Comparing version 1.4.1 to 1.5.0
{ | ||
"name": "fast-jwt", | ||
"version": "1.4.1", | ||
"version": "1.5.0", | ||
"description": "Fast JSON Web Token implementation", | ||
@@ -41,14 +41,14 @@ "author": "NearForm Ltd", | ||
"scripts": { | ||
"prepublishOnly": "npm run ci", | ||
"prepublishOnly": "npm run test:ci", | ||
"postpublish": "git push origin && git push origin -f --tags", | ||
"ci": "npm run lint && tap --no-color --reporter=spec --coverage-report=json --coverage-report=text --100 test/*.spec.js test/**/*.spec.js && tsd", | ||
"lint": "eslint src/**/*.js test/**/*.js src/**/*.ts test/**/*.ts", | ||
"test": "tap --reporter=spec --coverage-report=html --coverage-report=text --100 --no-browser test/*.spec.js test/**/*.spec.js && tsd", | ||
"test:ci": "npm run lint && tap --no-color --reporter=spec --coverage-report=json --coverage-report=text --100 test/*.spec.js test/**/*.spec.js && tsd", | ||
"test:watch": "tap --watch --reporter=spec --coverage-report=html --coverage-report=text --no-browser test/*.spec.js test/**/*.spec.js", | ||
"test:generate-keys": "node benchmarks/keys/generate-keys.js", | ||
"test:generate-tokens": "node benchmarks/keys/generate-tokens.js", | ||
"benchmark:sign": "node benchmarks/sign.js", | ||
"benchmark:decode": "node benchmarks/decode.js", | ||
"benchmark:verify": "node benchmarks/verify.js", | ||
"benchmark:auth0": "node benchmarks/auth0.js" | ||
"benchmark:sign": "node benchmarks/sign.mjs", | ||
"benchmark:decode": "node benchmarks/decode.mjs", | ||
"benchmark:verify": "node benchmarks/verify.mjs", | ||
"benchmark:auth0": "node benchmarks/auth0.mjs" | ||
}, | ||
@@ -61,3 +61,3 @@ "dependencies": { | ||
"devDependencies": { | ||
"@sinonjs/fake-timers": "^8.0.1", | ||
"@sinonjs/fake-timers": "^9.0.0", | ||
"@types/node": "^17.0.1", | ||
@@ -64,0 +64,0 @@ "@typescript-eslint/eslint-plugin": "^4.4.0", |
@@ -160,2 +160,4 @@ # fast-jwt | ||
- `requiredClaims`: An array of strings containing which claims should exist in the token. By default, no claim is marked as required. | ||
- `ignoreExpiration`: Do not validate the expiration of the token. Default is `false`. | ||
@@ -169,3 +171,3 @@ | ||
- `clockTolerance`: Timespan in milliseconds to add the current timestamp when performing time comparisons. Default is `0`. | ||
- `clockTolerance`: Timespan in milliseconds is the tolerance to apply to the current timestamp when performing time comparisons. Default is `0`. | ||
@@ -172,0 +174,0 @@ The verifier is a function which accepts a token (as Buffer or string) and returns the payload or the sections of the token. |
@@ -33,3 +33,4 @@ 'use strict' | ||
signError: 'FAST_JWT_SIGN_ERROR', | ||
verifyError: 'FAST_JWT_VERIFY_ERROR' | ||
verifyError: 'FAST_JWT_VERIFY_ERROR', | ||
missingRequiredClaim: 'FAST_JWT_MISSING_REQUIRED_CLAIM' | ||
} | ||
@@ -36,0 +37,0 @@ |
@@ -85,9 +85,9 @@ 'use strict' | ||
if (hasIat) { | ||
cacheValue[1] = !ignoreNotBefore && typeof payload.nbf === 'number' ? payload.nbf * 1000 : 0 | ||
cacheValue[1] = !ignoreNotBefore && typeof payload.nbf === 'number' ? (payload.nbf * 1000 - clockTolerance) : 0 | ||
if (!ignoreExpiration) { | ||
if (typeof payload.exp === 'number') { | ||
cacheValue[2] = payload.exp * 1000 | ||
cacheValue[2] = payload.exp * 1000 + clockTolerance | ||
} else if (maxAge) { | ||
cacheValue[2] = payload.iat * 1000 + maxAge | ||
cacheValue[2] = payload.iat * 1000 + maxAge + clockTolerance | ||
} | ||
@@ -171,3 +171,3 @@ } | ||
{ input, header, payload, signature }, | ||
{ validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance } | ||
{ validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance, requiredClaims } | ||
) { | ||
@@ -194,3 +194,3 @@ // Verify the key | ||
// Verify the payload | ||
const now = (clockTimestamp || Date.now()) + clockTolerance | ||
const now = clockTimestamp || Date.now() | ||
@@ -203,4 +203,8 @@ for (const validator of validators) { | ||
// Skip validation if claim is missing | ||
// Check if the claim is marked as required before skipping it | ||
if (!(claim in payload)) { | ||
if (requiredClaims && requiredClaims.includes(claim)) { | ||
throw new TokenError(TokenError.codes.missingRequiredClaim, `The ${claim} claim is required.`) | ||
} | ||
continue | ||
@@ -235,3 +239,4 @@ } | ||
decode, | ||
cache | ||
cache, | ||
requiredClaims | ||
}, | ||
@@ -258,3 +263,3 @@ token, | ||
const [value, min, max] = cache.get(hashToken(token)) || [undefined, 0, 0] | ||
const now = (clockTimestamp || Date.now()) + clockTolerance | ||
const now = clockTimestamp || Date.now() | ||
@@ -286,3 +291,3 @@ // Validate time range | ||
cacheContext.payload = payload | ||
const validationContext = { validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance } | ||
const validationContext = { validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance, requiredClaims } | ||
@@ -362,4 +367,5 @@ // We have the key | ||
allowedSub, | ||
allowedNonce | ||
} = { cacheTTL: 600000, ...options } | ||
allowedNonce, | ||
requiredClaims | ||
} = { cacheTTL: 600000, clockTolerance: 0, ...options } | ||
@@ -398,4 +404,2 @@ // Validate options | ||
throw new TokenError(TokenError.codes.invalidOption, 'The clockTolerance option must be a positive number.') | ||
} else { | ||
clockTolerance = 0 | ||
} | ||
@@ -407,2 +411,6 @@ | ||
if (requiredClaims && !Array.isArray(requiredClaims)) { | ||
throw new TokenError(TokenError.codes.invalidOption, 'The requiredClaims option must be an array.') | ||
} | ||
// Add validators | ||
@@ -412,7 +420,7 @@ const validators = [] | ||
if (!ignoreNotBefore) { | ||
validators.push({ type: 'date', claim: 'nbf', errorCode: 'inactive', errorVerb: 'will be active', greater: true }) | ||
validators.push({ type: 'date', claim: 'nbf', errorCode: 'inactive', errorVerb: 'will be active', greater: true, modifier: -clockTolerance }) | ||
} | ||
if (!ignoreExpiration) { | ||
validators.push({ type: 'date', claim: 'exp', errorCode: 'expired', errorVerb: 'has expired' }) | ||
validators.push({ type: 'date', claim: 'exp', errorCode: 'expired', errorVerb: 'has expired', modifier: +clockTolerance }) | ||
} | ||
@@ -463,3 +471,4 @@ | ||
decode: createDecoder({ complete: true }), | ||
cache: createCache(cacheSize) | ||
cache: createCache(cacheSize), | ||
requiredClaims | ||
} | ||
@@ -466,0 +475,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
86117
1208
421