Comparing version 0.1.1 to 0.2.0
{ | ||
"name": "fast-jwt", | ||
"version": "0.1.1", | ||
"version": "0.2.0", | ||
"description": "Fast JSON Web Token implementation", | ||
@@ -52,18 +52,18 @@ "author": "NearForm Ltd", | ||
"ecdsa-sig-formatter": "^1.0.11", | ||
"mnemonist": "^0.32.0" | ||
"mnemonist": "^0.38.0" | ||
}, | ||
"devDependencies": { | ||
"cronometro": "^0.4.0", | ||
"eslint": "^6.8.0", | ||
"eslint": "^7.3.1", | ||
"eslint-config-standard": "^14.1.0", | ||
"eslint-plugin-import": "^2.20.0", | ||
"eslint-plugin-import": "^2.22.0", | ||
"eslint-plugin-node": "^11.0.0", | ||
"eslint-plugin-promise": "^4.2.1", | ||
"eslint-plugin-standard": "^4.0.1", | ||
"fastify": "^2.11.0", | ||
"jose": "^1.25.0", | ||
"fastify": "^3.0.3", | ||
"jose": "^1.28.0", | ||
"jsonwebtoken": "^8.5.1", | ||
"lolex": "^5.1.2", | ||
"prettier": "^1.19.1", | ||
"tap": "^14.10.6" | ||
"lolex": "^6.0.0", | ||
"prettier": "^2.0.5", | ||
"tap": "^14.10.8" | ||
}, | ||
@@ -70,0 +70,0 @@ "engines": { |
@@ -31,2 +31,11 @@ 'use strict' | ||
payload = JSON.parse(payload) | ||
// https://tools.ietf.org/html/rfc7519#section-7.2 | ||
// | ||
// 10. Verify that the resulting octet sequence is a UTF-8-encoded | ||
// representation of a completely valid JSON object conforming to | ||
// RFC 7159 [RFC7159]; let the JWT Claims Set be this JSON object. | ||
if (!payload || typeof payload !== 'object') { | ||
throw new TokenError(TokenError.codes.invalidPayload, 'The payload must be an object', { payload }) | ||
} | ||
} | ||
@@ -47,6 +56,7 @@ | ||
module.exports = function createDecoder(options) { | ||
const { json, complete } = { json: true, ...options } | ||
module.exports = function createDecoder(options = {}) { | ||
const json = !(options.json === false) | ||
const complete = options.complete || false | ||
return decode.bind(null, { json, complete }) | ||
} |
@@ -26,2 +26,3 @@ 'use strict' | ||
invalidSignature: 'FAST_JWT_INVALID_SIGNATURE', | ||
invalidPayload: 'FAST_JWT_INVALID_PAYLOAD', | ||
malformed: 'FAST_JWT_MALFORMED', | ||
@@ -28,0 +29,0 @@ inactive: 'FAST_JWT_INACTIVE', |
@@ -174,6 +174,2 @@ 'use strict' | ||
if (typeof payload === 'string') { | ||
return | ||
} | ||
// Verify the payload | ||
@@ -180,0 +176,0 @@ const now = (clockTimestamp || Date.now()) + clockTolerance |
@@ -11,4 +11,5 @@ 'use strict' | ||
const payload = | ||
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to." | ||
const payload = { | ||
text: "It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to." | ||
} | ||
@@ -75,3 +76,3 @@ // All the keys here are extracted from https://tools.ietf.org/html/rfc7520 | ||
const expectedToken = | ||
'eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0' | ||
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9.eyJ0ZXh0IjoiSXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4ifQ.1rxc48IZZfiOQFzXieSY08XI5bimhiyCPWTjCzZ3G2Y' | ||
@@ -83,3 +84,4 @@ const key = Buffer.from(symmetricKey.k, 'base64') | ||
key, | ||
