Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
fastify-jwt
Advanced tools
fastify-jwt - npm Package Compare versions
Comparing version 0.2.1 to 0.3.0
30
jwt.js
| 'use strict' | ||
| var fp = require('fastify-plugin') | ||
| var JWT = require('jsonwebtoken') | ||
| var assert = require('assert') | ||
| var steed = require('steed') | ||
| const fp = require('fastify-plugin') | ||
| const jwt = require('jsonwebtoken') | ||
| const assert = require('assert') | ||
| const steed = require('steed') | ||
@@ -45,5 +45,5 @@ function wrapStaticSecretInCallback (secret) { | ||
| if (typeof callback === 'function') { | ||
| JWT.sign(payload, secret, options, callback) | ||
| jwt.sign(payload, secret, options, callback) | ||
| } else { | ||
| return JWT.sign(payload, secret, options) | ||
| return jwt.sign(payload, secret, options) | ||
| } | ||
@@ -62,5 +62,5 @@ } | ||
| if (typeof callback === 'function') { | ||
| JWT.verify(token, secret, options, callback) | ||
| jwt.verify(token, secret, options, callback) | ||
| } else { | ||
| return JWT.verify(token, secret, options) | ||
| return jwt.verify(token, secret, options) | ||
| } | ||
@@ -72,3 +72,3 @@ } | ||
| options = options || {} | ||
| return JWT.decode(token, options) | ||
| return jwt.decode(token, options) | ||
| } | ||
@@ -98,6 +98,6 @@ | ||
| function sign (secret, callback) { | ||
| JWT.sign(payload, secret, options, callback) | ||
| jwt.sign(payload, secret, options, callback) | ||
| } | ||
| ], next) | ||
| } // end sign | ||
| } | ||
@@ -135,3 +135,3 @@ function requestVerify (options, next) { | ||
| var decodedToken = JWT.decode(token, options) | ||
| var decodedToken = jwt.decode(token, options) | ||
| steed.waterfall([ | ||
@@ -142,3 +142,3 @@ function getSecret (callback) { | ||
| function verify (secret, callback) { | ||
| JWT.verify(token, secret, options, callback) | ||
| jwt.verify(token, secret, options, callback) | ||
| } | ||
@@ -150,8 +150,8 @@ ], function (err, result) { | ||
| }) | ||
| } // end verify | ||
| } | ||
| } | ||
| module.exports = fp(fastifyJwt, { | ||
| fastify: '>=1.0.0-rc.1', | ||
| fastify: '>=1.0.0', | ||
| name: 'fastify-jwt' | ||
| }) |
| { | ||
| "name": "fastify-jwt", | ||
| "version": "0.2.1", | ||
| "version": "0.3.0", | ||
| "description": "JWT utils for Fastify", | ||
| "main": "jwt.js", | ||
| "engines": { | ||
| "node": ">6" | ||
| }, | ||
| "scripts": { | ||
@@ -27,13 +30,11 @@ "test": "standard && tap test.js" | ||
| "dependencies": { | ||
| "fastify-plugin": "^0.2.1", | ||
| "jsonwebtoken": "^8.1.0", | ||
| "fastify-plugin": "^1.0.1", | ||
| "jsonwebtoken": "^8.2.0", | ||
| "steed": "^1.1.3" | ||
| }, | ||
| "devDependencies": { | ||
| "fastify": "^1.0.0-rc.1", | ||
| "request": "^2.83.0", | ||
| "request-promise-native": "^1.0.5", | ||
| "standard": "^10.0.3", | ||
| "tap": "^11.0.1" | ||
| "fastify": "^1.4.0", | ||
| "standard": "^11.0.1", | ||
| "tap": "^11.1.4" | ||
| } | ||
| } |
489
test.js
| 'use strict' | ||
| var test = require('tap').test | ||
| var Fastify = require('fastify') | ||
| var rp = require('request-promise-native') | ||
| var jwt = require('./jwt') | ||
| const test = require('tap').test | ||
| const Fastify = require('fastify') | ||
| test('fastify-jwt should expose jwt methods', function (t) { | ||
| t.plan(8) | ||
| var fastify = Fastify() | ||
| fastify | ||
| .register(jwt, { secret: 'supersecret' }) | ||
| .ready(function () { | ||
| const jwt = require('./jwt') | ||
| test('register', function (t) { | ||
| t.plan(3) | ||
| t.test('expose jwt methods', function (t) { | ||
| t.plan(6) | ||
