fastify-jwt - npm Package Compare versions

Comparing version 0.9.3 to 0.9.4

jwt.js

@@ -33,3 +33,3 @@ 'use strict'
 
-  if (typeof secret === 'object') {
+  if (typeof secret === 'object' && !Buffer.isBuffer(secret)) {
     if (!secret.private || !secret.public) {
@@ -57,3 +57,4 @@ return next(new Error('missing private key and/or public key'))
     signOptions.algorithm.includes('RS') &&
-    typeof secret === 'string'
+    (typeof secret === 'string' ||
+    secret instanceof Buffer)
   ) {
@@ -66,3 +67,4 @@ return next(new Error(`RSA Signatures set as Algorithm in the options require a private and public key to be set as the secret`))
     signOptions.algorithm.includes('ES') &&
-    typeof secret === 'string'
+    (typeof secret === 'string' ||
+    secret instanceof Buffer)
   ) {
@@ -69,0 +71,0 @@ return next(new Error(`ECDSA Signatures set as Algorithm in the options require a private and public key to be set as the secret`))

package.json

 {
   "name": "fastify-jwt",
-  "version": "0.9.3",
+  "version": "0.9.4",
   "description": "JWT utils for Fastify",
@@ -38,3 +38,3 @@ "main": "jwt.js",
     "@types/jsonwebtoken": "^8.3.0",
-    "fastify": "^1.11.2",
+    "fastify": "^2.0.0",
     "standard": "^12.0.1",
@@ -41,0 +41,0 @@ "tap": "^12.0.1",

test.js

@@ -26,3 +26,3 @@ 'use strict'
 test('register', function (t) {
-  t.plan(9)
+  t.plan(11)
 
@@ -67,2 +67,12 @@ t.test('Expose jwt methods', function (t) {
 
+  t.test('secret as a Buffer', function (t) {
+    t.plan(1)
+    const fastify = Fastify()
+    fastify.register(jwt, {
+      secret: Buffer.from('some secret', 'base64')
+    }).ready(function (error) {
+      t.is(error, null)
+    })
+  })
+
   t.test('deprecated use of options prefix', function (t) {
@@ -237,2 +247,39 @@ t.plan(1)
 
+  t.test('RS/ES algorithm in sign options and secret as a Buffer', function (t) {
+    t.plan(2)
+
+    t.test('RS algorithm (Must return an error)', function (t) {
+      t.plan(1)
+
+      const fastify = Fastify()
+      fastify.register(jwt, {
+        secret: Buffer.from('some secret', 'base64'),
+        sign: {
+          algorithm: 'RS256',
+          audience: 'Some audience',
+          issuer: 'Some issuer',
+          subject: 'Some subject'
+        }
+      }).ready(function (error) {
+        t.is(error.message, 'RSA Signatures set as Algorithm in the options require a private and public key to be set as the secret')
+      })
+    })
+
+    t.test('ES algorithm (Must return an error)', function (t) {
+      t.plan(1)
+      const fastify = Fastify()
+      fastify.register(jwt, {
+        secret: Buffer.from('some secret', 'base64'),
+        sign: {
+          algorithm: 'ES256',
+          audience: 'Some audience',
+          issuer: 'Some issuer',
+          subject: 'Some subject'
+        }
+      }).ready(function (error) {
+        t.is(error.message, 'ECDSA Signatures set as Algorithm in the options require a private and public key to be set as the secret')
+      })
+    })
+  })
+
   t.test('secret as a function', function (t) {
@@ -239,0 +286,0 @@ t.plan(2)

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

75218

increased by2.14%

Lines of code

1568

increased by2.89%

No dependency changes