||||
node-version: latest
|
||||
registry-url: https://registry.npmjs.org/
|
||||
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
|
||||
- name: Run tests
|
||||
run: npm test
|
||||
|
||||
- name: Build
|
||||
run: npm run build
|
||||
|
||||
- name: Publish to npmjs
|
||||
run: npm publish --tag latest --access public
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
|
||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
run: npm publish --tag ${{ contains(github.ref_name, '-') && 'pre' || 'latest' }} --access public
|
||||
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: latest
|
||||
registry-url: https://npm.pkg.github.com/
|
||||
|
||||
- name: Publish to GPR
|
||||
run: npm publish --tag latest --access public
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: npm publish --tag ${{ contains(github.ref_name, '-') && 'pre' || 'latest' }} --access public
|
||||
31
.github/workflows/release.yml
vendored
Normal file
31
.github/workflows/release.yml
vendored
Normal file
@@ -0,0 +1,31 @@
|
||||
name: Release
|
||||
run-name: Release ${{ github.ref_name }}
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: latest
|
||||
registry-url: https://registry.npmjs.org/
|
||||
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
|
||||
- name: Run tests
|
||||
run: npm test
|
||||
|
||||
- name: Build
|
||||
run: npm run build
|
||||
|
||||
- name: Create release
|
||||
run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} ${{ contains(github.ref_name, '-') && '--prerelease --latest=false' || '--latest' }}
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
7
.github/workflows/test.yml
vendored
7
.github/workflows/test.yml
vendored
@@ -15,7 +15,12 @@ jobs:
|
||||
with:
|
||||
node-version: latest
|
||||
registry-url: https://registry.npmjs.org/
|
||||
|
||||
- name: Install dependencies
|
||||
run: npm ci
|
||||
|
||||
- name: Run tests
|
||||
run: npm test
|
||||
run: npm test
|
||||
|
||||
- name: Build
|
||||
run: npm run build
|
||||
21
README.md
21
README.md
@@ -24,18 +24,19 @@ npm i @tsndr/cloudflare-worker-jwt
|
||||
### Basic Example
|
||||
|
||||
```typescript
|
||||
import jwt from "@tsndr/cloudflare-worker-jwt"
|
||||
|
||||
async () => {
|
||||
import jwt from "@tsndr/cloudflare-worker-jwt"
|
||||
|
||||
// Create a token
|
||||
const token = await sign({
|
||||
const token = await jwt.sign({
|
||||
sub: "1234",
|
||||
name: "John Doe",
|
||||
email: "john.doe@gmail.com"
|
||||
}, "secret")
|
||||
|
||||
// Verify token
|
||||
const verifiedToken = await verify(token, "secret")
|
||||
const verifiedToken = await jwt.verify(token, "secret")
|
||||
|
||||
// Abort if token isn't valid
|
||||
if (!verifiedToken)
|
||||
@@ -52,11 +53,12 @@ async () => {
|
||||
### Restrict Timeframe
|
||||
|
||||
```typescript
|
||||
import jwt from "@tsndr/cloudflare-worker-jwt"
|
||||
|
||||
async () => {
|
||||
import jwt from "@tsndr/cloudflare-worker-jwt"
|
||||
|
||||
// Create a token
|
||||
const token = await sign({
|
||||
const token = await jwt.sign({
|
||||
sub: "1234",
|
||||
name: "John Doe",
|
||||
email: "john.doe@gmail.com",
|
||||
@@ -65,7 +67,7 @@ async () => {
|
||||
}, "secret")
|
||||
|
||||
// Verify token
|
||||
const verifiedToken = await verify(token, "secret")
|
||||
const verifiedToken = await jwt.verify(token, "secret")
|
||||
|
||||
// Abort if token isn't valid
|
||||
if (!verifiedToken)
|
||||
@@ -97,7 +99,7 @@ Signs a payload and returns the token.
|
||||
Argument | Type | Status | Default | Description
|
||||
------------------------ | ----------------------------------- | -------- | ----------- | -----------
|
||||
`payload` | `object` | required | - | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
|
||||
`secret` | `string`, `JsonWebKey`, `CryptoKey` | required | - | A string which is used to sign the payload.