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037' | ||
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037', | ||
noTimestamp: true | ||
})(payload) | ||
@@ -89,3 +91,3 @@ | ||
t.equal(verified, payload) | ||
t.deepEqual(verified, payload) | ||
t.equal(token, expectedToken) | ||
@@ -98,3 +100,3 @@ | ||
const expectedToken = | ||
'eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg' | ||
'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.eyJ0ZXh0IjoiSXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4ifQ.IVYRXcdRwWOx1Gvz3iag8td3cIf4EdeIjrDM79vDwZwEBhipoeJz1JKW22Ag7BUE_Wsl-ONufHwbAP4Sr0dJUAJL9ZsAoH1UIkR5Xm4kpk-8gSAR4LB3RhHAfvbgDC-V2E91szKRHNKbvGtQLInCO7MADg9GMold_U74jDSYZE9nZVwkN5CebYeFUEsiLwq2_bKB3fCHJGh2fDzTXpkc2pm_h_oLxYuig8SB5dvPRg_j5I5y3DDyxvYluB3oMi4QUYYvNG5AnNufkPrlnjCw6QhHM1Ct3ocz1pOXmH3JCr3twXF0GUfY3H4MJTbBtmmxRmyErLEKcpRXHFWjT3DKGA' | ||
@@ -104,3 +106,4 @@ const token = createSigner({ | ||
key: rsaPrivateKey, | ||
kid: 'bilbo.baggins@hobbiton.example' | ||
kid: 'bilbo.baggins@hobbiton.example', | ||
noTimestamp: true | ||
})(payload) | ||
@@ -110,3 +113,3 @@ | ||
t.equal(verified, payload) | ||
t.deepEqual(verified, payload) | ||
t.equal(token, expectedToken) | ||
@@ -119,3 +122,3 @@ | ||
const expectedToken = | ||
'eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw' | ||
'eyJhbGciOiJQUzM4NCIsInR5cCI6IkpXVCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.eyJ0ZXh0IjoiSXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4ifQ.dM4A9qfogzmTfIB0-dbUcXUD9TfGC4wa6cft9wzuUmYBQEKpeAMOmtn3nTXAp3jFuhGCzmCHT2_y0-HKO2R55oewCiIAyPVHIffVK_Vga0eezX_wglVY1dtYvBaCpA6zYA3nJwmDsnK_Ivb-B5tuQYHuZUkL6A-SoLT2TfKic7yuLUs-Z5i58_f0ExwSwEPiMdbPXrg8azaAtiy5caNi76Vd_ROqNuhuFlgDAsACJPtJOpwmcgQ_er865QIkdvfV_UfOrcGPavjdKtj-h4UkikeX5YHsVYKoNJCo5hEAAgGcJKjGS4Bthm67y4Z_DfTxzxRfkFE7Sj15gSAZcSEONw' | ||
@@ -125,3 +128,4 @@ const token = createSigner({ | ||
key: rsaPrivateKey, | ||
kid: 'bilbo.baggins@hobbiton.example' | ||
kid: 'bilbo.baggins@hobbiton.example', | ||
noTimestamp: true | ||
})(payload) | ||
@@ -131,3 +135,3 @@ | ||
t.equal(verified, payload) | ||
t.deepEqual(verified, payload) | ||
// Since PS algorithm uses random data, we cannot match the signature | ||
@@ -141,3 +145,3 @@ t.equal(token.replace(/\..+/, ''), expectedToken.replace(/\..+/, '')) | ||
const expectedToken = | ||
'eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2' | ||
'eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.eyJ0ZXh0IjoiSXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4ifQ.AKrrbzQgTVYtM9iJGq2mzAAwAD0tK0sU2Oa3FqelV7Zc_VeC1VgApx9vkeZGen36CEcAvPpIAtcVZeWqp0nEB4JfAMsFhZI8QSuHnY152Abxi6WxaOXH22wYsYPYF_H4J41JG10C2X3ORHDsPrvIO8yfXdJ4AyNLOg6s0Suqq8YQP_8q' | ||
@@ -147,3 +151,4 @@ const token = createSigner({ | ||
key: ecPrivateKey, | ||
kid: 'bilbo.baggins@hobbiton.example' | ||
kid: 'bilbo.baggins@hobbiton.example', | ||
noTimestamp: true | ||
})(payload) | ||
@@ -153,3 +158,3 @@ | ||
