tsndr/cloudflare-worker-jwt
1
0
Fork 0
Code Activity

Compare commits

base: tsndr:v3.1.3
Branches Tags
tsndr:main tsndr:Le0Developer-feat/allow-cryptokey tsndr:feat/allow-cryptokey
tsndr:v3.2.0 tsndr:v3.1.7 tsndr:v3.1.6 tsndr:v3.1.5 tsndr:v3.1.4 tsndr:v3.1.3 tsndr:v3.1.2 tsndr:v3.1.1 tsndr:v3.1.0 tsndr:v3.0.0 tsndr:v2.5.4 tsndr:v2.5.3 tsndr:v2.5.2 tsndr:v2.5.1 tsndr:v2.5.0 tsndr:v2.4.7 tsndr:v2.4.6 tsndr:v2.4.5 tsndr:v2.4.4 tsndr:v2.4.3 tsndr:v2.4.2 tsndr:v2.4.1 tsndr:v2.4.0 tsndr:v2.3.2 tsndr:v2.3.1 tsndr:v2.3.0 tsndr:v2.2.10 tsndr:v2.2.9 tsndr:v2.2.8 tsndr:v2.2.7 tsndr:v2.2.6 tsndr:v2.2.5 tsndr:v2.2.4 tsndr:v2.2.3 tsndr:v2.2.2 tsndr:v2.2.1 tsndr:v2.2.0 tsndr:v2.1.4 tsndr:v2.1.3 tsndr:v2.1.2 tsndr:v2.1.1 tsndr:v2.1.0 tsndr:v2.0.1 tsndr:v2.0.0 tsndr:v1.4.4 tsndr:v1.4.3 tsndr:v1.4.2 tsndr:v1.4.1 tsndr:v1.4.0 tsndr:v1.3.1 tsndr:v1.3.0 tsndr:v1.2.0 tsndr:v1.1.7 tsndr:v1.1.6 tsndr:v1.1.5 tsndr:v1.1.4 tsndr:v1.1.3 tsndr:v1.1.2 tsndr:v1.1.1 tsndr:v1.1.0 tsndr:v1.0.8 tsndr:v1.0.7 tsndr:v1.0.6 tsndr:v1.0.5 tsndr:v1.0.4 tsndr:v1.0.3 tsndr:v1.0.2 tsndr:v1.0.1 tsndr:v1.0.0
..
compare: tsndr:v3.2.0
Branches Tags
tsndr:main tsndr:Le0Developer-feat/allow-cryptokey tsndr:feat/allow-cryptokey
tsndr:v3.2.0 tsndr:v3.1.7 tsndr:v3.1.6 tsndr:v3.1.5 tsndr:v3.1.4 tsndr:v3.1.3 tsndr:v3.1.2 tsndr:v3.1.1 tsndr:v3.1.0 tsndr:v3.0.0 tsndr:v2.5.4 tsndr:v2.5.3 tsndr:v2.5.2 tsndr:v2.5.1 tsndr:v2.5.0 tsndr:v2.4.7 tsndr:v2.4.6 tsndr:v2.4.5 tsndr:v2.4.4 tsndr:v2.4.3 tsndr:v2.4.2 tsndr:v2.4.1 tsndr:v2.4.0 tsndr:v2.3.2 tsndr:v2.3.1 tsndr:v2.3.0 tsndr:v2.2.10 tsndr:v2.2.9 tsndr:v2.2.8 tsndr:v2.2.7 tsndr:v2.2.6 tsndr:v2.2.5 tsndr:v2.2.4 tsndr:v2.2.3 tsndr:v2.2.2 tsndr:v2.2.1 tsndr:v2.2.0 tsndr:v2.1.4 tsndr:v2.1.3 tsndr:v2.1.2 tsndr:v2.1.1 tsndr:v2.1.0 tsndr:v2.0.1 tsndr:v2.0.0 tsndr:v1.4.4 tsndr:v1.4.3 tsndr:v1.4.2 tsndr:v1.4.1 tsndr:v1.4.0 tsndr:v1.3.1 tsndr:v1.3.0 tsndr:v1.2.0 tsndr:v1.1.7 tsndr:v1.1.6 tsndr:v1.1.5 tsndr:v1.1.4 tsndr:v1.1.3 tsndr:v1.1.2 tsndr:v1.1.1 tsndr:v1.1.0 tsndr:v1.0.8 tsndr:v1.0.7 tsndr:v1.0.6 tsndr:v1.0.5 tsndr:v1.0.4 tsndr:v1.0.3 tsndr:v1.0.2 tsndr:v1.0.1 tsndr:v1.0.0

