express-jwt - npm Package Compare versions

express-jwt

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 8.1.0 to 8.2.0

dist/index.d.ts

		import * as jwt from 'jsonwebtoken';
		import * as express from 'express';
		import { unless } from 'express-unless';
		import { UnauthorizedError } from './errors/UnauthorizedError';
		/**
		@@ -21,2 +22,6 @@ * A function that defines how to retrieve the verification key given the express request and the JWT.
		/**
		* A function to check if a token is revoked
		*/
		export declare type ExpirationHandler = (req: express.Request, err: UnauthorizedError) => void \| Promise<void>;
		/**
		* A function to customize how a token is retrieved from the express request.
		@@ -55,2 +60,6 @@ */
		algorithms: jwt.Algorithm[];
		/**
		* Handle expired tokens.
		*/
		onExpired?: ExpirationHandler;
		} & jwt.VerifyOptions;
		@@ -57,0 +66,0 @@ export { UnauthorizedError } from './errors/UnauthorizedError';

dist/index.js

		@@ -67,7 +67,7 @@ "use strict";
		return __awaiter(this, void 0, void 0, function () {
		var token, hasAuthInAccessControl, authorizationHeader, parts, scheme, credentials, decodedToken, key, isRevoked, _a, request, err_1;
		var token, hasAuthInAccessControl, authorizationHeader, parts, scheme, credentials, decodedToken, key, err_1, wrappedErr, isRevoked, _a, request, err_2;
		return __generator(this, function (_b) {
		switch (_b.label) {
		case 0:
		_b.trys.push([0, 7, , 8]);
		_b.trys.push([0, 13, , 14]);
		if (req.method === 'OPTIONS' && 'access-control-request-headers' in req.headers) {
		@@ -130,15 +130,25 @@ hasAuthInAccessControl = req.headers['access-control-request-headers']
		key = _b.sent();
		try {
		jwt.verify(token, key, options);
		}
		catch (err) {
		throw new UnauthorizedError_1.UnauthorizedError('invalid_token', err);
		}
		_b.label = 5;
		case 5:
		_b.trys.push([5, 6, , 10]);
		jwt.verify(token, key, options);
		return [3 /break/, 10];
		case 6:
		err_1 = _b.sent();
		wrappedErr = new UnauthorizedError_1.UnauthorizedError('invalid_token', err_1);
		if (!(err_1 instanceof jwt.TokenExpiredError && typeof options.onExpired === 'function')) return [3 /break/, 8];
		return [4 /yield/, options.onExpired(req, wrappedErr)];
		case 7:
		_b.sent();
		return [3 /break/, 9];
		case 8: throw wrappedErr;
		case 9: return [3 /break/, 10];
		case 10:
		_a = options.isRevoked;
		if (!_a) return [3 /break/, 6];
		if (!_a) return [3 /break/, 12];
		return [4 /yield/, options.isRevoked(req, decodedToken)];
		case 5:
		case 11:
		_a = (_b.sent());
		_b.label = 6;
		case 6:
		_b.label = 12;
		case 12:
		isRevoked = _a \|\| false;
		@@ -151,7 +161,7 @@ if (isRevoked) {
		next();
		return [3 /break/, 8];
		case 7:
		err_1 = _b.sent();
		return [2 /return/, next(err_1)];
		case 8: return [2 /return/];
		return [3 /break/, 14];
		case 13:
		err_2 = _b.sent();
		return [2 /return/, next(err_2)];
		case 14: return [2 /return/];
		}
		@@ -158,0 +168,0 @@ });

package.json

		{
		"name": "express-jwt",
		"version": "8.1.0",
		"version": "8.2.0",
		"description": "JWT authentication middleware.",
		@@ -5,0 +5,0 @@ "keywords": [

README.md

		@@ -20,2 +20,3 @@ # express-jwt
		- `isRevoked?: IsRevoked` (optional): A function to verify if a token is revoked.
		- `onExpired?: ExpirationHandler` (optional): A function to handle expired tokens.
		- `credentialsRequired?: boolean` (optional): If its false, continue to the next middleware if the request does not contain a token instead of failing, defaults to true.
		@@ -215,2 +216,17 @@ - `requestProperty?: string` (optional): Name of the property in the request object where the payload is set. Default to `req.auth`.

		### Handling expired tokens

		You can handle expired tokens as follows:

		```javascript
		jwt({
		secret: "shhhhhhared-secret",
		algorithms: ["HS256"],
		onExpired: async (req, err) => {
		if (new Date() - err.inner.expiredAt < 5000) { return;}
		throw err;
		},,
		})
		```

		### Error handling
		@@ -217,0 +233,0 @@

Improved metrics