|
||||
`secret` | `string`, `JsonWebKey`, `CryptoKey` | optional | - | A secret which is used to sign the payload.
|
||||
`options` | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object.
|
||||
`options.algorithm` | `string` | optional | `HS256` | See [Available Algorithms](#available-algorithms)
|
||||
`options.header` | `object` | optional | `undefined` | Extend the header of the resulting JWT.
|
||||
@@ -119,7 +121,7 @@ Verifies the integrity of the token.
|
||||
Argument | Type | Status | Default | Description
|
||||
------------------------ | ----------------------------------- | -------- | ------- | -----------
|
||||
`token` | `string` | required | - | The token string generated by `sign()`.
|
||||
`secret` | `string`, `JsonWebKey`, `CryptoKey` | required | - | The string which was used to sign the payload.
|
||||
`secret` | `string`, `JsonWebKey`, `CryptoKey` | optional | - | The secret which was used to sign the payload.
|
||||
`options` | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object.
|
||||
`options.algorithm` | `string` | optional | `HS256` | See [Available Algorithms](#available-algorithms)
|
||||
`options.clockTolerance` | `number` | optional | `0` | Clock tolerance in seconds, to help with slighly out of sync systems.
|
||||
@@ -186,4 +188,5 @@ Returns an `object` containing `header` and `payload`:
|
||||
|
||||
- `ES256`, `ES384`, `ES512`
|
||||
- `HS256`, `HS384`, `HS512`
|
||||
- `RS256`, `RS384`, `RS512`
|
||||
- `RS256`, `RS384`, `RS512`
|
||||
- `none`
|
||||
1314
package-lock.json
generated
1314
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
12
package.json
12
package.json
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@tsndr/cloudflare-worker-jwt",
|
||||
"version": "3.1.2",
|
||||
"version": "3.2.0",
|
||||
"description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
|
||||
"type": "module",
|
||||
"exports": "./index.js",
|
||||
@@ -30,10 +30,10 @@
|
||||
},
|
||||
"homepage": "https://github.com/tsndr/cloudflare-worker-jwt#readme",
|
||||
"devDependencies": {
|
||||
"@cloudflare/workers-types": "^4.20240925.0",
|
||||
"@edge-runtime/vm": "^4.0.3",
|
||||
"esbuild": "^0.24.0",
|
||||
"typescript": "^5.6.2",
|
||||
"vitest": "^2.1.1"
|
||||
"@cloudflare/workers-types": "^4.20250724.0",
|
||||
"@edge-runtime/vm": "^5.0.0",
|
||||
"esbuild": "^0.25.8",
|
||||
"typescript": "^5.8.3",
|
||||
"vitest": "^3.2.4"
|
||||
}
|
||||
}
|
||||
|
||||
43
src/index.ts
43
src/index.ts
@@ -1,7 +1,7 @@
|
||||
import {
|
||||
textToArrayBuffer,
|
||||
textToUint8Array,
|
||||
arrayBufferToBase64Url,
|
||||
base64UrlToArrayBuffer,
|
||||
base64UrlToUint8Array,
|
||||
textToBase64Url,
|
||||
importKey,
|
||||
decodePayload
|
||||
@@ -12,9 +12,9 @@ if (typeof crypto === "undefined" || !crypto.subtle)
|
||||
|
||||
/**
|
||||
* @typedef JwtAlgorithm
|
||||
* @type {"ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"}
|
||||
* @type {"none" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"}
|
||||
*/
|
||||
export type JwtAlgorithm = "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"
|
||||
export type JwtAlgorithm = "none" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"
|
||||
|
||||
/**
|
||||
* @typedef JwtAlgorithms
|
||||
@@ -118,11 +118,12 @@ export type JwtVerifyOptions = {
|
||||
* @prop {JwtPayload} payload
|
||||
*/
|
||||
export type JwtData<Payload = {}, Header = {}> = {
|
||||
header?: JwtHeader<Header>
|
||||
payload?: JwtPayload<Payload>
|
||||
header: JwtHeader<Header>
|
||||
payload: JwtPayload<Payload>
|
||||
}
|
||||
|
||||
const algorithms: JwtAlgorithms = {
|
||||
none: { name: "none" },
|
||||
ES256: { name: "ECDSA", namedCurve: "P-256", hash: { name: "SHA-256" } },
|
||||
ES384: { name: "ECDSA", namedCurve: "P-384", hash: { name: "SHA-384" } },
|
||||
ES512: { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-512" } },
|
||||
@@ -143,7 +144,7 @@ const algorithms: JwtAlgorithms = {
|
||||
* @throws If there"s a validation issue.