13 Commits
v3.1.3 ... v3.2.0

Author SHA1 Message Date
Toby
2420f57628 3.2.0 2025-05-29 01:28:50 +02:00
Toby
1b4c93adb2 add algorithm none 2025-05-29 01:26:59 +02:00
Toby
06c5605bf2 3.1.7 2025-05-26 01:04:33 +02:00
Toby
a4edaba6f0 clean up tests 2025-05-26 01:02:50 +02:00
Toby
b2a3b4c25f 3.1.6 2025-05-26 00:58:30 +02:00
Toby
c691324515 update jwk type and dev deps 2025-05-26 00:57:04 +02:00
Toby
66385f323c 3.1.5 2025-05-11 23:12:57 +02:00
Toby
1b6ac02f7c update readme 2025-05-11 23:11:14 +02:00
Toby
95e45e67f6 3.1.4 2025-03-14 14:34:33 +01:00
Toby
5e6af9cf25 update dependencies and address type errors 2025-03-14 14:31:50 +01:00
Toby
d3d7e10b60 3.1.3 2024-10-27 13:45:10 +01:00
Toby
fdaa618f65 update pipelines 2024-10-27 13:44:59 +01:00
Toby
cce5a61777 update readme 2024-10-27 13:43:25 +01:00
11 changed files with 607 additions and 831 deletions
Expand all files Collapse all files

20
.github/workflows/publish.yml vendored
View File

@@ -1,8 +1,9 @@
name: Publish name: Publish
run-name: Publish ${{ github.ref_name }}
on: on:
release: release:
types: [published] types: [ published ]
jobs: jobs:
publish: publish:
@@ -13,18 +14,27 @@ jobs:
with: with:
node-version: latest node-version: latest
registry-url: https://registry.npmjs.org/ registry-url: https://registry.npmjs.org/
- name: Install dependencies - name: Install dependencies
run: npm ci run: npm ci
- name: Run tests
run: npm test
- name: Build - name: Build
run: npm run build run: npm run build
- name: Publish to npmjs - name: Publish to npmjs
run: npm publish --tag latest --access public
env: env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --tag ${{ contains(github.ref_name, '-') && 'pre' || 'latest' }} --access public
- uses: actions/setup-node@v3 - uses: actions/setup-node@v3
with: with:
node-version: latest
registry-url: https://npm.pkg.github.com/ registry-url: https://npm.pkg.github.com/
- name: Publish to GPR - name: Publish to GPR
run: npm publish --tag latest --access public
env: env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npm publish --tag ${{ contains(github.ref_name, '-') && 'pre' || 'latest' }} --access public

31
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,31 @@
name: Release
run-name: Release ${{ github.ref_name }}
on:
push:
tags:
- 'v*'
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: latest
registry-url: https://registry.npmjs.org/
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test
- name: Build
run: npm run build
- name: Create release
run: gh release create ${{ github.ref_name }} --draft ${{ contains(github.ref_name, '-') && '--prerelease --latest=false' || '--latest' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

7
.github/workflows/test.yml vendored
View File

@@ -15,7 +15,12 @@ jobs:
with: with:
node-version: latest node-version: latest
registry-url: https://registry.npmjs.org/ registry-url: https://registry.npmjs.org/
- name: Install dependencies - name: Install dependencies
run: npm ci run: npm ci
- name: Run tests - name: Run tests
run: npm test run: npm test
- name: Build
run: npm run build