| const fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'test' }) | ||
| fastify.get('/methods', function (request, reply) { | ||
| t.ok(request.jwtVerify) | ||
| t.ok(reply.jwtSign) | ||
| }) | ||
| fastify.ready(function () { | ||
| t.ok(fastify.jwt.decode) | ||
@@ -19,215 +28,190 @@ t.ok(fastify.jwt.sign) | ||
| }) | ||
| fastify.get('/test', function (request, reply) { | ||
| t.ok(request.jwtVerify) | ||
| t.ok(reply.jwtSign) | ||
| reply.send({ foo: 'bar' }) | ||
| }) | ||
| fastify.listen(0, function (err) { | ||
| fastify.server.unref() | ||
| t.error(err) | ||
| rp({ | ||
| method: 'GET', | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/test', | ||
| json: true | ||
| }).then(function (response) { | ||
| t.ok(response) | ||
| }).catch(function (err) { | ||
| t.fail(err) | ||
| fastify.inject({ | ||
| method: 'get', | ||
| url: '/methods' | ||
| }) | ||
| }) | ||
| }) | ||
| test('fastify-jwt fails without secret', function (t) { | ||
| t.plan(1) | ||
| var fastify = Fastify() | ||
| fastify | ||
| .register(jwt) | ||
| .listen(0, function (err) { | ||
| t.is(err.message, 'missing secret') | ||
| t.test('secret as a function', function (t) { | ||
| t.plan(2) | ||
| const fastify = Fastify() | ||
| fastify.register(jwt, { | ||
| secret: function (request, reply, callback) { | ||
| callback(null, 'some-secret') | ||
| } | ||
| }) | ||
| }) | ||
| test('sign and verify', function (t) { | ||
| t.plan(8) | ||
| var fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'supersecret' }) | ||
| fastify.post('/signCallback', function (request, reply) { | ||
| reply.jwtSign(request.body.payload, function (err, token) { | ||
| return reply.send(err || { 'token': token }) | ||
| fastify.post('/sign', function (request, reply) { | ||
| reply.jwtSign(request.body) | ||
| .then(function (token) { | ||
| return reply.send({ token }) | ||
| }) | ||
| }) | ||
| }) | ||
| fastify.get('/verifyCallback', function (request, reply) { | ||
| request.jwtVerify(function (err, decoded) { | ||
| return reply.send(err || decoded) | ||
| fastify.get('/verify', function (request, reply) { | ||
| request.jwtVerify() | ||
| .then(function (decodedToken) { | ||
| return reply.send(decodedToken) | ||
| }) | ||
| }) | ||
| }) | ||
| fastify.post('/signPromise', function (request, reply) { | ||
| reply.jwtSign(request.body.payload).then( | ||
| function (token) { | ||
| return reply.send({ 'token': token }) | ||
| }).catch(function (err) { | ||
| return reply.send(err) | ||
| fastify | ||
| .ready() | ||
| .then(function () { | ||
| fastify.inject({ | ||
| method: 'post', | ||
| url: '/sign', | ||
| payload: { foo: 'bar' } | ||
| }).then(function (signResponse) { | ||
| const token = JSON.parse(signResponse.payload).token | ||
| t.ok(token) | ||
| fastify.inject({ | ||
| method: 'get', | ||
| url: '/verify', | ||
| headers: { | ||
| authorization: `Bearer ${token}` | ||
| } | ||
| }).then(function (verifyResponse) { | ||
| const decodedToken = JSON.parse(verifyResponse.payload) | ||
| t.is(decodedToken.foo, 'bar') | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
| fastify.get('/verifyPromise', function (request, reply) { | ||
| request.jwtVerify().then(function (decoded) { | ||
| return reply.send(decoded) | ||
| }).catch(function (err) { | ||
| return reply.send(err) | ||
| }) | ||
| }) | ||
| t.test('fail without secret', function (t) { | ||
| t.plan(1) | ||
| fastify.listen(0, function (err) { | ||
| fastify.server.unref() | ||
| t.error(err) | ||
| }) | ||
| const fastify = Fastify() | ||
| t.test('syncronously', function (t) { | ||
