express-jwt
Advanced tools
Comparing version 7.6.2 to 7.7.0
import * as jwt from 'jsonwebtoken'; | ||
import * as express from 'express'; | ||
import expressUnless from 'express-unless'; | ||
/** | ||
* A function that defines how to retrieve the verification key given the express request and the JWT. | ||
*/ | ||
export declare type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => jwt.Secret | Promise<jwt.Secret>; | ||
/** | ||
* @deprecated use GetVerificationKey | ||
*/ | ||
export declare type SecretCallback = GetVerificationKey; | ||
/** | ||
* @deprecated use GetVerificationKey | ||
*/ | ||
export declare type SecretCallbackLong = GetVerificationKey; | ||
/** | ||
* A function to check if a token is revoked | ||
*/ | ||
export declare type IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => boolean | Promise<boolean>; | ||
/** | ||
* A function to customize how a token is retrieved from the express request. | ||
*/ | ||
export declare type TokenGetter = (req: express.Request) => string | Promise<string> | undefined; | ||
declare type Params = { | ||
/** | ||
* The Key or a function to retrieve the key used to verify the JWT. | ||
*/ | ||
secret: jwt.Secret | GetVerificationKey; | ||
/** | ||
* Defines how to retrieves the token from the request object. | ||
*/ | ||
getToken?: TokenGetter; | ||
/** | ||
* Defines how to verify if a token is revoked. | ||
*/ | ||
isRevoked?: IsRevoked; | ||
/** | ||
* If sets to true, continue to the next middleware when the | ||
* request doesn't include a token without failing. | ||
* | ||
* @default true | ||
*/ | ||
credentialsRequired?: boolean; | ||
/** | ||
* Allows to customize the name of the property in the request object | ||
* where the decoded payload is set. | ||
* @default 'auth' | ||
*/ | ||
requestProperty?: string; | ||
/** | ||
* List of JWT algorithms allowed. | ||
*/ | ||
algorithms: jwt.Algorithm[]; | ||
} & jwt.VerifyOptions; | ||
export { UnauthorizedError } from './errors/UnauthorizedError'; | ||
/** | ||
* @deprecated this breaks tsc when using strict: true | ||
*/ | ||
export declare type ExpressJwtRequest<T = jwt.JwtPayload> = express.Request & { | ||
auth: T; | ||
}; | ||
/** | ||
* @deprecated use Request<T> | ||
*/ | ||
export declare type ExpressJwtRequestUnrequired<T = jwt.JwtPayload> = express.Request & { | ||
auth?: T; | ||
}; | ||
/** | ||
* The Express Request including the "auth" property with the decoded JWT payload. | ||
*/ | ||
export declare type Request<T = jwt.JwtPayload> = express.Request & { | ||
auth?: T; | ||
}; | ||
/** | ||
* Returns an express middleware to verify JWTs. | ||
* | ||
* @param options {Params} | ||
* @returns | ||
*/ | ||
export declare const expressjwt: (options: Params) => { | ||
@@ -25,0 +81,0 @@ (req: express.Request, res: express.Response, next: express.NextFunction): Promise<void>; |
@@ -71,2 +71,8 @@ "use strict"; | ||
Object.defineProperty(exports, "UnauthorizedError", { enumerable: true, get: function () { return UnauthorizedError_2.UnauthorizedError; } }); | ||
/** | ||
* Returns an express middleware to verify JWTs. | ||
* | ||
* @param options {Params} | ||
* @returns | ||
*/ | ||
var expressjwt = function (options) { | ||
@@ -73,0 +79,0 @@ if (!(options === null || options === void 0 ? void 0 : options.secret)) |
{ | ||
"name": "express-jwt", | ||
"version": "7.6.2", | ||
"version": "7.7.0", | ||
"description": "JWT authentication middleware.", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -247,3 +247,3 @@ # express-jwt | ||
```typescript | ||
import { expressjwt, ExpressJwtRequest } from "express-jwt"; | ||
import { expressjwt, Request as JWTRequest } from "express-jwt"; | ||
@@ -253,4 +253,4 @@ app.get( | ||
expressjwt({ secret: "shhhhhhared-secret", algorithms: ["HS256"] }), | ||
function (req: ExpressJwtRequest, res: express.Response) { | ||
if (!req.auth.admin) return res.sendStatus(401); | ||
function (req: JWTRequest, res: express.Response) { | ||
if (!req.auth?.admin) return res.sendStatus(401); | ||
res.sendStatus(200); | ||
@@ -261,23 +261,2 @@ } | ||
If you use `credentialsRequired: false` then use `ExpressJwtRequestUnrequired`. This type defines `req.auth` as optional, example: | ||
```typescript | ||
import { expressjwt, ExpressJwtRequest } from "express-jwt"; | ||
app.get( | ||
"/protected", | ||
expressjwt({ | ||
secret: "shhhhhhared-secret", | ||
algorithms: ["HS256"], | ||
credentialsRequired: false, | ||
}), | ||
function (req: ExpressJwtRequestUnrequired, res: express.Response) { | ||
if (!req.auth?.admin) { | ||
return res.sendStatus(401); | ||
} | ||
res.sendStatus(200); | ||
} | ||
); | ||
``` | ||
## Migration from v6 | ||
@@ -284,0 +263,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
26687
312
293