13
README.md
View File

@@ -24,8 +24,9 @@ npm i @tsndr/cloudflare-worker-jwt
### Basic Example ### Basic Example
```typescript ```typescript
import jwt from "@tsndr/cloudflare-worker-jwt"
async () => { async () => {
import jwt from "@tsndr/cloudflare-worker-jwt"
// Create a token // Create a token
const token = await jwt.sign({ const token = await jwt.sign({
@@ -52,8 +53,9 @@ async () => {
### Restrict Timeframe ### Restrict Timeframe
```typescript ```typescript
import jwt from "@tsndr/cloudflare-worker-jwt"
async () => { async () => {
import jwt from "@tsndr/cloudflare-worker-jwt"
// Create a token // Create a token
const token = await jwt.sign({ const token = await jwt.sign({
@@ -97,7 +99,7 @@ Signs a payload and returns the token.
Argument | Type | Status | Default | Description Argument | Type | Status | Default | Description
------------------------ | ----------------------------------- | -------- | ----------- | ----------- ------------------------ | ----------------------------------- | -------- | ----------- | -----------
`payload` | `object` | required | - | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload. `payload` | `object` | required | - | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
`secret` | `string`, `JsonWebKey`, `CryptoKey` | required | - | A string which is used to sign the payload. `secret` | `string`, `JsonWebKey`, `CryptoKey` | optional | - | A secret which is used to sign the payload.
`options` | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object. `options` | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object.
`options.algorithm` | `string` | optional | `HS256` | See [Available Algorithms](#available-algorithms) `options.algorithm` | `string` | optional | `HS256` | See [Available Algorithms](#available-algorithms)
`options.header` | `object` | optional | `undefined` | Extend the header of the resulting JWT. `options.header` | `object` | optional | `undefined` | Extend the header of the resulting JWT.
@@ -119,7 +121,7 @@ Verifies the integrity of the token.
Argument | Type | Status | Default | Description Argument | Type | Status | Default | Description
------------------------ | ----------------------------------- | -------- | ------- | ----------- ------------------------ | ----------------------------------- | -------- | ------- | -----------
`token` | `string` | required | - | The token string generated by `sign()`. `token` | `string` | required | - | The token string generated by `sign()`.
`secret` | `string`, `JsonWebKey`, `CryptoKey` | required | - | The string which was used to sign the payload. `secret` | `string`, `JsonWebKey`, `CryptoKey` | optional | - | The secret which was used to sign the payload.
`options` | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object. `options` | `string`, `object` | optional | `HS256` | Either the `algorithm` string or an object.
`options.algorithm` | `string` | optional | `HS256` | See [Available Algorithms](#available-algorithms) `options.algorithm` | `string` | optional | `HS256` | See [Available Algorithms](#available-algorithms)
`options.clockTolerance` | `number` | optional | `0` | Clock tolerance in seconds, to help with slighly out of sync systems. `options.clockTolerance` | `number` | optional | `0` | Clock tolerance in seconds, to help with slighly out of sync systems.
@@ -186,4 +188,5 @@ Returns an `object` containing `header` and `payload`:
- `ES256`, `ES384`, `ES512` - `ES256`, `ES384`, `ES512`
- `HS256`, `HS384`, `HS512` - `HS256`, `HS384`, `HS512`
- `RS256`, `RS384`, `RS512` - `RS256`, `RS384`, `RS512`
- `none`

1229
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

12
package.json
View File

@@ -1,6 +1,6 @@
{ {
"name": "@tsndr/cloudflare-worker-jwt", "name": "@tsndr/cloudflare-worker-jwt",
"version": "3.1.3", "version": "3.2.0",
"description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker", "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
"type": "module", "type": "module",
"exports": "./index.js", "exports": "./index.js",
@@ -30,10 +30,10 @@
}, },
"homepage": "https://github.com/tsndr/cloudflare-worker-jwt#readme", "homepage": "https://github.com/tsndr/cloudflare-worker-jwt#readme",
"devDependencies": { "devDependencies": {
"@cloudflare/workers-types": "^4.20240925.0", "@cloudflare/workers-types": "^4.20250525.0",
"@edge-runtime/vm": "^4.0.3", "@edge-runtime/vm": "^5.0.0",
"esbuild": "^0.24.0", "esbuild": "^0.25.4",
"typescript": "^5.6.2", "typescript": "^5.8.3",
"vitest": "^2.1.1" "vitest": "^3.1.4"
} }
} }

