		@@ -14,49 +14,48 @@ 'use strict';

		api.on('request', (ev, next) => {
		api.on('request', async ev => {
		const request = ev.request;

		// decode and verify JSON Web Token
		function decode(token, callback) {
		async function decode(token) {
		if (!token) {
		if (typeof options.validate !== 'function') {
		request._auth = null;
		callback();
		return;
		return null;
		}
		options.validate(null, request, (validationErr, validated) => {
		if (validationErr) return callback(validationErr);
		request._auth = validated \|\| null;
		return callback();
		});
		return;

		const validated = await options.validate(null, request);
		request._auth = validated \|\| null;
		return null;
		}

		api.log.trace('Verifying JWT: ' + token);
		return new Promise((resolve, reject) => {
		api.log.trace('Verifying JWT: ' + token);

		jwt.verify(token, options.secret, (err, decoded) => {
		if (err && err.message === 'jwt expired') {
		api.log.trace(err);
		const e = new AuthenticationError('Expired token received for JSON Web Token validation');
		e.code = 'ERR_TOKEN_EXPIRED';
		return callback(e);
		}
		jwt.verify(token, options.secret, (err, decoded) => {
		if (err && err.message === 'jwt expired') {
		api.log.trace(err);
		const e = new AuthenticationError('Expired token received for JSON Web Token validation');
		e.code = 'ERR_TOKEN_EXPIRED';
		return reject(e);
		}

		if (err) {
		api.log.trace(err);
		const e = new AuthenticationError('Invalid signature received for JSON Web Token validation');
		e.code = 'ERR_INVALID_TOKEN_SIGNATURE';
		return callback(e);
		}
		if (err) {
		api.log.trace(err);
		const e = new AuthenticationError('Invalid signature received for JSON Web Token validation');
		e.code = 'ERR_INVALID_TOKEN_SIGNATURE';
		return reject(e);
		}

		api.log.trace('Verified authentication token: ', decoded);
		api.log.trace('Verified authentication token: ', decoded);

		if (typeof options.validate !== 'function') {
		request._auth = decoded;
		return callback();
		}
		if (typeof options.validate !== 'function') {
		request._auth = decoded;
		return resolve();
		}

		return options.validate(decoded, request, (validationErr, validated) => {
		if (validationErr) return callback(validationErr);
		if (!request._auth) request._auth = validated \|\| decoded;
		return callback();
		return options.validate(decoded, request, (validationErr, validated) => {
		if (validationErr) return reject(validationErr);
		if (!request._auth) request._auth = validated \|\| decoded;
		return resolve();
		});
		});
		@@ -67,3 +66,3 @@ });
		// already authenticated
		if (request._auth) return next();
		if (request._auth) return null;

		@@ -73,3 +72,3 @@ // request parameter "access_token" (POST, GET or native)
		api.log.trace('Using access_token in request parameters: ' + request.access_token);
		return decode(request.access_token, next);
		return decode(request.access_token);
		}
		@@ -80,13 +79,13 @@
		const parts = request._httpRequest.headers.authorization.split(' ');
		if (parts.length !== 2) return next(new RequestError('Bad HTTP authentication header format'));
		if (parts[0].toLowerCase() !== 'bearer') return next();
		if (parts.length !== 2) throw new RequestError('Bad HTTP authentication header format');
		if (parts[0].toLowerCase() !== 'bearer') return null;
		if (parts[1].split('.').length !== 3) {
		return next(new RequestError('Bad HTTP authentication header format'));
		throw new RequestError('Bad HTTP authentication header format');
		}

		api.log.trace('Using token from HTTP Authorization header: ' + parts[1]);
		return decode(parts[1], next);
		return decode(parts[1]);
		}

		return decode(null, next);
		return decode(null);
		});
		@@ -96,8 +95,8 @@

		api.on('request', (ev, next) => {
		if (ev.request._auth \|\| !options.credentialsRequired) return next();
		api.on('request', ev => {
		if (ev.request._auth \|\| !options.credentialsRequired) return;
		const e = new AuthenticationError('No authorization token was found');
		e.code = 'ERR_MISSING_TOKEN';
		return next(e);
		throw e;
		});
		};

package.json

		{
		"name": "flora-auth-jwt",
		"version": "0.2.0",
		"version": "2.0.0-alpha.1",
		"description": "JSON Web Token authentication for Flora",
		@@ -24,14 +24,15 @@ "main": "index.js",
		"engines": {
		"node": ">=8"
		"node": ">=10"
		},
		"dependencies": {
		"jsonwebtoken": "^8.3.0",
		"flora-errors": "^0.9.0"
		"jsonwebtoken": "^8.4.0",
		"flora-errors": "^0.9.1"
		},
		"devDependencies": {
		"eslint": "^5.8.0",
		"eslint-config-airbnb-base": "^13.1.0",
		"eslint-plugin-import": "^2.14.0",
		"pre-commit": "^1.2.2"
		"eslint-config-prettier": "^3.3.0",
		"eslint-plugin-prettier": "^3.0.0",
		"pre-commit": "^1.2.2",
		"prettier": "^1.15.2"
		}
		}

README.md

		@@ -20,5 +20,5 @@ # flora-auth-jwt
		credentialsRequired: false, // default: true
		validate: (jwt, request, cb) => {
		// callback value will go to request._auth
		return cb(null, { userId: jwt.sub });
		validate: async (jwt, request) => {
		// return value will go to request._auth
		return { userId: jwt.sub };
		}
		@@ -25,0 +25,0 @@ });

.eslintrc

Sorry, the diff of this file is not supported yet

.travis.yml

Sorry, the diff of this file is not supported yet

flora-auth-jwt - npm Package Compare versions

Improved metrics

Worsened metrics

Dependency changes