@arcblock/did - npm Package Compare versions

Comparing version 0.28.0 to 0.28.1

lib/index.js

@@ -249,9 +249,9 @@ /**
   // make body
-  const timestamp = Math.floor(Date.now() / 1000);
+  const now = Math.floor(Date.now() / 1000);
   let body = Object.assign(
     {
       iss: did.indexOf(DID_PREFIX) === 0 ? did : `${DID_PREFIX}${did}`,
-      iat: timestamp,
-      nbf: timestamp,
-      exp: timestamp + 30 * 60,
+      iat: now,
+      nbf: now,
+      exp: now + 5 * 60,
     },
@@ -311,5 +311,7 @@ payload || {}
  * @param {string} pk - hex encoded public key
+ * @param {number} [tolerance=5] - number of seconds to tolerant expire
+ * @param {boolean} [verifyTimestamp=true] - whether should be verify timestamps?
  * @returns {boolean}
  */
-const jwtVerify = (token, pk, tolerance = 5) => {
+const jwtVerify = (token, pk, tolerance = 5, verifyTimestamp = true) => {
   try {
@@ -319,5 +321,7 @@ const [headerB64, bodyB64] = token.split('.');
     if (!signature) {
+      debug('jwtVerify.error.emptySig');
       return false;
     }
     if (!header.alg) {
+      debug('jwtVerify.error.emptyAlg');
       return false;
@@ -328,2 +332,3 @@ }
     if (!did) {
+      debug('jwtVerify.error.emptyDid');
       return false;
@@ -333,15 +338,25 @@ }
     if (isFromPublicKey(did, pk) === false) {
+      debug('jwtVerify.error.did_pk_mismatch');
       return false;
     }
 
-    const timestamp = Math.ceil(Date.now() / 1000) + tolerance;
-    if (body.exp && body.exp < timestamp) {
-      return false;
+    if (verifyTimestamp) {
+      const now = Math.ceil(Date.now() / 1000) + tolerance;
+      const exp = Number(body.exp) || 0;
+      const iat = Number(body.iat) || 0;
+      const nbf = Number(body.nbf) || 0;
+      debug('jwtVerify.verifyTimestamp', { now, exp, iat, nbf });
+      if (exp && exp < now) {
+        debug('jwtVerify.error.expired');
+        return false;
+      }
+      if (iat && iat > now) {
+        debug('jwtVerify.error.issuedAt');
+        return false;
+      }
+      if (nbf && nbf > now) {
+        debug('jwtVerify.error.notBefore');
+        return false;
+      }
     }
-    if (body.iat && body.iat > timestamp) {
-      return false;
-    }
-    if (body.nbf && body.nbf > timestamp) {
-      return false;
-    }
 
@@ -359,4 +374,7 @@ const signers = {
 
+    debug('jwtVerify.error.crypto');
     return false;
   } catch (err) {
+    debug('jwtVerify.error.exception');
+
     if (process.env.NODE_ENV !== 'test') {
@@ -363,0 +381,0 @@ // eslint-disable-next-line

package.json

 {
   "name": "@arcblock/did",
-  "version": "0.28.0",
+  "version": "0.28.1",
   "description": "Javascript lib to work with ArcBlock DID",
@@ -56,3 +56,3 @@ "keywords": [
   },
-  "gitHead": "3df54e5095c2100ef61fce8f2a42ebd00d331273"
+  "gitHead": "e860dd970e1e7ec1b231f30201e789acf0dd251f"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

17222

increased by4.36%

Lines of code

470

increased by3.75%

No dependency changes