43
src/index.ts
View File

@@ -1,7 +1,7 @@
import { import {
textToArrayBuffer, textToUint8Array,
arrayBufferToBase64Url, arrayBufferToBase64Url,
base64UrlToArrayBuffer, base64UrlToUint8Array,
textToBase64Url, textToBase64Url,
importKey, importKey,
decodePayload decodePayload
@@ -12,9 +12,9 @@ if (typeof crypto === "undefined" || !crypto.subtle)
/** /**
* @typedef JwtAlgorithm * @typedef JwtAlgorithm
* @type {"ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"} * @type {"none" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"}
*/ */
export type JwtAlgorithm = "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" export type JwtAlgorithm = "none" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"
/** /**
* @typedef JwtAlgorithms * @typedef JwtAlgorithms
@@ -118,11 +118,12 @@ export type JwtVerifyOptions = {
* @prop {JwtPayload} payload * @prop {JwtPayload} payload
*/ */
export type JwtData<Payload = {}, Header = {}> = { export type JwtData<Payload = {}, Header = {}> = {
header?: JwtHeader<Header> header: JwtHeader<Header>
payload?: JwtPayload<Payload> payload: JwtPayload<Payload>
} }
const algorithms: JwtAlgorithms = { const algorithms: JwtAlgorithms = {
none: { name: "none" },
ES256: { name: "ECDSA", namedCurve: "P-256", hash: { name: "SHA-256" } }, ES256: { name: "ECDSA", namedCurve: "P-256", hash: { name: "SHA-256" } },
ES384: { name: "ECDSA", namedCurve: "P-384", hash: { name: "SHA-384" } }, ES384: { name: "ECDSA", namedCurve: "P-384", hash: { name: "SHA-384" } },
ES512: { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-512" } }, ES512: { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-512" } },
@@ -143,7 +144,7 @@ const algorithms: JwtAlgorithms = {
* @throws If there"s a validation issue. * @throws If there"s a validation issue.
* @returns Returns token as a `string`. * @returns Returns token as a `string`.
*/ */
export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKey | CryptoKey, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> { export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKeyWithKid | CryptoKey | undefined, options: JwtSignOptions<Header> | JwtAlgorithm = "HS256"): Promise<string> {
if (typeof options === "string") if (typeof options === "string")
options = { algorithm: options } options = { algorithm: options }
@@ -152,7 +153,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
if (!payload || typeof payload !== "object") if (!payload || typeof payload !== "object")
throw new Error("payload must be an object") throw new Error("payload must be an object")
if (!secret || (typeof secret !== "string" && typeof secret !== "object")) if (options.algorithm !== "none" && (!secret || (typeof secret !== "string" && typeof secret !== "object")))
throw new Error("secret must be a string, a JWK object or a CryptoKey object") throw new Error("secret must be a string, a JWK object or a CryptoKey object")
if (typeof options.algorithm !== "string") if (typeof options.algorithm !== "string")
@@ -168,8 +169,11 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
const partialToken = `${textToBase64Url(JSON.stringify({ ...options.header, alg: options.algorithm }))}.${textToBase64Url(JSON.stringify(payload))}` const partialToken = `${textToBase64Url(JSON.stringify({ ...options.header, alg: options.algorithm }))}.${textToBase64Url(JSON.stringify(payload))}`
const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["sign"]) if (options.algorithm === "none")
const signature = await crypto.subtle.sign(algorithm, key, textToArrayBuffer(partialToken)) return partialToken
const key = secret instanceof CryptoKey ? secret : await importKey(secret!, algorithm, ["sign"])
const signature = await crypto.subtle.sign(algorithm, key, textToUint8Array(partialToken))
return `${partialToken}.${arrayBufferToBase64Url(signature)}` return `${partialToken}.${arrayBufferToBase64Url(signature)}`
} }
@@ -183,7 +187,7 @@ export async function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payloa
* @throws Throws integration errors and if `options.throwError` is set to `true` also throws `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`. * @throws Throws integration errors and if `options.throwError` is set to `true` also throws `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`.
* @returns Returns the decoded token or `undefined`. * @returns Returns the decoded token or `undefined`.
*/ */
export async function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKey | CryptoKey, options: JwtVerifyOptions | JwtAlgorithm = "HS256"): Promise<JwtData<Payload, Header> | undefined> { export async function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKeyWithKid | CryptoKey | undefined, options: JwtVerifyOptions | JwtAlgorithm = "HS256"): Promise<JwtData<Payload, Header> | undefined> {
if (typeof options === "string") if (typeof options === "string")
options = { algorithm: options } options = { algorithm: options }
options = { algorithm: "HS256", clockTolerance: 0, throwError: false, ...options } options = { algorithm: "HS256", clockTolerance: 0, throwError: false, ...options }
@@ -191,16 +195,18 @@ export async function verify<Payload = {}, Header = {}>(token: string, secret: s
if (typeof token !== "string") if (typeof token !== "string")
throw new Error("token must be a string") throw new Error("token must be a string")
if (typeof secret !== "string" && typeof secret !== "object") if (options.algorithm !== "none" && typeof secret !== "string" && typeof secret !== "object")
throw new Error("secret must be a string, a JWK object or a CryptoKey object") throw new Error("secret must be a string, a JWK object or a CryptoKey object")
if (typeof options.algorithm !== "string") if (typeof options.algorithm !== "string")
throw new Error("options.algorithm must be a string") throw new Error("options.algorithm must be a string")
const tokenParts = token.split(".") const tokenParts = token.split(".", 3)
if (tokenParts.length !== 3) if (tokenParts.length < 2)
throw new Error("token must consist of 3 parts") throw new Error("token must consist of 2 or more parts")
const [ tokenHeader, tokenPayload, tokenSignature ] = tokenParts
const algorithm: SubtleCryptoImportKeyAlgorithm = algorithms[options.algorithm] const algorithm: SubtleCryptoImportKeyAlgorithm = algorithms[options.algorithm]
@@ -223,9 +229,12 @@ export async function verify<Payload = {}, Header = {}>(token: string, secret: s
throw new Error("EXPIRED") throw new Error("EXPIRED")
} }
const key = secret instanceof CryptoKey ? secret : await importKey(secret, algorithm, ["verify"]) if (algorithm.name === "none")
return decodedToken
if (!await crypto.subtle.verify(algorithm, key, base64UrlToArrayBuffer(tokenParts[2]), textToArrayBuffer(`${tokenParts[0]}.${tokenParts[1]}`))) const key = secret instanceof CryptoKey ? secret : await importKey(secret!, algorithm, ["verify"])
if (!await crypto.subtle.verify(algorithm, key, base64UrlToUint8Array(tokenSignature), textToUint8Array(`${tokenHeader}.${tokenPayload}`)))
throw new Error("INVALID_SIGNATURE") throw new Error("INVALID_SIGNATURE")
return decodedToken return decodedToken

