azure-ad-verify-token - npm Package Compare versions

Comparing version 1.0.1 to 1.1.0

CHANGELOG.md

@@ -5,2 +5,15 @@ # Changelog
 
+## [1.1.0](https://github.com/justinlettau/azure-ad-verify-token/compare/v1.0.1...v1.1.0) (2020-03-28)
+
+
+### Features
+
+* add cache expiry ([e58195b](https://github.com/justinlettau/azure-ad-verify-token/commit/e58195bc9e51357f96f88eee6a7331899f0d5369)), closes [#2](https://github.com/justinlettau/azure-ad-verify-token/issues/2)
+* optimise cache ([e381b29](https://github.com/justinlettau/azure-ad-verify-token/commit/e381b29e39e5630e98516b310eb06500ec436edd)), closes [#3](https://github.com/justinlettau/azure-ad-verify-token/issues/3)
+
+
+### Bug Fixes
+
+* update error messages ([f423e0d](https://github.com/justinlettau/azure-ad-verify-token/commit/f423e0dc3c6790ab1c214f4e7546ffa14656099d))
+
 ### [1.0.1](https://github.com/justinlettau/azure-ad-verify-token/compare/v1.0.0...v1.0.1) (2020-03-22)
@@ -7,0 +20,0 @@

dist/index.d.ts

@@ -1,2 +0,3 @@
-export * from './verify';
-export { VerifyConfig } from './interfaces';
+export { getConfig, setConfig } from './config';
+export { verify } from './verify';
+export { Config, VerifyOptions } from './interfaces';

dist/index.js

 "use strict";
-function __export(m) {
-    for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];
-}
 Object.defineProperty(exports, "__esModule", { value: true });
-__export(require("./verify"));
+var config_1 = require("./config");
+exports.getConfig = config_1.getConfig;
+exports.setConfig = config_1.setConfig;
+var verify_1 = require("./verify");
+exports.verify = verify_1.verify;
 //# sourceMappingURL=index.js.map

dist/interfaces.d.ts

 /**
- * Verify configuration.
+ * Configuration options.
  */
-export interface VerifyConfig {
+export interface Config {
+    /**
+     * Number of milliseconds to cache public keys. Default: 1 hour
+     */
+    cacheLifetime?: number;
+}
+/**
+ * Verify options.
+ */
+export interface VerifyOptions {
+    /**
+     * `jwk_uri` value obtained from B2C policy metadata endpoint.
+     */
     jwksUri: string;
+    /**
+     * `issuer` value obtained from B2C policy metadata endpoint.
+     */
     issuer: string;
+    /**
+     * Application ID of the application accessing the tenant.
+     */
     audience: string;
 }
 /**
+ * Public key cache item.
+ */
+export interface CacheItem {
+    /**
+     * RSA public key result.
+     */
+    result: Promise<string>;
+    /**
+     * Resolve function from `value`'s promise.
+     */
+    done?: (value: string) => void;
+    /**
+     * Date, in milliseconds, the cache will be considered expired.
+     */
+    expiry: number;
+}
+/**
  * Azure json web key set.
@@ -11,0 +46,0 @@ */

dist/verify.d.ts

@@ -1,2 +0,2 @@
-import { VerifyConfig } from './interfaces';
+import { VerifyOptions } from './interfaces';
 /**
@@ -6,4 +6,4 @@ * Verify token.
  * @param token Token to verify.
- * @param config Configuration options.
+ * @param options Configuration options.
  */
-export declare function verify(token: string, config: VerifyConfig): Promise<string | object>;
+export declare function verify(token: string, options: VerifyOptions): Promise<string | object>;

dist/verify.js

@@ -9,7 +9,4 @@ "use strict";
 var rsa_pem_from_mod_exp_1 = __importDefault(require("rsa-pem-from-mod-exp"));
+var cache_1 = require("./cache");
 /**
- * Public key cache.
- */
-var cache = new Map();
-/**
  * Get public key.
@@ -21,17 +18,27 @@ *
 function getPublicKey(jwksUri, kid) {
-    var publicKey = cache.get(kid);
-    if (publicKey) {
-        return Promise.resolve(publicKey);
+    var item = cache_1.getItem(kid);
+    if (item) {
+        return item.result;
     }
+    // immediately defer to prevent duplicate calls to get jwks
+    cache_1.setDeferredItem(kid);
     return node_fetch_1.default(jwksUri)
         .then(function (res) { return res.json(); })
         .then(function (res) {
-        res.keys.forEach(function (item) {
-            cache.set(item.kid, rsa_pem_from_mod_exp_1.default(item.n, item.e));
+        res.keys.forEach(function (key) {
+            var existing = cache_1.getItem(key.kid);
+            var pem = rsa_pem_from_mod_exp_1.default(key.n, key.e);
+            if (existing && existing.done) {
+                // deferred item
+                existing.done(pem);
+            }
+            else {
+                cache_1.setItem(key.kid, pem);
+            }
         });
-        publicKey = cache.get(kid);
-        if (!publicKey) {
-            throw new Error('Could not find public key');
+        item = cache_1.getItem(kid);
+        if (!item) {
+            throw new Error('public key not found');
         }
-        return publicKey;
+        return item.result;
     });
@@ -43,6 +50,6 @@ }
  * @param token Token to verify.
- * @param config Configuration options.
+ * @param options Configuration options.
  */
-function verify(token, config) {
-    var jwksUri = config.jwksUri, audience = config.audience, issuer = config.issuer;
+function verify(token, options) {
+    var jwksUri = options.jwksUri, audience = options.audience, issuer = options.issuer;
     var decoded;
@@ -55,13 +62,13 @@ var kid;
     catch (error) {
-        return Promise.reject(error);
+        return Promise.reject('invalid token');
     }
-    return getPublicKey(jwksUri, kid)
-        .then(function (key) { return jsonwebtoken_1.default.verify(token, key, {
-        algorithms: ['RS256'],
-        audience: audience,
-        issuer: issuer
-    }); });
+    return getPublicKey(jwksUri, kid).then(function (key) {
+        return jsonwebtoken_1.default.verify(token, key, {
+            algorithms: ['RS256'],
+            audience: audience,
+            issuer: issuer,
+        });
+    });
 }
 exports.verify = verify;
-;
 //# sourceMappingURL=verify.js.map