| t.plan(1) | ||
| fastify.ready(function () { | ||
| var token = fastify.jwt.sign({ foo: 'bar' }) | ||
| var decoded = fastify.jwt.verify(token) | ||
| t.is(decoded.foo, 'bar') | ||
| }) | ||
| fastify | ||
| .register(jwt) | ||
| .ready(function (error) { | ||
| t.is(error.message, 'missing secret') | ||
| }) | ||
| }) | ||
| }) | ||
| t.test('asynchronously', function (t) { | ||
| t.plan(5) | ||
| fastify.ready(function () { | ||
| fastify.jwt.sign({ foo: 'bar' }, function (err, token) { | ||
| t.error(err) | ||
| t.ok(token) | ||
| fastify.jwt.verify(token, function (err, decoded) { | ||
| t.error(err) | ||
| t.ok(decoded) | ||
| test('sign and verify', function (t) { | ||
| t.plan(2) | ||
| t.test('server methods', function (t) { | ||
| t.plan(2) | ||
| const fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'test' }) | ||
| fastify | ||
| .ready() | ||
| .then(function () { | ||
| t.test('synchronous', function (t) { | ||
| t.plan(1) | ||
| const token = fastify.jwt.sign({ foo: 'bar' }) | ||
| const decoded = fastify.jwt.verify(token) | ||
| t.is(decoded.foo, 'bar') | ||
| }) | ||
| t.test('with callbacks', function (t) { | ||
| t.plan(3) | ||
| fastify.jwt.sign({ foo: 'bar' }, function (error, token) { | ||
| t.error(error) | ||
| fastify.jwt.verify(token, function (error, decoded) { | ||
| t.error(error) | ||
| t.is(decoded.foo, 'bar') | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
| t.test('jwtSign and jwtVerify with callbacks', function (t) { | ||
| t.test('route methods', function (t) { | ||
| t.plan(2) | ||
| rp({ | ||
| method: 'POST', | ||
| headers: { | ||
| 'Content-Type': 'application/json' | ||
| }, | ||
| body: { | ||
| payload: { | ||
| foo: 'bar' | ||
| } | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/signCallback', | ||
| json: true | ||
| }).then(function (sign) { | ||
| rp({ | ||
| method: 'GET', | ||
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| authorization: 'Bearer ' + sign.token | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/verifyCallback', | ||
| json: true | ||
| }).then(function (verify) { | ||
| t.ok(verify) | ||
| t.is(verify.foo, 'bar') | ||
| }).catch(function (err) { | ||
| t.fail(err.message) | ||
| }) | ||
| }).catch(function (err) { | ||
| t.fail(err.message) | ||
| const fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'test' }) | ||
| fastify.post('/signSync', function (request, reply) { | ||
| reply.jwtSign(request.body) | ||
| .then(function (token) { | ||
| return reply.send({ token }) | ||
| }) | ||
| }) | ||
| }) | ||
| t.test('jwtSign and jwtVerify without callbacks', function (t) { | ||
| t.plan(2) | ||
| fastify.get('/verifySync', function (request, reply) { | ||
| request.jwtVerify() | ||
| .then(function (decodedToken) { | ||
| return reply.send(decodedToken) | ||
| }) | ||
| }) | ||
| rp({ | ||
| method: 'POST', | ||
| headers: { | ||
| 'Content-Type': 'application/json' | ||
| }, | ||
| body: { | ||
| payload: { | ||
| foo: 'bar' | ||
| } | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/signPromise', | ||
| json: true | ||
| }).then(function (sign) { | ||
| rp({ | ||
| method: 'GET', | ||
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| authorization: 'Bearer ' + sign.token | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/verifyPromise', | ||
| json: true | ||
| }).then(function (verify) { | ||
| t.ok(verify) | ||
| t.is(verify.foo, 'bar') | ||
| }).catch(function (err) { | ||
| t.fail(err.message) | ||
| fastify.post('/signAsync', function (request, reply) { | ||
| reply.jwtSign(request.body, function (error, token) { | ||
