express-jwt - npm Package Compare versions

Comparing version 3.1.0 to 3.2.0

lib/index.js

@@ -87,4 +87,4 @@ var jwt = require('jsonwebtoken');
 
-    async.parallel([
-      function(callback){
+    async.waterfall([
+      function getSecret(callback){
         var arity = secretCallback.length;
@@ -97,20 +97,29 @@ if (arity == 4) {
       },
-      function(callback){
-        isRevokedCallback(req, dtoken.payload, callback);
+      function verifyToken(secret, callback) {
+        jwt.verify(token, secret, options, function(err, decoded) {
+          if (err && credentialsRequired) {
+            callback(new UnauthorizedError('invalid_token', err));
+          } else {
+            callback(null, decoded);
+          }
+        });
+      },
+      function checkRevoked(decoded, callback) {
+        isRevokedCallback(req, dtoken.payload, function (err, revoked) {
+          if (err) {
+            callback(err);
+          }
+          else if (revoked) {
+            callback(new UnauthorizedError('revoked_token', {message: 'The token has been revoked.'}));
+          } else {
+            callback(null, decoded);
+          }
+        });
       }
-    ], function(err, results){
+
+    ], function (err, result){
       if (err) { return next(err); }
-      var revoked = results[1];
-      if (revoked){
-        return next(new UnauthorizedError('revoked_token', { message: 'The token has been revoked.'}));
-      }
 
-      var secret = results[0];
-
-      jwt.verify(token, secret, options, function(err, decoded) {
-        if (err && credentialsRequired) return next(new UnauthorizedError('invalid_token', err));
-
-        req[_requestProperty] = decoded;
-        next();
-      });
+      req[_requestProperty] = result;
+      next();
     });
@@ -117,0 +126,0 @@ };

package.json

 {
   "name": "express-jwt",
-  "version": "3.1.0",
+  "version": "3.2.0",
   "description": "JWT authentication middleware.",
@@ -5,0 +5,0 @@ "keywords": [

README.md

@@ -44,2 +44,8 @@ # express-jwt
 
+If you are using a base64 URL-encoded secret, pass a `Buffer` with `base64` encoding as the secret instead of a string:
+
+```javascript
+jwt({ secret: new Buffer('shhhhhhared-secret', 'base64') })
+```
+
 Optionally you can make some paths unprotected as follows:
@@ -64,2 +70,3 @@
 
+
 ```javascript
@@ -169,4 +176,4 @@ jwt({ secret: publicKey, requestProperty: 'auth' });
 
-You might want to use this module to identify registered users without preventing unregistered clients to access to some data, you
-can do it using the option _credentialsRequired_:
+You might want to use this module to identify registered users while still providing access to unregistered users. You
+can do this by using the option _credentialsRequired_:
 
@@ -173,0 +180,0 @@ app.use(jwt({

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25834

increased by1.81%

Lines of code

466

increased by2.19%

Number of lines in readme file

201

increased by3.61%

No dependency changes