You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP →
@fastify/jwt
Advanced tools
Comparing version 6.1.0 to 6.2.0
@@ -16,3 +16,3 @@ import { | ||
| * ``` | ||
| * declare module 'fastify-jwt' { | ||
| * declare module '@fastify/jwt' { | ||
| * interface FastifyJWT { | ||
@@ -26,3 +26,3 @@ * payload: { name: string; email: string } | ||
| * // With `formatUser`. | ||
| * declare module 'fastify-jwt' { | ||
| * declare module '@fastify/jwt' { | ||
| * interface FastifyJWT { | ||
@@ -29,0 +29,0 @@ * payload: { Name: string; e_mail: string } |
@@ -202,2 +202,3 @@ 'use strict' | ||
| const extractToken = options.extractToken | ||
| const onlyCookie = options.onlyCookie | ||
| if (extractToken) { | ||
@@ -208,3 +209,3 @@ token = extractToken(request) | ||
| } | ||
| } else if (request.headers && request.headers.authorization) { | ||
| } else if ((request.headers && request.headers.authorization) && (!onlyCookie)) { | ||
| const parts = request.headers.authorization.split(' ') | ||
@@ -211,0 +212,0 @@ if (parts.length === 2) { |
| { | ||
| "name": "@fastify/jwt", | ||
| "version": "6.1.0", | ||
| "version": "6.2.0", | ||
| "description": "JWT utils for Fastify", | ||
| "main": "jwt.js", | ||
| "types": "jwt.d.ts", | ||
| "engines": { | ||
| "node": ">=10" | ||
| }, | ||
| "scripts": { | ||
@@ -44,4 +41,4 @@ "lint": "standard", | ||
| "devDependencies": { | ||
| "@fastify/cookie": "^6.0.0", | ||
| "@types/node": "^17.0.21", | ||
| "@fastify/cookie": "^7.0.0", | ||
| "@types/node": "^18.0.0", | ||
| "fastify": "^4.0.0-rc.2", | ||
@@ -51,3 +48,3 @@ "pre-commit": "^1.2.2", | ||
| "tap": "^16.0.0", | ||
| "tsd": "^0.20.0", | ||
| "tsd": "^0.21.0", | ||
| "typescript": "^4.5.5" | ||
@@ -54,0 +51,0 @@ }, |
@@ -299,2 +299,60 @@ # @fastify/jwt | ||
| ### `onlyCookie` | ||
| Setting this options to `true` will decode only the cookie in the request. This is useful for refreshToken implementations where the request typically has two tokens: token and refreshToken. The main authentication token usually has a shorter timeout and the refresh token normally stored in the cookie has a longer timeout. This allows you to check to make sure that the cookie token is still valid, as it could have a different expiring time than the main token. The payloads of the two different tokens could also be different. | ||
| ```js | ||
| const fastify = require('fastify')() | ||
| const jwt = require('@fastify/jwt') | ||
| fastify.register(jwt, { | ||
| secret: 'foobar', | ||
| cookie: { | ||
| cookieName: 'refreshToken', | ||
| }, | ||
| sign: { | ||
| expiresIn: '10m' | ||
| } | ||
| }) | ||
| fastify | ||
| .register(require('@fastify/cookie')) | ||
| fastify.get('/cookies', async (request, reply) => { | ||
| const token = await reply.jwtSign({ | ||
| name: 'foo' | ||
| }) | ||
| const refreshToken = await reply.jwtSign({ | ||
| name: 'bar' | ||
| }, {expiresIn: '1d'}) | ||
| reply | ||
| .setCookie('refreshToken', refreshToken, { | ||
| domain: 'your.domain', | ||
| path: '/', | ||
| secure: true, // send cookie over HTTPS only | ||
| httpOnly: true, | ||
| sameSite: true // alternative CSRF protection | ||
| }) | ||
| .code(200) | ||
| .send({token}) | ||
| }) | ||
| fastify.addHook('onRequest', (request) => { | ||
| request.jwtVerify() | ||
| request.jwtVerify({onlyCookie: true}) | ||
| }) | ||
| fastify.get('/verifycookie', (request, reply) => { | ||
| reply.send({ code: 'OK', message: 'it works!' }) | ||
| }) | ||
| fastify.listen(3000, err => { | ||
| if (err) throw err | ||
| }) | ||
| ``` | ||
| ### `trusted` | ||
@@ -301,0 +359,0 @@ |
Sorry, the diff of this file is too big to display
No alert changes
Improved metrics
- Total package byte prevSize
- increased by2.39%
144021
- Lines of code
- increased by1.43%
3323
- Number of lines in readme file
- increased by7.83%
799
No dependency changes