| return reply.send(error || { token }) | ||
| }) | ||
| }).catch(function (err) { | ||
| t.fail(err.message) | ||
| }) | ||
| }) | ||
| t.test('jwtVerify throws No Authorization error', function (t) { | ||
| t.plan(1) | ||
| rp({ | ||
| method: 'GET', | ||
| headers: { | ||
| 'Content-Type': 'application/json' | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/verifyCallback', | ||
| json: true | ||
| }).then(function () { | ||
| t.fail() | ||
| }).catch(function (err) { | ||
| t.is(err.error.message, 'No Authorization was found in request.headers') | ||
| fastify.get('/verifyAsync', function (request, reply) { | ||
| request.jwtVerify(function (error, decodedToken) { | ||
| return reply.send(error || decodedToken) | ||
| }) | ||
| }) | ||
| }) | ||
| t.test('jwtVerify throws Authorization Format error', function (t) { | ||
| t.plan(1) | ||
| rp({ | ||
| method: 'GET', | ||
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| authorization: 'Invalid TokenFormat' | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/verifyCallback', | ||
| json: true | ||
| }).then(function () { | ||
| t.fail() | ||
| }).catch(function (err) { | ||
| t.is(err.error.message, 'Format is Authorization: Bearer [token]') | ||
| }) | ||
| }) | ||
| fastify | ||
| .ready() | ||
| .then(function () { | ||
| t.test('synchronous', function (t) { | ||
| t.plan(2) | ||
| t.test('jwtSign throws payload error', function (t) { | ||
| t.plan(1) | ||
| rp({ | ||
| method: 'POST', | ||
| headers: { | ||
| 'Content-Type': 'application/json' | ||
| }, | ||
| body: JSON.stringify({ | ||
| notAPayload: 'sorry' | ||
| }), | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/signCallback', | ||
| json: true | ||
| }).then(function () { | ||
| t.fail() | ||
| }).catch(function (err) { | ||
| t.is(err.error.message, 'jwtSign requires a payload') | ||
| }) | ||
| fastify.inject({ | ||
| method: 'post', | ||
| url: '/signSync', | ||
| payload: { foo: 'bar' } | ||
| }).then(function (signResponse) { | ||
| const token = JSON.parse(signResponse.payload).token | ||
| t.ok(token) | ||
| fastify.inject({ | ||
| method: 'get', | ||
| url: '/verifySync', | ||
| headers: { | ||
| authorization: `Bearer ${token}` | ||
| } | ||
| }).then(function (verifyResponse) { | ||
| const decodedToken = JSON.parse(verifyResponse.payload) | ||
| t.is(decodedToken.foo, 'bar') | ||
| }) | ||
| }) | ||
| }) | ||
| t.test('with callbacks', function (t) { | ||
| t.plan(2) | ||
| fastify.inject({ | ||
| method: 'post', | ||
| url: '/signAsync', | ||
| payload: { foo: 'bar' } | ||
| }).then(function (signResponse) { | ||
| const token = JSON.parse(signResponse.payload).token | ||
| t.ok(token) | ||
| fastify.inject({ | ||
| method: 'get', | ||
| url: '/verifyAsync', | ||
| headers: { | ||
| authorization: `Bearer ${token}` | ||
| } | ||
| }).then(function (verifyResponse) { | ||
| const decodedToken = JSON.parse(verifyResponse.payload) | ||
| t.is(decodedToken.foo, 'bar') | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
@@ -238,6 +222,9 @@ }) | ||
| t.plan(1) | ||
| var fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'shh' }).ready(function () { | ||
| var token = fastify.jwt.sign({ foo: 'bar' }) | ||
| var decoded = fastify.jwt.decode(token) | ||
| const fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'test' }) | ||
| fastify.ready(function () { | ||
| const token = fastify.jwt.sign({ foo: 'bar' }) | ||
| const decoded = fastify.jwt.decode(token) | ||
| t.is(decoded.foo, 'bar') | ||
@@ -247,61 +234,73 @@ }) | ||
| test('secret as a function', function (t) { | ||
| t.plan(4) | ||
| var fastify = Fastify() | ||
| fastify | ||
| .register(jwt, { | ||
| secret: function (request, reply, callback) { | ||
| callback(null, 'supersecret') | ||
| } | ||
| }) | ||
| test('errors', function (t) { | ||
| t.plan(3) | ||
| const fastify = Fastify() | ||
| fastify.register(jwt, { secret: 'test' }) | ||
| fastify.post('/sign', function (request, reply) { | ||
| reply.jwtSign(request.body.payload, function (err, token) { | ||
| if (err) { return reply.send(err) } | ||
| return reply.send({token}) | ||
| }) | ||
| reply.jwtSign(request.body.payload) | ||
| .then(function (token) { | ||
| return reply.send({ token }) | ||
| }) | ||
| .catch(function (error) { | ||
| return reply.send(error) | ||
| }) | ||
| }) | ||
| fastify.get('/verify', function (request, reply) { | ||
| request.jwtVerify(function (err, decoded) { | ||
| if (err) { return reply.send(err) } | ||
| return reply.send(decoded) | ||
| }) | ||
| request.jwtVerify() | ||
| .then(function (decodedToken) { | ||
| return reply.send(decodedToken) | ||
| }) | ||
| .catch(function (error) { | ||
| return reply.send(error) | ||
| }) | ||
| }) | ||
| fastify.listen(0, function (err) { | ||
| fastify.server.unref() | ||
| t.error(err) | ||
| rp({ | ||
| method: 'POST', | ||
| headers: { | ||
| 'Content-Type': 'application/json' | ||
| }, | ||
| body: { | ||
| payload: { | ||
| foo: 'bar' | ||
| } | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/sign', | ||
| json: true | ||
| }).then(function (sign) { | ||
| t.ok(sign) | ||
| rp({ | ||
| method: 'GET', | ||
| headers: { | ||
| 'Content-Type': 'application/json', | ||
| authorization: 'Bearer ' + sign.token | ||
| }, | ||
| uri: 'http://localhost:' + fastify.server.address().port + '/verify', | ||
| json: true | ||
| }).then(function (verify) { | ||
| t.ok(verify) | ||
| t.is(verify.foo, 'bar') | ||
| }).catch(function (err) { | ||
| t.fail(err) | ||
| fastify | ||
| .ready() | ||
| .then(function () { | ||
| t.test('no payload error', function (t) { | ||
| t.plan(1) | ||
| fastify.inject({ | ||
| method: 'post', | ||
| url: '/sign', | ||
| payload: { | ||
| payload: null | ||
| } | ||
| }).then(function (response) { | ||
| const error = JSON.parse(response.payload) | ||
| t.is(error.message, 'jwtSign requires a payload') | ||
| }) | ||
| }) | ||
| }).catch(function (err) { | ||
| t.fail(err) | ||
| t.test('no authorization header error', function (t) { | ||
| t.plan(1) | ||
| fastify.inject({ | ||
| method: 'get', | ||
| url: '/verify' | ||
| }).then(function (response) { | ||
| const error = JSON.parse(response.payload) | ||
| t.is(error.message, 'No Authorization was found in request.headers') | ||
| }) | ||
| }) | ||
| t.test('authorization header format error', function (t) { | ||
| t.plan(1) | ||
| fastify.inject({ | ||
| method: 'get', | ||
| url: '/verify', | ||
| headers: { | ||
| authorization: 'Invalid Format' | ||
| } | ||
| }).then(function (response) { | ||
| const error = JSON.parse(response.payload) | ||
| t.is(error.message, 'Format is Authorization: Bearer [token]') | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
| }) |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-40%
3
Worsened metrics
- Total package byte prevSize
- decreased by-1.74%
18437
- Lines of code
- decreased by-7.09%
380
- Number of medium supply chain risk alerts
- increased byInfinity%
2
Dependency changes
+ Addedfastify-plugin@1.6.1(transitive)
+ Addedsemver@6.3.1(transitive)
- Removedfastify-plugin@0.2.2(transitive)
Updatedfastify-plugin@^1.0.1
Updatedjsonwebtoken@^8.2.0