32
src/utils.ts
View File

@@ -20,11 +20,11 @@ export function arrayBufferToBase64String(arrayBuffer: ArrayBuffer): string {
return btoa(bytesToByteString(new Uint8Array(arrayBuffer))) return btoa(bytesToByteString(new Uint8Array(arrayBuffer)))
} }
export function base64StringToArrayBuffer(b64str: string): ArrayBuffer { export function base64StringToUint8Array(b64str: string): Uint8Array {
return byteStringToBytes(atob(b64str)).buffer return byteStringToBytes(atob(b64str))
} }
export function textToArrayBuffer(str: string): ArrayBuffer { export function textToUint8Array(str: string): Uint8Array {
return byteStringToBytes(str) return byteStringToBytes(str)
} }
@@ -36,8 +36,8 @@ export function arrayBufferToBase64Url(arrayBuffer: ArrayBuffer): string {
return arrayBufferToBase64String(arrayBuffer).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_") return arrayBufferToBase64String(arrayBuffer).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_")
} }
export function base64UrlToArrayBuffer(b64url: string): ArrayBuffer { export function base64UrlToUint8Array(b64url: string): Uint8Array {
return base64StringToArrayBuffer(b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")) return base64StringToUint8Array(b64url.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, ""))
} }
export function textToBase64Url(str: string): string { export function textToBase64Url(str: string): string {
@@ -48,15 +48,15 @@ export function textToBase64Url(str: string): string {
return btoa(binaryStr).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_") return btoa(binaryStr).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_")
} }
export function pemToBinary(pem: string): ArrayBuffer { export function pemToBinary(pem: string): Uint8Array {
return base64StringToArrayBuffer(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, "")) return base64StringToUint8Array(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, ""))
} }
export async function importTextSecret(key: string, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> { export async function importTextSecret(key: string, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
return await crypto.subtle.importKey("raw", textToArrayBuffer(key), algorithm, true, keyUsages) return await crypto.subtle.importKey("raw", textToUint8Array(key), algorithm, true, keyUsages)
} }
export async function importJwk(key: JsonWebKey, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> { export async function importJwk(key: JsonWebKeyWithKid, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
return await crypto.subtle.importKey("jwk", key, algorithm, true, keyUsages) return await crypto.subtle.importKey("jwk", key, algorithm, true, keyUsages)
} }
@@ -68,7 +68,7 @@ export async function importPrivateKey(key: string, algorithm: SubtleCryptoImpor
return await crypto.subtle.importKey("pkcs8", pemToBinary(key), algorithm, true, keyUsages) return await crypto.subtle.importKey("pkcs8", pemToBinary(key), algorithm, true, keyUsages)
} }
export async function importKey(key: string | JsonWebKey, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> { export async function importKey(key: string | JsonWebKeyWithKid, algorithm: SubtleCryptoImportKeyAlgorithm, keyUsages: KeyUsages[]): Promise<CryptoKey> {
if (typeof key === "object") if (typeof key === "object")
return importJwk(key, algorithm, keyUsages) return importJwk(key, algorithm, keyUsages)
@@ -84,13 +84,9 @@ export async function importKey(key: string | JsonWebKey, algorithm: SubtleCrypt
return importTextSecret(key, algorithm, keyUsages) return importTextSecret(key, algorithm, keyUsages)
} }
export function decodePayload<T = any>(raw: string): T | undefined { export function decodePayload<T = any>(raw: string): T {
try { const bytes = Array.from(atob(raw), char => char.charCodeAt(0));
const bytes = Array.from(atob(raw), char => char.charCodeAt(0)); const decodedString = new TextDecoder("utf-8").decode(new Uint8Array(bytes));
const decodedString = new TextDecoder("utf-8").decode(new Uint8Array(bytes));
return JSON.parse(decodedString); return JSON.parse(decodedString);
} catch {
return
}
} }

