express-jwt
Advanced tools
Comparing version 8.1.0 to 8.2.0
import * as jwt from 'jsonwebtoken'; | ||
import * as express from 'express'; | ||
import { unless } from 'express-unless'; | ||
import { UnauthorizedError } from './errors/UnauthorizedError'; | ||
/** | ||
@@ -21,2 +22,6 @@ * A function that defines how to retrieve the verification key given the express request and the JWT. | ||
/** | ||
* A function to check if a token is revoked | ||
*/ | ||
export declare type ExpirationHandler = (req: express.Request, err: UnauthorizedError) => void | Promise<void>; | ||
/** | ||
* A function to customize how a token is retrieved from the express request. | ||
@@ -55,2 +60,6 @@ */ | ||
algorithms: jwt.Algorithm[]; | ||
/** | ||
* Handle expired tokens. | ||
*/ | ||
onExpired?: ExpirationHandler; | ||
} & jwt.VerifyOptions; | ||
@@ -57,0 +66,0 @@ export { UnauthorizedError } from './errors/UnauthorizedError'; |
@@ -67,7 +67,7 @@ "use strict"; | ||
return __awaiter(this, void 0, void 0, function () { | ||
var token, hasAuthInAccessControl, authorizationHeader, parts, scheme, credentials, decodedToken, key, isRevoked, _a, request, err_1; | ||
var token, hasAuthInAccessControl, authorizationHeader, parts, scheme, credentials, decodedToken, key, err_1, wrappedErr, isRevoked, _a, request, err_2; | ||
return __generator(this, function (_b) { | ||
switch (_b.label) { | ||
case 0: | ||
_b.trys.push([0, 7, , 8]); | ||
_b.trys.push([0, 13, , 14]); | ||
if (req.method === 'OPTIONS' && 'access-control-request-headers' in req.headers) { | ||
@@ -130,15 +130,25 @@ hasAuthInAccessControl = req.headers['access-control-request-headers'] | ||
key = _b.sent(); | ||
try { | ||
jwt.verify(token, key, options); | ||
} | ||
catch (err) { | ||
throw new UnauthorizedError_1.UnauthorizedError('invalid_token', err); | ||
} | ||
_b.label = 5; | ||
case 5: | ||
_b.trys.push([5, 6, , 10]); | ||
jwt.verify(token, key, options); | ||
return [3 /*break*/, 10]; | ||
case 6: | ||
err_1 = _b.sent(); | ||
wrappedErr = new UnauthorizedError_1.UnauthorizedError('invalid_token', err_1); | ||
if (!(err_1 instanceof jwt.TokenExpiredError && typeof options.onExpired === 'function')) return [3 /*break*/, 8]; | ||
return [4 /*yield*/, options.onExpired(req, wrappedErr)]; | ||
case 7: | ||
_b.sent(); | ||
return [3 /*break*/, 9]; | ||
case 8: throw wrappedErr; | ||
case 9: return [3 /*break*/, 10]; | ||
case 10: | ||
_a = options.isRevoked; | ||
if (!_a) return [3 /*break*/, 6]; | ||
if (!_a) return [3 /*break*/, 12]; | ||
return [4 /*yield*/, options.isRevoked(req, decodedToken)]; | ||
case 5: | ||
case 11: | ||
_a = (_b.sent()); | ||
_b.label = 6; | ||
case 6: | ||
_b.label = 12; | ||
case 12: | ||
isRevoked = _a || false; | ||
@@ -151,7 +161,7 @@ if (isRevoked) { | ||
next(); | ||
return [3 /*break*/, 8]; | ||
case 7: | ||
err_1 = _b.sent(); | ||
return [2 /*return*/, next(err_1)]; | ||
case 8: return [2 /*return*/]; | ||
return [3 /*break*/, 14]; | ||
case 13: | ||
err_2 = _b.sent(); | ||
return [2 /*return*/, next(err_2)]; | ||
case 14: return [2 /*return*/]; | ||
} | ||
@@ -158,0 +168,0 @@ }); |
{ | ||
"name": "express-jwt", | ||
"version": "8.1.0", | ||
"version": "8.2.0", | ||
"description": "JWT authentication middleware.", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -20,2 +20,3 @@ # express-jwt | ||
- `isRevoked?: IsRevoked` (optional): A function to verify if a token is revoked. | ||
- `onExpired?: ExpirationHandler` (optional): A function to handle expired tokens. | ||
- `credentialsRequired?: boolean` (optional): If its false, continue to the next middleware if the request does not contain a token instead of failing, defaults to true. | ||
@@ -215,2 +216,17 @@ - `requestProperty?: string` (optional): Name of the property in the request object where the payload is set. Default to `req.auth`. | ||
### Handling expired tokens | ||
You can handle expired tokens as follows: | ||
```javascript | ||
jwt({ | ||
secret: "shhhhhhared-secret", | ||
algorithms: ["HS256"], | ||
onExpired: async (req, err) => { | ||
if (new Date() - err.inner.expiredAt < 5000) { return;} | ||
throw err; | ||
},, | ||
}) | ||
``` | ||
### Error handling | ||
@@ -217,0 +233,0 @@ |
26747
306
307