|
||||
* @returns Returns token as a `string`.
|
||||
*/
|
||||
export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKey | CryptoKey, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
|
||||
export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKeyWithKid | CryptoKey | undefined, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
|
||||
if (typeof options === "string")
|
||||
options = { algorithm: options }
|
||||
|
||||
@@ -152,7 +153,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
|
||||
if (!payload || typeof payload !== "object")
|
||||
throw new Error("payload must be an object")
|
||||
|
||||
if (!secret || (typeof secret !== "string" && typeof secret !== "object"))
|
||||
if (options.algorithm !== "none" && (!secret || (typeof secret !== "string" && typeof secret !== "object")))
|
||||
throw new Error("secret must be a string, a JWK object or a CryptoKey object")
|
||||
|
||||
if (typeof options.algorithm !== "string")
|
||||
@@ -168,8 +169,11 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
|
||||
|
||||
const partialToken = `${textToBase64Url(JSON.stringify({ ...options.header, alg: options.algorithm }))}.${textToBase64Url(JSON.stringify(payload))}`
|
||||
|
||||
const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["sign"])
|
||||
const signature = await crypto.subtle.sign(algorithm, key, textToArrayBuffer(partialToken))
|
||||
if (options.algorithm === "none")
|
||||
return partialToken
|
||||
|
||||
const key = secret instanceof CryptoKey ? secret : await importKey(secret!, algorithm, ["sign"])
|
||||
const signature = await crypto.subtle.sign(algorithm, key, textToUint8Array(partialToken))
|
||||
|
||||
return `${partialToken}.${arrayBufferToBase64Url(signature)}`
|
||||
}
|
||||
@@ -183,7 +187,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
|
||||
* @throws Throws integration errors and if `options.throwError` is set to `true` also throws `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`.
|
||||
* @returns Returns the decoded token or `undefined`.
|
||||
*/
|
||||
export async function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKey | CryptoKey, options: JwtVerifyOptions | JwtAlgorithm = "HS256"): Promise<JwtData<Payload, Header> | undefined> {
|
||||
export async function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKeyWithKid | CryptoKey | undefined, options: JwtVerifyOptions | JwtAlgorithm = "HS256"): Promise<JwtData<Payload, Header> | undefined> {
|
||||
if (typeof options === "string")
|
||||
options = { algorithm: options }
|
||||
options = { algorithm: "HS256", clockTolerance: 0, throwError: false, ...options }
|
||||
@@ -191,16 +195,18 @@ export async function verify<Payload = {}, Header = {}>(token: string, secret: s
|
||||
if (typeof token !== "string")
|
||||
throw new Error("token must be a string")
|
||||
|
||||
if (typeof secret !== "string" && typeof secret !== "object")
|
||||
if (options.algorithm !== "none" && typeof secret !== "string" && typeof secret !== "object")
|
||||
throw new Error("secret must be a string, a JWK object or a CryptoKey object")
|
||||
|
||||
if (typeof options.algorithm !== "string")
|
||||
throw new Error("options.algorithm must be a string")
|
||||
|
||||
const tokenParts = token.split(".")