9
tests/algorithms.spec.ts
View File

@@ -2,8 +2,8 @@ import { describe, expect, test } from 'vitest'
import jwt, { JwtAlgorithm } from '../src/index' import jwt, { JwtAlgorithm } from '../src/index'
type Dataset = { type Dataset = {
public: string public?: string
private: string private?: string
token: string token: string
} }
@@ -18,6 +18,9 @@ type Payload = {
} }
const data: Data = { const data: Data = {
'none': {
token: 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ'
},
'ES256': { 'ES256': {
public: '-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9\nq9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==\n-----END PUBLIC KEY-----', public: '-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9\nq9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==\n-----END PUBLIC KEY-----',
private: '-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2\nOF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r\n1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G\n-----END PRIVATE KEY-----', private: '-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2\nOF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r\n1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G\n-----END PRIVATE KEY-----',
@@ -72,7 +75,7 @@ const payload: Payload = {
emoji: "😎" emoji: "😎"
} }
const jwtRegex = /^[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+$/ const jwtRegex = /^[a-zA-Z0-9\-_]+\.[a-zA-Z0-9\-_]+(\.[a-zA-Z0-9\-_]+)?$/
describe("Internal", () => { describe("Internal", () => {
test.each(Object.entries(data) as [JwtAlgorithm, Dataset][])('%s', async (algorithm, data) => { test.each(Object.entries(data) as [JwtAlgorithm, Dataset][])('%s', async (algorithm, data) => {

26
tests/index.spec.ts
View File

@@ -13,27 +13,27 @@ describe("Verify", async () => {
const notYetValidToken = await jwt.sign({ sub: "me", nbf: now + offset }, secret) const notYetValidToken = await jwt.sign({ sub: "me", nbf: now + offset }, secret)
const expiredToken = await jwt.sign({ sub: "me", exp: now - offset }, secret) const expiredToken = await jwt.sign({ sub: "me", exp: now - offset }, secret)
test("Valid", () => { test("Valid", async () => {
expect(jwt.verify(validToken, secret, { throwError: true })).resolves.toBeTruthy() await expect(jwt.verify(validToken, secret, { throwError: true })).resolves.toBeTruthy()
}) })
test("Not yet expired", () => { test("Not yet expired", async () => {
expect(jwt.verify(notYetExpired, secret, { throwError: true })).resolves.toBeTruthy() await expect(jwt.verify(notYetExpired, secret, { throwError: true })).resolves.toBeTruthy()
}) })
test("Not yet valid", () => { test("Not yet valid", async () => {
expect(jwt.verify(notYetValidToken, secret, { throwError: true })).rejects.toThrowError("NOT_YET_VALID") await expect(jwt.verify(notYetValidToken, secret, { throwError: true })).rejects.toThrowError("NOT_YET_VALID")
}) })
test("Expired", () => { test("Expired", async () => {
expect(jwt.verify(expiredToken, secret, { throwError: true })).rejects.toThrowError("EXPIRED") await expect(jwt.verify(expiredToken, secret, { throwError: true })).rejects.toThrowError("EXPIRED")
}) })
test("Clock offset", () => { test("Clock offset", async () => {
expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy() await expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
expect(jwt.verify(expiredToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy() await expect(jwt.verify(expiredToken, secret, { clockTolerance: offset, throwError: true })).resolves.toBeTruthy()
expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("NOT_YET_VALID") await expect(jwt.verify(notYetValidToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("NOT_YET_VALID")
expect(jwt.verify(expiredToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("EXPIRED") await expect(jwt.verify(expiredToken, secret, { clockTolerance: offset - 1, throwError: true })).rejects.toThrowError("EXPIRED")
}) })
}) })

