express-jwt - npm Package Compare versions

Comparing version 7.6.2 to 7.7.0

dist/index.d.ts

 import * as jwt from 'jsonwebtoken';
 import * as express from 'express';
 import expressUnless from 'express-unless';
+/**
+ * A function that defines how to retrieve the verification key given the express request and the JWT.
+ */
 export declare type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => jwt.Secret | Promise<jwt.Secret>;
+/**
+ * @deprecated use GetVerificationKey
+ */
 export declare type SecretCallback = GetVerificationKey;
+/**
+ * @deprecated use GetVerificationKey
+ */
 export declare type SecretCallbackLong = GetVerificationKey;
+/**
+ * A function to check if a token is revoked
+ */
 export declare type IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => boolean | Promise<boolean>;
+/**
+ * A function to customize how a token is retrieved from the express request.
+ */
 export declare type TokenGetter = (req: express.Request) => string | Promise<string> | undefined;
 declare type Params = {
+    /**
+     * The Key or a function to retrieve the key used to verify the JWT.
+     */
     secret: jwt.Secret | GetVerificationKey;
+    /**
+     * Defines how to retrieves the token from the request object.
+     */
     getToken?: TokenGetter;
+    /**
+     * Defines how to verify if a token is revoked.
+     */
     isRevoked?: IsRevoked;
+    /**
+     * If sets to true, continue to the next middleware when the
+     * request doesn't include a token without failing.
+     *
+     * @default true
+     */
     credentialsRequired?: boolean;
+    /**
+     * Allows to customize the name of the property in the request object
+     * where the decoded payload is set.
+     * @default 'auth'
+     */
     requestProperty?: string;
+    /**
+     * List of JWT algorithms allowed.
+     */
     algorithms: jwt.Algorithm[];
 } & jwt.VerifyOptions;
 export { UnauthorizedError } from './errors/UnauthorizedError';
+/**
+ * @deprecated this breaks tsc when using strict: true
+ */
 export declare type ExpressJwtRequest<T = jwt.JwtPayload> = express.Request & {
     auth: T;
 };
+/**
+ * @deprecated use Request<T>
+ */
 export declare type ExpressJwtRequestUnrequired<T = jwt.JwtPayload> = express.Request & {
     auth?: T;
 };
+/**
+ * The Express Request including the "auth" property with the decoded JWT payload.
+ */
+export declare type Request<T = jwt.JwtPayload> = express.Request & {
+    auth?: T;
+};
+/**
+ * Returns an express middleware to verify JWTs.
+ *
+ * @param options {Params}
+ * @returns
+ */
 export declare const expressjwt: (options: Params) => {
@@ -25,0 +81,0 @@ (req: express.Request, res: express.Response, next: express.NextFunction): Promise<void>;

dist/index.js

@@ -71,2 +71,8 @@ "use strict";
 Object.defineProperty(exports, "UnauthorizedError", { enumerable: true, get: function () { return UnauthorizedError_2.UnauthorizedError; } });
+/**
+ * Returns an express middleware to verify JWTs.
+ *
+ * @param options {Params}
+ * @returns
+ */
 var expressjwt = function (options) {
@@ -73,0 +79,0 @@ if (!(options === null || options === void 0 ? void 0 : options.secret))

package.json

 {
   "name": "express-jwt",
-  "version": "7.6.2",
+  "version": "7.7.0",
   "description": "JWT authentication middleware.",
@@ -5,0 +5,0 @@ "keywords": [

README.md

@@ -247,3 +247,3 @@ # express-jwt
 ```typescript
-import { expressjwt, ExpressJwtRequest } from "express-jwt";
+import { expressjwt, Request as JWTRequest } from "express-jwt";
 
@@ -253,4 +253,4 @@ app.get(
   expressjwt({ secret: "shhhhhhared-secret", algorithms: ["HS256"] }),
-  function (req: ExpressJwtRequest, res: express.Response) {
-    if (!req.auth.admin) return res.sendStatus(401);
+  function (req: JWTRequest, res: express.Response) {
+    if (!req.auth?.admin) return res.sendStatus(401);
     res.sendStatus(200);
@@ -261,23 +261,2 @@ }
 
-If you use `credentialsRequired: false` then use `ExpressJwtRequestUnrequired`. This type defines `req.auth` as optional, example:
-
-```typescript
-import { expressjwt, ExpressJwtRequest } from "express-jwt";
-
-app.get(
-  "/protected",
-  expressjwt({
-    secret: "shhhhhhared-secret",
-    algorithms: ["HS256"],
-    credentialsRequired: false,
-  }),
-  function (req: ExpressJwtRequestUnrequired, res: express.Response) {
-    if (!req.auth?.admin) {
-      return res.sendStatus(401);
-    }
-    res.sendStatus(200);
-  }
-);
-```
-
 ## Migration from v6
@@ -284,0 +263,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

26687

increased by3.52%

Lines of code

312

increased by24.8%

Worsened metrics

Number of lines in readme file

293

decreased by-6.69%

No dependency changes