|
||||
const tokenParts = token.split(".", 3)
|
||||
|
||||
if (tokenParts.length !== 3)
|
||||
throw new Error("token must consist of 3 parts")
|
||||
if (tokenParts.length < 2)
|
||||
throw new Error("token must consist of 2 or more parts")
|
||||
|
||||
const [ tokenHeader, tokenPayload, tokenSignature ] = tokenParts
|
||||
|
||||
const algorithm: SubtleCryptoImportKeyAlgorithm = algorithms[options.algorithm]
|
||||
|
||||
@@ -223,9 +229,12 @@ export async function verify<Payload = {}, Header = {}>(token: string, secret: s
|
||||
throw new Error("EXPIRED")
|
||||
}
|
||||
|
||||
const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["verify"])
|
||||
if (algorithm.name === "none")
|
||||
return decodedToken
|
||||
|
||||
if (!await crypto.subtle.verify(algorithm, key, base64UrlToArrayBuffer(tokenParts[2]), textToArrayBuffer(`${tokenParts[0]}.${tokenParts[1]}`)))
|
||||
const key = secret instanceof CryptoKey ? secret : await importKey(secret!, algorithm, ["verify"])
|
||||
|
||||
if (!await crypto.subtle.verify(algorithm, key, base64UrlToUint8Array(tokenSignature), textToUint8Array(`${tokenHeader}.${tokenPayload}`)))
|
||||
throw new Error("INVALID_SIGNATURE")
|
||||
|
||||
return decodedToken
|
||||
|
||||
32
src/utils.ts
32
src/utils.ts
@@ -20,11 +20,11 @@ export function arrayBufferToBase64String(arrayBuffer: ArrayBuffer): string {
|
||||
return btoa(bytesToByteString(new Uint8Array(arrayBuffer)))
|
||||
}
|
||||
|
||||
export function base64StringToArrayBuffer(b64str: string): ArrayBuffer {
|
||||
return byteStringToBytes(atob(b64str)).buffer
|
||||
export function base64StringToUint8Array(b64str: string): Uint8Array {
|
||||
return byteStringToBytes(atob(b64str))
|
||||
}
|
||||
|
||||
export function textToArrayBuffer(str: string): ArrayBuffer {
|
||||
export function textToUint8Array(str: string): Uint8Array {
|
||||
return byteStringToBytes(str)
|
||||
}
|
||||
|
||||
@@ -36,8 +36,8 @@ export function arrayBufferToBase64Url(arrayBuffer: ArrayBuffer): string {
|
||||
return arrayBufferToBase64String(arrayBuffer).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_")
|
||||
}
|
||||
|
||||
export function base64UrlToArrayBuffer(b64url: string): ArrayBuffer {
|
||||
return base64StringToArrayBuffer(b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, ""))
|
||||
export function base64UrlToUint8Array(b64url: string): Uint8Array {
|
||||
return base64StringToUint8Array(b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, ""))
|
||||
}
|
||||
|
||||
export function textToBase64Url(str: string): string {
|
||||
@@ -48,15 +48,15 @@ export function textToBase64Url(str: string): string {
|
||||
return btoa(binaryStr).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_")
|
||||
}
|
||||
|
||||
export function pemToBinary(pem: string): ArrayBuffer {
|
||||
return base64StringToArrayBuffer(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, ""))
|
||||
export function pemToBinary(pem: string): Uint8Array {
|
||||
return base64StringToUint8Array(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, ""))
|
||||
}
|
||||
|
||||
export async function importTextSecret(key: string, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
|
||||
return await crypto.subtle.importKey("raw", textToArrayBuffer(key), algorithm, true, keyUsages)
|
||||
return await crypto.subtle.importKey("raw", textToUint8Array(key), algorithm, true, keyUsages)
|
||||
}
|
||||
|
||||
export async function importJwk(key: JsonWebKey, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
|
||||
export async function importJwk(key: JsonWebKeyWithKid, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
|
||||
return await crypto.subtle.importKey("jwk", key, algorithm, true, keyUsages)
|
||||
}
|
||||
|
||||
@@ -68,7 +68,7 @@ export async function importPrivateKey(key: string, algorithm: SubtleCryptoImpor
|
||||
return await crypto.subtle.importKey("pkcs8", pemToBinary(key), algorithm, true, keyUsages)
|
||||
}
|
||||
|
||||
export async function importKey(key: string | JsonWebKey, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
|
||||
export async function importKey(key: string | JsonWebKeyWithKid, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
|
||||
if (typeof key === "object")
|
||||
return importJwk(key, algorithm, keyUsages)
|
||||
|
||||
@@ -84,13 +84,9 @@ export async function importKey(key: string | JsonWebKey, algorithm: SubtleCrypt
|
||||
return importTextSecret(key, algorithm, keyUsages)
|
||||
}
|
||||
|
||||
export function decodePayload<T = any>(raw: string): T | undefined {
|
||||
try {
|
||||
const bytes = Array.from(atob(raw), char => char.charCodeAt(0));
|
||||
const decodedString = new TextDecoder("utf-8").decode(new Uint8Array(bytes));
|
||||
export function decodePayload<T = any>(raw: string): T {
|
||||
const bytes = Array.from(atob(raw), char => char.charCodeAt(0));
|
||||
const decodedString = new TextDecoder("utf-8").decode(new Uint8Array(bytes));
|
||||
|
||||
return JSON.parse(decodedString);
|
||||
} catch {
|
||||
return
|
||||
}
|
||||
return JSON.parse(decodedString);
|
||||
}
|
||||
@@ -2,8 +2,8 @@ import { describe, expect, test } from 'vitest'
|
||||
import jwt, { JwtAlgorithm } from '../src/index'
|
||||
|
||||
type Dataset = {
|
||||
public: string
|
||||
private: string
|
||||
public?: string
|
||||
private?: string
|
||||
token: string
|
||||
}
|
||||
|
||||
@@ -18,6 +18,9 @@ type Payload = {
|
||||
}
|
||||
|
||||
const data: Data = {
|
||||
'none': {
|
||||
token: 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ'
|
||||
},
|
||||
'ES256': {
|
||||
public: '-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9\nq9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==\n-----END PUBLIC KEY-----',
|
||||
private: '-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2\nOF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r\n1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G\n-----END PRIVATE KEY-----',
|
||||
@@ -72,7 +75,7 @@ const payload: Payload = {
|
||||
emoji: "😎"
|
||||
}
|
||||
|
||||
const jwtRegex = /^[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+$/
|
||||
const jwtRegex = /^[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+(\.[a-zA-Z0-9\-_]+)?$/
|
||||
|
||||
describe("Internal", () => {
|
||||
test.each(Object.entries(data) as [JwtAlgorithm, Dataset][])('%s', async (algorithm, data) => {
|
||||
|
||||
@@ -13,27 +13,27 @@ describe("Verify", async () => {
|
||||
const notYetValidToken = await jwt.sign({ sub: "me", nbf: now + offset }, secret)
|
||||
const expiredToken = await jwt.sign({ sub: "me", exp: now - offset }, secret)
|
||||
|
||||
test("Valid", () => {
|
||||
expect(jwt.verify(validToken, secret, { throwError: true })).resolves.toBeTruthy()
|
||||
test("Valid", async () => {
|
||||
await expect(jwt.verify(validToken, secret, { throwError: true })).resolves.toBeTruthy()
|
||||
})
|
||||
|
||||
test("Not yet expired", () => {
|
||||
expect(jwt.verify(notYetExpired, secret, { throwError: true })).resolves.toBeTruthy()
|
||||
test("Not yet expired", async () => {
|
||||
await expect(jwt.verify(notYetExpired, secret, { throwError: true })).resolves.toBeTruthy()
|
||||
})
|
||||
|
||||
test("Not yet valid", () => {
|
||||
expect(jwt.verify(notYetValidToken, secret, { throwError: true })).rejects.toThrowError("NOT_YET_VALID")
|
||||
test("Not yet valid", async () => {
|
||||