16
tests/utils.spec.ts
View File

@@ -3,11 +3,11 @@ import {
bytesToByteString, bytesToByteString,
byteStringToBytes, byteStringToBytes,
arrayBufferToBase64String, arrayBufferToBase64String,
base64StringToArrayBuffer, base64StringToUint8Array,
textToArrayBuffer, textToUint8Array,
arrayBufferToText, arrayBufferToText,
arrayBufferToBase64Url, arrayBufferToBase64Url,
base64UrlToArrayBuffer, base64UrlToUint8Array,
textToBase64Url, textToBase64Url,
pemToBinary, pemToBinary,
importTextSecret importTextSecret
@@ -18,7 +18,7 @@ describe("Converters", () => {
const testByteArray = [ 99, 108, 111, 117, 100, 102, 108, 97, 114, 101, 45, 119, 111, 114, 107, 101, 114, 45, 106, 119, 116 ] const testByteArray = [ 99, 108, 111, 117, 100, 102, 108, 97, 114, 101, 45, 119, 111, 114, 107, 101, 114, 45, 106, 119, 116 ]
const testUint8Array = new Uint8Array(testByteArray) const testUint8Array = new Uint8Array(testByteArray)
const testBase64String = "Y2xvdWRmbGFyZS13b3JrZXItand0" const testBase64String = "Y2xvdWRmbGFyZS13b3JrZXItand0"
const testArrayBuffer = testUint8Array.buffer const testArrayBuffer = testUint8Array
test("bytesToByteString", () => { test("bytesToByteString", () => {
expect(bytesToByteString(testUint8Array)).toStrictEqual(testString) expect(bytesToByteString(testUint8Array)).toStrictEqual(testString)
@@ -33,11 +33,11 @@ describe("Converters", () => {
}) })
test("base64StringToArrayBuffer", () => { test("base64StringToArrayBuffer", () => {
expect(base64StringToArrayBuffer(testBase64String)).toStrictEqual(testArrayBuffer) expect(base64StringToUint8Array(testBase64String)).toStrictEqual(testArrayBuffer)
}) })
test("textToArrayBuffer", () => { test("textToArrayBuffer", () => {
expect(textToArrayBuffer(testString)).toStrictEqual(testUint8Array) expect(textToUint8Array(testString)).toStrictEqual(testUint8Array)
}) })
test("arrayBufferToText", () => { test("arrayBufferToText", () => {
@@ -49,7 +49,7 @@ describe("Converters", () => {
}) })
test("base64UrlToArrayBuffer", () => { test("base64UrlToArrayBuffer", () => {
expect(base64UrlToArrayBuffer(testBase64String)).toStrictEqual(testArrayBuffer) expect(base64UrlToUint8Array(testBase64String)).toStrictEqual(testArrayBuffer)
}) })
test("textToBase64Url", () => { test("textToBase64Url", () => {
@@ -67,7 +67,7 @@ describe("Imports", () => {
const testAlgorithm = { name: "HMAC", hash: { name: "SHA-256" } } const testAlgorithm = { name: "HMAC", hash: { name: "SHA-256" } }
const testCryptoKey = { type: "secret", extractable: true, algorithm: { ...testAlgorithm, length: 168 }, usages: ["verify", "sign"] } const testCryptoKey = { type: "secret", extractable: true, algorithm: { ...testAlgorithm, length: 168 }, usages: ["verify", "sign"] }
expect(await importTextSecret(testKey, testAlgorithm, ["verify", "sign"])).toMatchObject(testCryptoKey) await expect(importTextSecret(testKey, testAlgorithm, ["verify", "sign"])).resolves.toMatchObject(testCryptoKey)
}) })
test.todo("importJwk") test.todo("importJwk")