@nestjs/jwt
Advanced tools
Comparing version 6.0.0 to 6.1.0
@@ -6,3 +6,4 @@ "use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
__export(require("./interfaces")); | ||
__export(require("./jwt.module")); | ||
__export(require("./jwt.service")); |
"use strict"; | ||
function __export(m) { | ||
for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p]; | ||
} | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
__export(require("./jwt-module-options.interface")); |
/// <reference types="node" /> | ||
import { ModuleMetadata, Type } from '@nestjs/common/interfaces'; | ||
import * as jwt from 'jsonwebtoken'; | ||
export declare enum JwtSecretRequestType { | ||
SIGN = 0, | ||
VERIFY = 1 | ||
} | ||
export interface JwtModuleOptions { | ||
signOptions?: jwt.SignOptions; | ||
secret?: string | Buffer; | ||
publicKey?: string | Buffer; | ||
privateKey?: jwt.Secret; | ||
secretOrPrivateKey?: jwt.Secret; | ||
publicKey?: string | Buffer; | ||
secretOrKeyProvider?: (requestType: JwtSecretRequestType, tokenOrPayload: string | object | Buffer, options?: jwt.VerifyOptions | jwt.SignOptions) => jwt.Secret; | ||
verifyOptions?: jwt.VerifyOptions; | ||
@@ -9,0 +16,0 @@ } |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
var JwtSecretRequestType; | ||
(function (JwtSecretRequestType) { | ||
JwtSecretRequestType[JwtSecretRequestType["SIGN"] = 0] = "SIGN"; | ||
JwtSecretRequestType[JwtSecretRequestType["VERIFY"] = 1] = "VERIFY"; | ||
})(JwtSecretRequestType = exports.JwtSecretRequestType || (exports.JwtSecretRequestType = {})); |
@@ -6,5 +6,6 @@ /// <reference types="node" /> | ||
private readonly options; | ||
private readonly logger; | ||
constructor(options: JwtModuleOptions); | ||
sign(payload: string | Object | Buffer, options?: jwt.SignOptions): string; | ||
signAsync(payload: string | Object | Buffer, options?: jwt.SignOptions): Promise<string>; | ||
sign(payload: string | Buffer | object, options?: jwt.SignOptions): string; | ||
signAsync(payload: string | Buffer | object, options?: jwt.SignOptions): Promise<string>; | ||
verify<T extends object = any>(token: string, options?: jwt.VerifyOptions): T; | ||
@@ -15,2 +16,4 @@ verifyAsync<T extends object = any>(token: string, options?: jwt.VerifyOptions): Promise<T>; | ||
} | string; | ||
private mergeJwtOptions; | ||
private getSecretKey; | ||
} |
@@ -17,2 +17,3 @@ "use strict"; | ||
const jwt = require("jsonwebtoken"); | ||
const jwt_module_options_interface_1 = require("./interfaces/jwt-module-options.interface"); | ||
const jwt_constants_1 = require("./jwt.constants"); | ||
@@ -22,22 +23,23 @@ let JwtService = class JwtService { | ||
this.options = options; | ||
this.logger = new common_1.Logger('JwtService'); | ||
} | ||
sign(payload, options) { | ||
const signOptions = options | ||
? Object.assign({}, (this.options.signOptions || {}), options) : this.options.signOptions; | ||
return jwt.sign(payload, this.options.secretOrPrivateKey, signOptions); | ||
const signOptions = this.mergeJwtOptions(options, 'signOptions'); | ||
const secret = this.getSecretKey(payload, options, 'privateKey', jwt_module_options_interface_1.JwtSecretRequestType.SIGN); | ||
return jwt.sign(payload, secret, signOptions); | ||
} | ||
signAsync(payload, options) { | ||
const signOptions = options | ||
? Object.assign({}, (this.options.signOptions || {}), options) : this.options.signOptions; | ||
return new Promise((resolve, reject) => jwt.sign(payload, this.options.secretOrPrivateKey, signOptions, (err, encoded) => (err ? reject(err) : resolve(encoded)))); | ||
const signOptions = this.mergeJwtOptions(options, 'signOptions'); | ||
const secret = this.getSecretKey(payload, options, 'privateKey', jwt_module_options_interface_1.JwtSecretRequestType.SIGN); | ||
return new Promise((resolve, reject) => jwt.sign(payload, secret, signOptions, (err, encoded) => err ? reject(err) : resolve(encoded))); | ||
} | ||
verify(token, options) { | ||
const verifyOptions = options | ||
? Object.assign({}, (this.options.verifyOptions || {}), options) : this.options.verifyOptions; | ||
return jwt.verify(token, this.options.publicKey || this.options.secretOrPrivateKey, verifyOptions); | ||
const verifyOptions = this.mergeJwtOptions(options, 'verifyOptions'); | ||
const secret = this.getSecretKey(token, options, 'publicKey', jwt_module_options_interface_1.JwtSecretRequestType.VERIFY); | ||
return jwt.verify(token, secret.toString(), verifyOptions); | ||
} | ||
verifyAsync(token, options) { | ||
const verifyOptions = options | ||
? Object.assign({}, (this.options.verifyOptions || {}), options) : this.options.verifyOptions; | ||
return new Promise((resolve, reject) => jwt.verify(token, this.options.publicKey || this.options.secretOrPrivateKey, verifyOptions, (err, decoded) => (err ? reject(err) : resolve(decoded)))); | ||
const verifyOptions = this.mergeJwtOptions(options, 'verifyOptions'); | ||
const secret = this.getSecretKey(token, options, 'publicKey', jwt_module_options_interface_1.JwtSecretRequestType.VERIFY); | ||
