@arcblock/abt-did - npm Package Compare versions

Comparing version 0.14.3 to 0.15.0

lib/index.js

 const upperFirst = require('lodash/upperFirst');
-const { toBN, toHex, numberToHex, isHexStrict, stripHexPrefix } = require('@arcblock/forge-util');
+const stringify = require('json-stable-stringify');
 const Mcrypto = require('@arcblock/mcrypto');
@@ -7,2 +7,3 @@ const multibase = require('multibase');
 const hdkey = require('hdkey');
+const { toBN, toHex, numberToHex, isHexStrict, stripHexPrefix } = require('@arcblock/forge-util');
 const { DID_PREFIX, toBits, toBytes, toStrictHex } = require('./util');
@@ -252,4 +253,2 @@ const { types, getSigner, getHasher } = Mcrypto;
     })
-    // sort keys
-    .sort()
     .reduce((acc, x) => {
@@ -260,3 +259,3 @@ acc[x] = body[x];
 
-  const bodyB64 = base64.escape(base64.encode(JSON.stringify(body)));
+  const bodyB64 = base64.escape(base64.encode(stringify(body)));
 
@@ -272,2 +271,20 @@ // make signature
 /**
+ * Decode info from jwt token
+ *
+ * @param {*} token
+ * @param {boolean} [payloadOnly=false]
+ * @returns
+ */
+const jwtDecode = (token, payloadOnly = true) => {
+  const [headerB64, bodyB64, sigB64] = token.split('.');
+  const header = JSON.parse(base64.decode(base64.unescape(headerB64)));
+  const body = JSON.parse(base64.decode(base64.unescape(bodyB64)));
+  const sig = Buffer.from(base64.unescape(sigB64), 'base64').toString('hex');
+  if (payloadOnly) {
+    return body;
+  }
+  return { header, body, signature: `0x${toStrictHex(sig)}` };
+};
+
+/**
  * Verify a jwt token signed with pk and certain issuer
@@ -281,8 +298,5 @@ *
   try {
-    const [headerB64, bodyB64, sigB64] = token.split('.');
-    const header = JSON.parse(base64.decode(base64.unescape(headerB64)));
-    const body = JSON.parse(base64.decode(base64.unescape(bodyB64)));
-    const signature = Buffer.from(base64.unescape(sigB64), 'base64').toString('hex');
-    const sigHex = `0x${toStrictHex(signature)}`;
-    if (!sigHex) {
+    const [headerB64, bodyB64] = token.split('.');
+    const { header, body, signature } = jwtDecode(token, false);
+    if (!signature) {
       return false;
@@ -311,3 +325,3 @@ }
       const msgHex = toHex(`${headerB64}.${bodyB64}`);
-      return signers[alg].verify(msgHex, sigHex, pk);
+      return signers[alg].verify(msgHex, signature, pk);
     }
@@ -337,2 +351,3 @@
   jwtVerify,
+  jwtDecode,
 };

package.json

 {
   "name": "@arcblock/abt-did",
-  "version": "0.14.3",
+  "version": "0.15.0",
   "description": "Javascript lib to work with ArcBlock DID",
@@ -40,7 +40,8 @@ "keywords": [
   "dependencies": {
-    "@arcblock/forge-util": "^0.14.3",
-    "@arcblock/mcrypto": "^0.14.3",
+    "@arcblock/forge-util": "^0.15.0",
+    "@arcblock/mcrypto": "^0.15.0",
     "base64-url": "^2.2.0",
     "debug": "^4.1.1",
     "hdkey": "^1.1.1",
+    "json-stable-stringify": "^1.0.1",
     "lodash": "^4.17.11",
@@ -50,3 +51,3 @@ "multibase": "^0.6.0",
   },
-  "gitHead": "6f1b372879894a6a68f08c53116faa4c527e4110"
+  "gitHead": "4ef4154c785ba27f71f5af2d66e67270857b4750"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14749

increased by8.99%

Number of package files

6

increased by20%

Lines of code

374

increased by9.68%

Worsened metrics

Dependency count

9

increased by12.5%

Dependency changes

• + Addedjson-stable-stringify@^1.0.1

• + Added@arcblock/forge-util@0.15.0(transitive)

• + Added@arcblock/mcrypto@0.15.0(transitive)

• + Addedcall-bind@1.0.8(transitive)

• + Addedcall-bind-apply-helpers@1.0.1(transitive)

• + Addedcall-bound@1.0.3(transitive)

• + Addeddefine-data-property@1.1.4(transitive)

• + Addeddunder-proto@1.0.1(transitive)

• + Addedes-define-property@1.0.1(transitive)

• + Addedes-errors@1.3.0(transitive)

• + Addedes-object-atoms@1.0.0(transitive)

• + Addedfunction-bind@1.1.2(transitive)

• + Addedget-intrinsic@1.2.6(transitive)

• + Addedgopd@1.2.0(transitive)

• + Addedhas-property-descriptors@1.0.2(transitive)

• + Addedhas-symbols@1.1.0(transitive)

• + Addedhasown@2.0.2(transitive)

• + Addedisarray@2.0.5(transitive)

• + Addedjson-stable-stringify@1.2.1(transitive)

• + Addedjsonify@0.0.1(transitive)

• + Addedmath-intrinsics@1.1.0(transitive)

• + Addedobject-keys@1.1.1(transitive)

• + Addedset-function-length@1.2.2(transitive)

• - Removed@arcblock/forge-util@0.14.3(transitive)

• - Removed@arcblock/mcrypto@0.14.3(transitive)

• Updated@arcblock/forge-util@^0.15.0

• Updated@arcblock/mcrypto@^0.15.0