fast-jwt - npm Package Compare versions
Comparing version 1.4.1 to 1.5.0
| { | ||
| "name": "fast-jwt", | ||
| "version": "1.4.1", | ||
| "version": "1.5.0", | ||
| "description": "Fast JSON Web Token implementation", | ||
@@ -41,14 +41,14 @@ "author": "NearForm Ltd", | ||
| "scripts": { | ||
| "prepublishOnly": "npm run ci", | ||
| "prepublishOnly": "npm run test:ci", | ||
| "postpublish": "git push origin && git push origin -f --tags", | ||
| "ci": "npm run lint && tap --no-color --reporter=spec --coverage-report=json --coverage-report=text --100 test/*.spec.js test/**/*.spec.js && tsd", | ||
| "lint": "eslint src/**/*.js test/**/*.js src/**/*.ts test/**/*.ts", | ||
| "test": "tap --reporter=spec --coverage-report=html --coverage-report=text --100 --no-browser test/*.spec.js test/**/*.spec.js && tsd", | ||
| "test:ci": "npm run lint && tap --no-color --reporter=spec --coverage-report=json --coverage-report=text --100 test/*.spec.js test/**/*.spec.js && tsd", | ||
| "test:watch": "tap --watch --reporter=spec --coverage-report=html --coverage-report=text --no-browser test/*.spec.js test/**/*.spec.js", | ||
| "test:generate-keys": "node benchmarks/keys/generate-keys.js", | ||
| "test:generate-tokens": "node benchmarks/keys/generate-tokens.js", | ||
| "benchmark:sign": "node benchmarks/sign.js", | ||
| "benchmark:decode": "node benchmarks/decode.js", | ||
| "benchmark:verify": "node benchmarks/verify.js", | ||
| "benchmark:auth0": "node benchmarks/auth0.js" | ||
| "benchmark:sign": "node benchmarks/sign.mjs", | ||
| "benchmark:decode": "node benchmarks/decode.mjs", | ||
| "benchmark:verify": "node benchmarks/verify.mjs", | ||
| "benchmark:auth0": "node benchmarks/auth0.mjs" | ||
| }, | ||
@@ -61,3 +61,3 @@ "dependencies": { | ||
| "devDependencies": { | ||
| "@sinonjs/fake-timers": "^8.0.1", | ||
| "@sinonjs/fake-timers": "^9.0.0", | ||
| "@types/node": "^17.0.1", | ||
@@ -64,0 +64,0 @@ "@typescript-eslint/eslint-plugin": "^4.4.0", |
@@ -160,2 +160,4 @@ # fast-jwt | ||
| - `requiredClaims`: An array of strings containing which claims should exist in the token. By default, no claim is marked as required. | ||
| - `ignoreExpiration`: Do not validate the expiration of the token. Default is `false`. | ||
@@ -169,3 +171,3 @@ | ||
| - `clockTolerance`: Timespan in milliseconds to add the current timestamp when performing time comparisons. Default is `0`. | ||
| - `clockTolerance`: Timespan in milliseconds is the tolerance to apply to the current timestamp when performing time comparisons. Default is `0`. | ||
@@ -172,0 +174,0 @@ The verifier is a function which accepts a token (as Buffer or string) and returns the payload or the sections of the token. |
@@ -33,3 +33,4 @@ 'use strict' | ||
| signError: 'FAST_JWT_SIGN_ERROR', | ||
| verifyError: 'FAST_JWT_VERIFY_ERROR' | ||
| verifyError: 'FAST_JWT_VERIFY_ERROR', | ||
| missingRequiredClaim: 'FAST_JWT_MISSING_REQUIRED_CLAIM' | ||
| } | ||
@@ -36,0 +37,0 @@ |
@@ -85,9 +85,9 @@ 'use strict' | ||
| if (hasIat) { | ||
| cacheValue[1] = !ignoreNotBefore && typeof payload.nbf === 'number' ? payload.nbf * 1000 : 0 | ||
| cacheValue[1] = !ignoreNotBefore && typeof payload.nbf === 'number' ? (payload.nbf * 1000 - clockTolerance) : 0 | ||
| if (!ignoreExpiration) { | ||
| if (typeof payload.exp === 'number') { | ||
| cacheValue[2] = payload.exp * 1000 | ||
| cacheValue[2] = payload.exp * 1000 + clockTolerance | ||
| } else if (maxAge) { | ||
| cacheValue[2] = payload.iat * 1000 + maxAge | ||
| cacheValue[2] = payload.iat * 1000 + maxAge + clockTolerance | ||
| } | ||
@@ -171,3 +171,3 @@ } | ||
| { input, header, payload, signature }, | ||
| { validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance } | ||
| { validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance, requiredClaims } | ||
| ) { | ||
@@ -194,3 +194,3 @@ // Verify the key | ||
| // Verify the payload | ||
| const now = (clockTimestamp || Date.now()) + clockTolerance | ||
| const now = clockTimestamp || Date.now() | ||
@@ -203,4 +203,8 @@ for (const validator of validators) { | ||
| // Skip validation if claim is missing | ||
| // Check if the claim is marked as required before skipping it | ||
| if (!(claim in payload)) { | ||
| if (requiredClaims && requiredClaims.includes(claim)) { | ||
| throw new TokenError(TokenError.codes.missingRequiredClaim, `The ${claim} claim is required.`) | ||
| } | ||
| continue | ||
@@ -235,3 +239,4 @@ } | ||
| decode, | ||
| cache | ||
| cache, | ||
| requiredClaims | ||
| }, | ||
@@ -258,3 +263,3 @@ token, | ||
| const [value, min, max] = cache.get(hashToken(token)) || [undefined, 0, 0] | ||
| const now = (clockTimestamp || Date.now()) + clockTolerance | ||
| const now = clockTimestamp || Date.now() | ||
@@ -286,3 +291,3 @@ // Validate time range | ||
| cacheContext.payload = payload | ||
| const validationContext = { validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance } | ||
| const validationContext = { validators, allowedAlgorithms, checkTyp, clockTimestamp, clockTolerance, requiredClaims } | ||
@@ -362,4 +367,5 @@ // We have the key | ||
| allowedSub, | ||
| allowedNonce | ||
| } = { cacheTTL: 600000, ...options } | ||
| allowedNonce, | ||
| requiredClaims | ||
| } = { cacheTTL: 600000, clockTolerance: 0, ...options } | ||
@@ -398,4 +404,2 @@ // Validate options | ||
| throw new TokenError(TokenError.codes.invalidOption, 'The clockTolerance option must be a positive number.') | ||
| } else { | ||
| clockTolerance = 0 | ||
| } | ||
@@ -407,2 +411,6 @@ | ||
| if (requiredClaims && !Array.isArray(requiredClaims)) { | ||
| throw new TokenError(TokenError.codes.invalidOption, 'The requiredClaims option must be an array.') | ||
| } | ||
| // Add validators | ||
@@ -412,7 +420,7 @@ const validators = [] | ||
| if (!ignoreNotBefore) { | ||
| validators.push({ type: 'date', claim: 'nbf', errorCode: 'inactive', errorVerb: 'will be active', greater: true }) | ||
| validators.push({ type: 'date', claim: 'nbf', errorCode: 'inactive', errorVerb: 'will be active', greater: true, modifier: -clockTolerance }) | ||
| } | ||
| if (!ignoreExpiration) { | ||
| validators.push({ type: 'date', claim: 'exp', errorCode: 'expired', errorVerb: 'has expired' }) | ||
| validators.push({ type: 'date', claim: 'exp', errorCode: 'expired', errorVerb: 'has expired', modifier: +clockTolerance }) | ||
| } | ||
@@ -463,3 +471,4 @@ | ||
| decode: createDecoder({ complete: true }), | ||
| cache: createCache(cacheSize) | ||
| cache: createCache(cacheSize), | ||
| requiredClaims | ||
| } | ||
@@ -466,0 +475,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.87%
86117
- Lines of code
- increased by0.67%
1208
- Number of lines in readme file
- increased by0.48%
421
No dependency changes