jsonwebtoken
Advanced tools
Comparing version 0.1.0 to 0.2.0
34
index.js
var jws = require('jws'); | ||
var moment = require('moment'); | ||
module.exports.decode = function (jwt) { | ||
return jws.decode(jwt).payload; | ||
}; | ||
module.exports.sign = function(payload, secretOrPrivateKey, options) { | ||
@@ -8,3 +12,3 @@ options = options || {}; | ||
var header = {typ: 'JWT', alg: options.algorithm || 'HS256'}; | ||
if (options.expiresInMinutes) | ||
if (options.expiresInMinutes) | ||
payload.exp = moment().add('minutes', options.expiresInMinutes).utc().unix(); | ||
@@ -14,6 +18,6 @@ | ||
payload.aud = options.audience; | ||
if (options.issuer) | ||
payload.iss = options.issuer; | ||
if (options.subject) | ||
@@ -43,23 +47,23 @@ payload.sub = options.subject; | ||
return callback(new Error('invalid signature')); | ||
var jwt = jws.decode(jwtString); | ||
if (jwt.payload.exp) { | ||
if (moment().utc().unix() >= jwt.payload.exp) | ||
var payload = this.decode(jwtString); | ||
if (payload.exp) { | ||
if (moment().utc().unix() >= payload.exp) | ||
return callback(new Error('jwt expired')); | ||
} | ||
if (jwt.payload.aud && options.audience) { | ||
if (jwt.payload.aud !== options.audience) | ||
return callback(new Error('jwt audience invalid. expected: ' + jwt.payload.aud)); | ||
if (payload.aud && options.audience) { | ||
if (payload.aud !== options.audience) | ||
return callback(new Error('jwt audience invalid. expected: ' + payload.aud)); | ||
} | ||
if (jwt.payload.iss && options.issuer) { | ||
if (jwt.payload.iss !== options.issuer) | ||
return callback(new Error('jwt issuer invalid. expected: ' + jwt.payload.iss)); | ||
if (payload.iss && options.issuer) { | ||
if (payload.iss !== options.issuer) | ||
return callback(new Error('jwt issuer invalid. expected: ' + payload.iss)); | ||
} | ||
callback(null, jwt.payload); | ||
callback(null, payload); | ||
}; | ||
{ | ||
"name": "jsonwebtoken", | ||
"version": "0.1.0", | ||
"version": "0.2.0", | ||
"description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
15305
11
163
1