t.equal(verified, payload) | ||
t.deepEqual(verified, payload) | ||
// Since ES algorithm uses random data, we cannot match the signature | ||
@@ -178,9 +183,9 @@ t.equal(token.replace(/\..+/, ''), expectedToken.replace(/\..+/, '')) | ||
const expectedToken = | ||
'eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc.hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg' | ||
'eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ0ZXh0IjoiSXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4ifQ.s6A86zrJs551R4UxXwJsfRCGswdTJYFeNWjHUkZvragJ7hN43T5UetbpG4S6L2G7wOq5N_JJKrkbs0q0Gd-EAQ' | ||
const token = createSigner({ algorithm: 'EdDSA', key: ed25519PrivateKey })('Example of Ed25519 signing') | ||
const token = createSigner({ algorithm: 'EdDSA', key: ed25519PrivateKey, noTimestamp: true })(payload) | ||
const verified = createVerifier({ key: ed25519PublicKey })(token) | ||
t.equal(verified, 'Example of Ed25519 signing') | ||
t.deepEqual(verified, payload) | ||
t.equal(token, expectedToken) | ||
@@ -187,0 +192,0 @@ |
@@ -70,1 +70,20 @@ 'use strict' | ||
}) | ||
// https://tools.ietf.org/html/rfc7519#section-7.2 | ||
// | ||
// 10. Verify that the resulting octet sequence is a UTF-8-encoded | ||
// representation of a completely valid JSON object conforming to | ||
// RFC 7159 [RFC7159]; let the JWT Claims Set be this JSON object. | ||
test('payload must be a JSON object', t => { | ||
// string | ||
t.throws(() => defaultDecoder('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.MTIz.5frDWv6bqXyHPXl3oZYOTnALMCGwfEYjQZbke2iyR3Y'), { | ||
message: 'The payload must be an object' | ||
}) | ||
// null | ||
t.throws(() => defaultDecoder('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.bnVsbA.Y-B_ctjXNWaZlNk8kqfSZ06B8GSZvPAfhMz-pQ2prfo'), { | ||
message: 'The payload must be an object' | ||
}) | ||
t.end() | ||
}) |
@@ -56,11 +56,8 @@ 'use strict' | ||
t.equal(verify('eyJhbGciOiJIUzI1NiJ9.MTIz.UqiZ2LDYZqYB3xJgkHaihGQnJ_WPTz3hERDpA7bWYjA', { noTimestamp: true }), '123') | ||
t.throws(() => { | ||
verify('eyJhbGciOiJIUzI1NiJ9.MTIz.UqiZ2LDYZqYB3xJgkHaihGQnJ_WPTz3hERDpA7bWYjA', { noTimestamp: true }) | ||
}, { | ||
code: 'FAST_JWT_INVALID_PAYLOAD' | ||
}) | ||
t.equal( | ||
verify(Buffer.from('eyJhbGciOiJIUzI1NiJ9.MTIz.UqiZ2LDYZqYB3xJgkHaihGQnJ_WPTz3hERDpA7bWYjA', 'utf-8'), { | ||
noTimestamp: true | ||
}), | ||
'123' | ||
) | ||
t.strictDeepEqual( | ||
@@ -78,10 +75,2 @@ verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxfQ.57TF7smP9XDhIexBqPC-F1toZReYZLWb_YRU5tv0sxM', { | ||
t.equal( | ||
verify(Buffer.from('eyJhbGciOiJub25lIn0.MTIz.', 'utf-8'), { | ||
noTimestamp: true, | ||
key: '' | ||
}), | ||
'123' | ||
) | ||
if (useNewCrypto) { | ||
@@ -88,0 +77,0 @@ t.strictDeepEqual( |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
198579
3588
+ Addedmnemonist@0.38.5(transitive)
+ Addedobliterator@2.0.4(transitive)
- Removedmnemonist@0.32.0(transitive)
- Removedobliterator@1.6.1(transitive)
Updatedmnemonist@^0.38.0