await expect(jwt.verify(notYetValidToken, secret, { throwError: true })).rejects.toThrowError("NOT_YET_VALID")
|
||||
})
|
||||
|
||||
test("Expired", () => {
|
||||
expect(jwt.verify(expiredToken, secret, { throwError: true })).rejects.toThrowError("EXPIRED")
|
||||
test("Expired", async () => {
|
||||
await expect(jwt.verify(expiredToken, secret, { throwError: true })).rejects.toThrowError("EXPIRED")
|
||||
})
|
||||
|
||||
test("Clock offset", () => {
|
||||
expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
|
||||
expect(jwt.verify(expiredToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
|
||||
test("Clock offset", async () => {
|
||||
await expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
|
||||
await expect(jwt.verify(expiredToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
|
||||
|
||||
expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("NOT_YET_VALID")
|
||||
expect(jwt.verify(expiredToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("EXPIRED")
|
||||
await expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("NOT_YET_VALID")
|
||||
await expect(jwt.verify(expiredToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("EXPIRED")
|
||||
})
|
||||
})
|
||||
@@ -3,11 +3,11 @@ import {
|
||||
bytesToByteString,
|
||||
byteStringToBytes,
|
||||
arrayBufferToBase64String,
|
||||
base64StringToArrayBuffer,
|
||||
textToArrayBuffer,
|
||||
base64StringToUint8Array,
|
||||
textToUint8Array,
|
||||
arrayBufferToText,
|
||||
arrayBufferToBase64Url,
|
||||
base64UrlToArrayBuffer,
|
||||
base64UrlToUint8Array,
|
||||
textToBase64Url,
|
||||
pemToBinary,
|
||||
importTextSecret
|
||||
@@ -18,7 +18,7 @@ describe("Converters", () => {
|
||||
const testByteArray = [ 99, 108, 111, 117, 100, 102, 108, 97, 114, 101, 45, 119, 111, 114, 107, 101, 114, 45, 106, 119, 116 ]
|
||||
const testUint8Array = new Uint8Array(testByteArray)
|
||||
const testBase64String = "Y2xvdWRmbGFyZS13b3JrZXItand0"
|
||||
const testArrayBuffer = testUint8Array.buffer
|
||||
const testArrayBuffer = testUint8Array
|
||||
|
||||
test("bytesToByteString", () => {
|
||||
expect(bytesToByteString(testUint8Array)).toStrictEqual(testString)
|
||||
@@ -33,11 +33,11 @@ describe("Converters", () => {
|
||||
})
|
||||
|
||||
test("base64StringToArrayBuffer", () => {
|
||||
expect(base64StringToArrayBuffer(testBase64String)).toStrictEqual(testArrayBuffer)
|
||||
expect(base64StringToUint8Array(testBase64String)).toStrictEqual(testArrayBuffer)
|
||||
})
|
||||
|
||||
test("textToArrayBuffer", () => {
|
||||
expect(textToArrayBuffer(testString)).toStrictEqual(testUint8Array)
|
||||
expect(textToUint8Array(testString)).toStrictEqual(testUint8Array)
|
||||
})
|
||||
|
||||
test("arrayBufferToText", () => {
|
||||
@@ -49,7 +49,7 @@ describe("Converters", () => {
|
||||
})
|
||||
|
||||
test("base64UrlToArrayBuffer", () => {
|
||||
expect(base64UrlToArrayBuffer(testBase64String)).toStrictEqual(testArrayBuffer)
|
||||
expect(base64UrlToUint8Array(testBase64String)).toStrictEqual(testArrayBuffer)
|
||||
})
|
||||
|
||||
test("textToBase64Url", () => {
|
||||
@@ -67,7 +67,7 @@ describe("Imports", () => {
|
||||
const testAlgorithm = { name: "HMAC", hash: { name: "SHA-256" } }
|
||||
const testCryptoKey = { type: "secret", extractable: true, algorithm: { ...testAlgorithm, length: 168 }, usages: ["verify", "sign"] }
|
||||
|
||||
expect(await importTextSecret(testKey, testAlgorithm, ["verify", "sign"])).toMatchObject(testCryptoKey)
|
||||
await expect(importTextSecret(testKey, testAlgorithm, ["verify", "sign"])).resolves.toMatchObject(testCryptoKey)
|
||||
})
|
||||
|
||||
test.todo("importJwk")
|
||||
|
||||
Reference in New Issue
Block a user