return new Promise((resolve, reject) => jwt.verify(token, secret.toString(), verifyOptions, (err, decoded) => err ? reject(err) : resolve(decoded))); | ||
} | ||
@@ -47,2 +49,16 @@ decode(token, options) { | ||
} | ||
mergeJwtOptions(options, key) { | ||
return options | ||
? Object.assign({}, (this.options[key] || {}), options) : this.options[key]; | ||
} | ||
getSecretKey(token, options, key, secretRequestType) { | ||
let secret = this.options.secretOrKeyProvider | ||
? this.options.secretOrKeyProvider(secretRequestType, token, options) | ||
: this.options.secret || this.options[key]; | ||
if (this.options.secretOrPrivateKey) { | ||
this.logger.warn(`"secretOrPrivateKey" has been deprecated, please use the new explicit "secretOrKeyProvider" or use "privateKey"/"publicKey" exclusively.`); | ||
secret = this.options.secretOrPrivateKey; | ||
} | ||
return secret; | ||
} | ||
}; | ||
@@ -49,0 +65,0 @@ JwtService = __decorate([ |
{ | ||
"name": "@nestjs/jwt", | ||
"version": "6.0.0", | ||
"version": "6.1.0", | ||
"description": "Nest - modern, fast, powerful node.js web framework (@jwt)", | ||
@@ -8,2 +8,5 @@ "author": "Kamil Mysliwiec", | ||
"scripts": { | ||
"test": "jest --config=jest.json", | ||
"test:watch": "jest --config=jest.json --watch", | ||
"test:coverage": "jest --config=jest.json --coverage --coverageDirectory=coverage", | ||
"build": "rm -rf dist && tsc -p tsconfig.json", | ||
@@ -18,8 +21,14 @@ "precommit": "lint-staged", | ||
"devDependencies": { | ||
"@nestjs/common": "6.0.0", | ||
"@types/node": "7.10.5", | ||
"jest": "24.8.0", | ||
"ts-jest": "24.0.2", | ||
"reflect-metadata": "0.1.13", | ||
"@nestjs/core": "6.2.0", | ||
"@nestjs/testing": "6.2.0", | ||
"@types/jest": "24.0.13", | ||
"@nestjs/common": "6.2.0", | ||
"@types/node": "7.10.6", | ||
"husky": "0.14.3", | ||
"lint-staged": "8.1.5", | ||
"prettier": "1.16.4", | ||
"typescript": "3.3.3333" | ||
"lint-staged": "8.1.6", | ||
"prettier": "1.17.1", | ||
"typescript": "3.4.5" | ||
}, | ||
@@ -26,0 +35,0 @@ "lint-staged": { |
@@ -43,3 +43,3 @@ <p align="center"> | ||
@Module({ | ||
imports: [JwtModule.register({ secretOrPrivateKey: 'key' })], | ||
imports: [JwtModule.register({ secret: 'hard!to-guess_secret' })], | ||
providers: [...], | ||
@@ -59,2 +59,38 @@ }) | ||
## Secret / Encryption Key options | ||
If you want to control secret and key management dynamically you can use the `secretOrKeyProvider` function for that purpose. | ||
```typescript | ||
JwtModule.register({ | ||
/* Secret has precedance over keys */ | ||
secret: 'hard!to-guess_secret', | ||
/* public key used in asymmetric algorithms (required if non other secrets present) */ | ||
publicKey: '...', | ||
/* private key used in asymmetric algorithms (required if non other secrets present) */ | ||
privateKey: '...' | ||
/* Dynamic key provider has precedance over static secret or pub/private keys */ | ||
secretOrKeyProvider: ( | ||
requestType: JwtSecretRequestType, | ||
tokenOrPayload: string | Object | Buffer, | ||
verifyOrSignOrOptions?: jwt.VerifyOptions | jwt.SignOptions | ||
) => { | ||
switch (requestType) { | ||
case JwtSecretRequestType.SIGN: | ||
// retrieve signing key dynamically | ||
return 'privateKey'; | ||
case JwtSecretRequestType.VERIFY: | ||
// retrieve public key for verification dynamically | ||
return 'publicKey'; | ||
default: | ||
// retrieve secret dynamically | ||
return 'hard!to-guess_secret'; | ||
} | ||
}, | ||
}); | ||
``` | ||
## Async options | ||
@@ -69,3 +105,3 @@ | ||
useFactory: () => ({ | ||
secretOrPrivateKey: 'key' | ||
secret: 'hard!to-guess_secret' | ||
}) | ||
@@ -81,3 +117,3 @@ }); | ||
useFactory: async (configService: ConfigService) => ({ | ||
secretOrPrivateKey: configService.getString('SECRET_KEY'), | ||
secret: configService.getString('SECRET'), | ||
}), | ||
@@ -102,3 +138,3 @@ inject: [ConfigService], | ||
return { | ||
secretOrPrivateKey: 'key' | ||
secret: 'hard!to-guess_secret' | ||
}; | ||
@@ -146,6 +182,9 @@ } | ||
- `secretOrPrivateKey` [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback) | ||
- `secret` is either a string, buffer, or object containing the secret for HMAC algorithms | ||
- `secretOrKeyProvider` function with the following signature `(requestType, tokenOrPayload, options?) => jwt.Secret` (allows generating either secrets or keys dynamically) | ||
- `signOptions` [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback) | ||
- `privateKey` PEM encoded private key for RSA and ECDSA with passphrase an object `{ key, passphrase }` [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback) | ||
- `publicKey` PEM encoded public key for RSA and ECDSA | ||
- `verifyOptions` [read more](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback) | ||
- `secretOrPrivateKey` (DEPRECATED!) [read more](https://github.com/auth0/node-jsonwebtoken#jwtsignpayload-secretorprivatekey-options-callback) | ||
@@ -152,0 +191,0 @@ ## Support |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
34267
23
249
198
12