@fastify/jwt - npm Package Compare versions

Comparing version 7.0.0 to 7.1.0

jwt.d.ts

		@@ -105,8 +105,10 @@ import {
		export interface FastifyJWTOptions {
		secret: Secret \| { public: Secret; private: Secret }
		secret: Secret \| {public: Secret; private?: Secret}
		decode?: Partial<DecoderOptions>
		sign?: Partial<SignOptions>
		verify?: Partial<VerifyOptions> & { extractToken?: (request: FastifyRequest) => string \| void }
		verify?: Partial<VerifyOptions> & {
		extractToken?: (request: FastifyRequest) => string \| void
		}
		cookie?: {
		cookieName: string,
		cookieName: string
		signed: boolean
		@@ -124,4 +126,7 @@ }
		}
		trusted?: (request: FastifyRequest, decodedToken: { [k: string]: any }) => boolean \| Promise<boolean> \| SignPayloadType \| Promise<SignPayloadType>
		formatUser?: (payload: SignPayloadType) => UserType,
		trusted?: (
		request: FastifyRequest,
		decodedToken: {[k: string]: any}
		) => boolean \| Promise<boolean> \| SignPayloadType \| Promise<SignPayloadType>
		formatUser?: (payload: SignPayloadType) => UserType
		jwtDecode?: boolean \| string
		@@ -128,0 +133,0 @@ namespace?: string

jwt.js

		@@ -87,4 +87,4 @@ 'use strict'
		if (typeof secret === 'object' && !Buffer.isBuffer(secret)) {
		if (!secret.private \|\| !secret.public) {
		return next(new Error('missing private key and/or public key'))
		if (!secret.public) {
		return next(new Error('missing public key'))
		}
		@@ -190,3 +190,6 @@ secretOrPrivateKey = secret.private
		const signerConfig = checkAndMergeSignOptions()
		const signer = createSigner(signerConfig.options)
		// no signer when configured in verify-mode
		const signer = signerConfig.options.key
		? createSigner(signerConfig.options)
		: null
		const decoder = createDecoder(decodeOptions)
		@@ -294,2 +297,5 @@ const verifierConfig = checkAndMergeVerifyOptions()
		assert(payload, 'missing payload')
		// if a global signer was not created, sign mode is not supported
		assert(signer, 'unable to sign: secret is configured in verify mode')

		let localSigner = signer
		@@ -334,2 +340,5 @@
		function replySign (payload, options, next) {
		// if a global signer was not created, sign mode is not supported
		assert(signer, 'unable to sign: secret is configured in verify mode')

		let useLocalSigner = true
		@@ -336,0 +345,0 @@ if (typeof options === 'function') {

package.json

		{
		"name": "@fastify/jwt",
		"version": "7.0.0",
		"version": "7.1.0",
		"description": "JWT utils for Fastify",
		@@ -5,0 +5,0 @@ "main": "jwt.js",

README.md

		@@ -120,2 +120,13 @@ # @fastify/jwt

		#### Verify-only mode

		In cases where your incoming JWT tokens are issued by a trusted external
		service, and you need only to verify their signature without issuing, there is
		an option to configure `fastify-jwt` in verify-only mode by passing the
		`secret` object containing only a public key: `{ public }`.

		When only a public key is provided, decode and verification functions will work as
		described below, but an exception will be thrown at an attempt to use any form
		of `sign` functionality.

		#### Example
		@@ -169,7 +180,15 @@ ```js
		})
		// secret as an object with RSA public key
		// fastify-jwt is configured in VERIFY-ONLY mode
		fastify.register(jwt, {
		secret: {
		public: process.env.JWT_ISSUER_PUBKEY
		}
		})
		```

		### Default options

		Optionally you can define global default options that will be used by `@fastify/jwt` API if you do not override them.

		Additionally, it is also possible to reject tokens selectively (i.e. blacklisting) by providing the option `trusted` with the following signature: `(request, decodedToken) => boolean\|Promise<boolean>\|SignPayloadType\|Promise<SignPayloadType>` where `request` is a `FastifyRequest` and `decodedToken` is the parsed (and verified) token information. Its result should be `false` or `Promise<false>` if the token should be rejected or, otherwise, be `true` or `Promise<true>` if the token should be accepted and, considering that `request.user` will be used after that, the return should be `decodedToken` itself.

		#### Example
		@@ -361,2 +380,4 @@ ```js

		Additionally, it is also possible to reject tokens selectively (i.e. blacklisting) by providing the option `trusted` with the following signature: `(request, decodedToken) => boolean\|Promise<boolean>\|SignPayloadType\|Promise<SignPayloadType>` where `request` is a `FastifyRequest` and `decodedToken` is the parsed (and verified) token information. Its result should be `false` or `Promise<false>` if the token should be rejected or, otherwise, be `true` or `Promise<true>` if the token should be accepted and, considering that `request.user` will be used after that, the return should be `decodedToken` itself.

		#### Example trusted tokens
		@@ -540,3 +561,3 @@ ```js
		### fastify.jwt.decode(token [,options])
		This method is used to decode the provided token. It accepts a token (as a `Buffer` or a `string`) and returns the payload or the sections of the token.
		This method is used to decode the provided token. It accepts a token (as a `Buffer` or a `string`) and returns the payload or the sections of the token.
		`options` must be an `Object` and can contain [decode](#decode) options.
		@@ -543,0 +564,0 @@ Can only be used synchronously.

test/jwt.test.js

Sorry, the diff of this file is too big to display

@fastify/jwt - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics