Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 699 #812

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 4 additions & 2 deletions index.js
@@ -1,5 +1,7 @@
const { verify, isExpired } = require('./verify');
module.exports = {
verify: require('./verify'),
verify: verify,
isExpired: isExpired,
sign: require('./sign'),
JsonWebTokenError: require('./lib/JsonWebTokenError'),
NotBeforeError: require('./lib/NotBeforeError'),
Expand All @@ -9,4 +11,4 @@ module.exports = {
Object.defineProperty(module.exports, 'decode', {
enumerable: false,
value: require('./decode'),
});
});
17 changes: 9 additions & 8 deletions sign.js
Expand Up @@ -15,9 +15,9 @@ if (PS_SUPPORTED) {
}

var sign_options_schema = {
expiresIn: { isValid: function(value) { return isInteger(value) || (isString(value) && value); }, message: '"expiresIn" should be a number of seconds or string representing a timespan' },
notBefore: { isValid: function(value) { return isInteger(value) || (isString(value) && value); }, message: '"notBefore" should be a number of seconds or string representing a timespan' },
audience: { isValid: function(value) { return isString(value) || Array.isArray(value); }, message: '"audience" must be a string or array' },
expiresIn: { isValid: function (value) { return isInteger(value) || (isString(value) && value); }, message: '"expiresIn" should be a number of seconds or string representing a timespan' },
notBefore: { isValid: function (value) { return isInteger(value) || (isString(value) && value); }, message: '"notBefore" should be a number of seconds or string representing a timespan' },
audience: { isValid: function (value) { return isString(value) || Array.isArray(value); }, message: '"audience" must be a string or array' },
algorithm: { isValid: includes.bind(null, SUPPORTED_ALGS), message: '"algorithm" must be a valid string enum value' },
header: { isValid: isPlainObject, message: '"header" must be an object' },
encoding: { isValid: isString, message: '"encoding" must be a string' },
Expand All @@ -40,7 +40,7 @@ function validate(schema, allowUnknown, object, parameterName) {
throw new Error('Expected "' + parameterName + '" to be a plain object.');
}
Object.keys(object)
.forEach(function(key) {
.forEach(function (key) {
var validator = schema[key];
if (!validator) {
if (!allowUnknown) {
Expand Down Expand Up @@ -88,7 +88,8 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
}

var isObjectPayload = typeof payload === 'object' &&
!Buffer.isBuffer(payload);
!Buffer.isBuffer(payload);


var header = Object.assign({
alg: options.algorithm || 'HS256',
Expand Down Expand Up @@ -117,15 +118,15 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
return failure(error);
}
if (!options.mutatePayload) {
payload = Object.assign({},payload);
payload = Object.assign({}, payload);
}
} else {
var invalid_options = options_for_objects.filter(function (opt) {
return typeof options[opt] !== 'undefined';
});

if (invalid_options.length > 0) {
return failure(new Error('invalid ' + invalid_options.join(',') + ' option for ' + (typeof payload ) + ' payload'));
return failure(new Error('invalid ' + invalid_options.join(',') + ' option for ' + (typeof payload) + ' payload'));
}
}

Expand Down Expand Up @@ -201,6 +202,6 @@ module.exports = function (payload, secretOrPrivateKey, options, callback) {
callback(null, signature);
});
} else {
return jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding});
return jws.sign({ header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding });
}
};
52 changes: 33 additions & 19 deletions verify.js
@@ -1,10 +1,10 @@
var JsonWebTokenError = require('./lib/JsonWebTokenError');
var NotBeforeError = require('./lib/NotBeforeError');
var NotBeforeError = require('./lib/NotBeforeError');
var TokenExpiredError = require('./lib/TokenExpiredError');
var decode = require('./decode');
var timespan = require('./lib/timespan');
var PS_SUPPORTED = require('./lib/psSupported');
var jws = require('jws');
var decode = require('./decode');
var timespan = require('./lib/timespan');
var PS_SUPPORTED = require('./lib/psSupported');
var jws = require('jws');

var PUB_KEY_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512'];
var RSA_KEY_ALGS = ['RS256', 'RS384', 'RS512'];
Expand All @@ -15,7 +15,15 @@ if (PS_SUPPORTED) {
RSA_KEY_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');
}

module.exports = function (jwtString, secretOrPublicKey, options, callback) {
function isExpired(token) {
let decoded = decode(token, { complete: true });
let payload = decoded.payload;
if (!payload.exp) return false;
else if (payload.exp >= Math.floor(Date.now() / 1000)) return false;
return true;
}

function verify(jwtString, secretOrPublicKey, options, callback) {
if ((typeof options === 'function') && !callback) {
callback = options;
options = {};
Expand All @@ -33,7 +41,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
if (callback) {
done = callback;
} else {
done = function(err, data) {
done = function (err, data) {
if (err) throw err;
return data;
};
Expand All @@ -49,7 +57,7 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {

var clockTimestamp = options.clockTimestamp || Math.floor(Date.now() / 1000);

if (!jwtString){
if (!jwtString) {
return done(new JsonWebTokenError('jwt must be provided'));
}

Expand All @@ -59,15 +67,15 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {

var parts = jwtString.split('.');

if (parts.length !== 3){
if (parts.length !== 3) {
return done(new JsonWebTokenError('jwt malformed'));
}

var decodedToken;

try {
decodedToken = decode(jwtString, { complete: true });
} catch(err) {
} catch (err) {
return done(err);
}

Expand All @@ -78,27 +86,27 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {
var header = decodedToken.header;
var getSecret;

if(typeof secretOrPublicKey === 'function') {
if(!callback) {
if (typeof secretOrPublicKey === 'function') {
if (!callback) {
return done(new JsonWebTokenError('verify must be called asynchronous if secret or public key is provided as a callback'));
}

getSecret = secretOrPublicKey;
}
else {
getSecret = function(header, secretCallback) {
getSecret = function (header, secretCallback) {
return secretCallback(null, secretOrPublicKey);
};
}

return getSecret(header, function(err, secretOrPublicKey) {
if(err) {
return getSecret(header, function (err, secretOrPublicKey) {
if (err) {
return done(new JsonWebTokenError('error in secret or public key callback: ' + err.message));
}

var hasSignature = parts[2].trim() !== '';

if (!hasSignature && secretOrPublicKey){
if (!hasSignature && secretOrPublicKey) {
return done(new JsonWebTokenError('jwt signature is required'));
}

Expand Down Expand Up @@ -170,8 +178,8 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {

if (options.issuer) {
var invalid_issuer =
(typeof options.issuer === 'string' && payload.iss !== options.issuer) ||
(Array.isArray(options.issuer) && options.issuer.indexOf(payload.iss) === -1);
(typeof options.issuer === 'string' && payload.iss !== options.issuer) ||
(Array.isArray(options.issuer) && options.issuer.indexOf(payload.iss) === -1);

if (invalid_issuer) {
return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + options.issuer));
Expand Down Expand Up @@ -222,4 +230,10 @@ module.exports = function (jwtString, secretOrPublicKey, options, callback) {

return done(null, payload);
});
};
}


module.exports = {
verify,
isExpired
}