package.json

 {
   "name": "azure-ad-verify-token",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Verify JWT issued by Azure Active Directory B2C.",
@@ -49,3 +49,3 @@ "keywords": [
     "@justinlettau/tslint-config": "^0.1.0",
-    "@types/jasmine": "^3.5.9",
+    "@types/jasmine": "^3.5.10",
     "@types/jsonwebtoken": "^8.3.8",
@@ -58,6 +58,6 @@ "@types/node-fetch": "^2.5.5",
     "nyc": "^15.0.0",
-    "prettier": "^1.19.1",
+    "prettier": "^2.0.2",
     "pretty-quick": "^2.0.1",
     "standard-version": "^7.1.0",
-    "ts-node": "^8.7.0",
+    "ts-node": "^8.8.1",
     "tslint": "^6.1.0",
@@ -64,0 +64,0 @@ "tslint-config-prettier": "^1.18.0",

README.md

 [![NPM Version](https://badge.fury.io/js/azure-ad-verify-token.svg)](https://badge.fury.io/js/azure-ad-verify-token)
 ![CI](https://github.com/justinlettau/azure-ad-verify-token/workflows/CI/badge.svg)
 [![Dependency Status](https://david-dm.org/justinlettau/azure-ad-verify-token.svg)](https://david-dm.org/justinlettau/azure-ad-verify-token)
-[![Dev Dependency Status](https://david-dm.org/justinlettau/azure-ad-verify-token/dev-status.svg)](https://david-dm.org/justinlettau/js-rules-engine?type=dev)
+[![Dev Dependency Status](https://david-dm.org/justinlettau/azure-ad-verify-token/dev-status.svg)](https://david-dm.org/justinlettau/zure-ad-verify-token?type=dev)
 [![Codecov](https://codecov.io/gh/justinlettau/azure-ad-verify-token/branch/master/graph/badge.svg)](https://codecov.io/gh/justinlettau/azure-ad-verify-token)
@@ -24,2 +24,3 @@
 - 💪 Written in **TypeScript**.
+- ♻️ **Configurable cache** for public keys.
 
@@ -34,6 +35,8 @@ # Installation
 
+### Verify
+
 ```ts
-import { verify, VerifyConfig } from 'azure-ad-verify-token';
+import { verify, VerifyOptions } from 'azure-ad-verify-token';
 
-const config: VerifyConfig = {
+const options: VerifyOptions = {
   jwksUri: 'https://contoso.b2clogin.com/contoso.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_signupsignin1',
@@ -44,3 +47,3 @@ issuer: 'https://contoso.b2clogin.com/3285c484-dce5-4abb-a341-bbe4f2bc8554/v2.0/',
 
-verify(token, config)
+verify(token, options)
   .then(decoded => {
@@ -56,3 +59,3 @@ // verified and decoded token
 
-Configuration options:
+Verify options:
 
@@ -66,5 +69,22 @@ | Property   | Type     | Description                                                 |
 Example metadata endpoints:
+
 - https://login.microsoftonline.com/common/.well-known/openid-configuration
 - https://login.microsoftonline.com/common/discovery/keys
 
+### Configuration
+
+```ts
+import { setConfig } from 'azure-ad-verify-token';
+
+setConfig({
+  cacheLifetime: 12 * (60 * 60 * 1000) // 12 hours
+});
+```
+
+Configuration options:
+
+| Property        | Type     | Description                                  | Default |
+| --------------- | -------- | -------------------------------------------- | ------- |
+| `cacheLifetime` | `number` | Number of milliseconds to cache public keys. | 1 hour  |
+
 # References
@@ -71,0 +91,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

19193

increased by76%

Number of package files

19

increased by46.15%

Lines of code

315

increased by200%

Number of lines in readme file

97

increased by25.97%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes