paseto - npm Package Compare versions

Comparing version 3.0.0 to 3.0.1

lib/general/decode.js

@@ -13,3 +13,3 @@ const { PasetoInvalid, PasetoNotSupported } = require('../errors')
   if (length !== 3 && length !== 4) {
-    throw new PasetoInvalid('token value is not a PASETO formatted value')
+    throw new PasetoInvalid('token is not a PASETO formatted value')
   }
@@ -41,4 +41,4 @@
     raw = decode(payload).subarray(0, -sigLength)
-  } catch (err) {
-    throw new PasetoInvalid('token value is not a PASETO formatted value')
+  } catch {
+    throw new PasetoInvalid('token is not a PASETO formatted value')
   }
@@ -45,0 +45,0 @@

lib/help/parse_paseto_payload.js

@@ -11,5 +11,5 @@ const { PasetoInvalid } = require('../errors')
     return parsed
-  } catch (err) {
+  } catch {
     throw new PasetoInvalid('All PASETO payloads MUST be a JSON object')
   }
 }

lib/help/verify.js

@@ -1,33 +0,12 @@
-const { PasetoInvalid, PasetoVerificationFailed } = require('../errors')
+const { PasetoVerificationFailed } = require('../errors')
 
-const { decode } = require('./base64url')
 const { verify } = require('./crypto_worker')
 const pae = require('./pae')
+const { pre } = require('./consume')
 
 module.exports = async function verifyPaseto(h, token, alg, sigLength, key, i, eo) {
-  if (typeof token !== 'string') {
-    throw new TypeError('token must be a string')
-  }
+  const { raw, f } = pre(h, token)
 
-  if (token.substr(0, h.length) !== h) {
-    throw new PasetoInvalid(`token is not a ${h.slice(0, -1)} token`)
-  }
-
-  const { 0: b64ms, 1: b64f, length } = token.substr(h.length).split('.')
-  if (length !== 1 && length !== 2) {
-    throw new PasetoInvalid('token value is not a PASETO formatted value')
-  }
-
-  let f
-  let ms
-
-  try {
-    ms = decode(b64ms)
-    f = decode(b64f || '')
-  } catch (err) {
-    throw new PasetoInvalid('token value is not a PASETO formatted value')
-  }
-
-  const m = ms.subarray(0, -sigLength)
-  const s = ms.subarray(-sigLength)
+  const m = raw.subarray(0, -sigLength)
+  const s = raw.subarray(-sigLength)
   const m2 = pae(eo, h, m, f, i)
@@ -34,0 +13,0 @@

lib/v1/decrypt.js

@@ -1,7 +0,4 @@
-const { decode } = require('../help/base64url')
 const { 'v1.local-decrypt': decrypt } = require('../help/crypto_worker')
-const { PasetoInvalid } = require('../errors')
-const assertPayload = require('../help/assert_payload')
 const checkKey = require('../help/symmetric_key_check').bind(undefined, 'v1.local')
-const parse = require('../help/parse_paseto_payload')
+const { pre, post } = require('../help/consume')
 
@@ -15,43 +12,7 @@ const h = 'v1.local.'
 ) {
-  if (typeof token !== 'string') {
-    throw new TypeError(`token must be a string, got: ${typeof token}`)
-  }
-
+  const { raw, f } = pre(h, token)
   key = checkKey(key)
-
-  if (token.substr(0, h.length) !== h) {
-    throw new PasetoInvalid('token is not a v1.local PASETO')
-  }
-
-  const { 0: b64, 1: b64f = '', length } = token.substr(h.length).split('.')
-  if (length > 2) {
-    throw new PasetoInvalid('token value is not a PASETO formatted value')
-  }
-
-  const f = decode(b64f)
-  const raw = decode(b64)
   const k = key.export()
-
   const m = await decrypt(raw, f, k)
-
-  if (buffer) {
-    if (Object.keys(options).length !== 0) {
-      throw new TypeError('options cannot contain claims when options.buffer is true')
-    }
-    if (complete) {
-      return { payload: m, footer: f.length ? f : undefined, version: 'v1', purpose: 'local' }
-    }
-
-    return m
-  }
-
-  const payload = parse(m)
-
-  assertPayload(options, payload)
-
-  if (complete) {
-    return { payload, footer: f.length ? f : undefined, version: 'v1', purpose: 'local' }
-  }
-
-  return payload
+  return post('v1', buffer, options, complete, m, f, 'local')
 }

lib/v1/verify.js

@@ -6,6 +6,5 @@ const {
 
-const assertPayload = require('../help/assert_payload')
-const parse = require('../help/parse_paseto_payload')
 const verify = require('../help/verify')
 const isKeyObject = require('../help/is_key_object')
+const { post } = require('../help/consume')
 
@@ -49,21 +48,3 @@ function checkKey(key) {
 
-  if (buffer) {
-    if (Object.keys(options).length !== 0) {
-      throw new TypeError('options cannot contain claims when options.buffer is true')
-    }
-    if (complete) {
-      return { payload: m, footer, version: 'v1', purpose: 'public' }
-    }
-
-    return m
-  }
-
-  const payload = parse(m)
-  assertPayload(options, payload)
-
-  if (complete) {
-    return { payload, footer, version: 'v1', purpose: 'public' }
-  }
-
-  return payload
+  return post('v1', buffer, options, complete, m, footer, 'public')
 }

lib/v2/key.js

@@ -9,2 +9,50 @@ const crypto = require('crypto')
 
+function _checkPrivateKey(v, key) {
+  if (Buffer.isBuffer(key)) {
+    try {
+      key = bytesToKeyObject(key)
+    } catch {}
+  }
+
+  if (!isKeyObject(key)) {
+    try {
+      key = crypto.createPrivateKey(key)
+    } catch {}
+  }
+
+  if (!isKeyObject(key)) {
+    throw new TypeError('invalid key provided')
+  }
+
+  if (key.type !== 'private' || key.asymmetricKeyType !== 'ed25519') {
+    throw new TypeError(`${v}.public signing key must be a private ed25519 key`)
+  }
+
+  return key
+}
+
+function _checkPublicKey(v, key) {
+  if (Buffer.isBuffer(key)) {
+    try {
+      key = bytesToKeyObject(key)
+    } catch {}
+  }
+
+  if (!isKeyObject(key) || key.type === 'private') {
+    try {
+      key = crypto.createPublicKey(key)
+    } catch {}
+  }
+
+  if (!isKeyObject(key)) {
+    throw new TypeError('invalid key provided')
+  }
+
+  if (key.type !== 'public' || key.asymmetricKeyType !== 'ed25519') {
+    throw new TypeError(`${v}.public verify key must be a public ed25519 key`)
+  }
+
+  return key
+}
+
 async function _generateKey(v, purpose) {
@@ -82,2 +130,4 @@ switch (purpose) {
 module.exports = {
+  _checkPrivateKey,
+  _checkPublicKey,
   _generateKey,
@@ -84,0 +134,0 @@ _keyObjectToBytes,

lib/v2/sign.js

@@ -1,33 +0,8 @@
-const { createPrivateKey } = require('crypto')
-
 const checkFooter = require('../help/check_footer')
 const checkPayload = require('../help/check_payload')
 const sign = require('../help/sign')
-const isKeyObject = require('../help/is_key_object')
-const { bytesToKeyObject } = require('./key')
+const { _checkPrivateKey } = require('./key')
 
-function checkKey(key) {
-  if (Buffer.isBuffer(key)) {
-    try {
-      key = bytesToKeyObject(key)
-    } catch {}
-  }
+const checkKey = _checkPrivateKey.bind(undefined, 'v2')
 
-  if (!isKeyObject(key)) {
-    try {
-      key = createPrivateKey(key)
-    } catch {}
-  }
-
-  if (!isKeyObject(key)) {
-    throw new TypeError('invalid key provided')
-  }
-
-  if (key.type !== 'private' || key.asymmetricKeyType !== 'ed25519') {
-    throw new TypeError('v2.public signing key must be a private ed25519 key')
-  }
-
-  return key
-}
-
 module.exports = async function v2Sign(payload, key, { footer, ...options } = {}) {
@@ -34,0 +9,0 @@ const m = checkPayload(payload, options)

lib/v2/verify.js

@@ -1,33 +0,7 @@
-const { createPublicKey } = require('crypto')
-
-const assertPayload = require('../help/assert_payload')
-const parse = require('../help/parse_paseto_payload')
 const verify = require('../help/verify')
-const isKeyObject = require('../help/is_key_object')
-const { bytesToKeyObject } = require('./key')
+const { _checkPublicKey } = require('./key')
+const { post } = require('../help/consume')
 
-function checkKey(key) {
-  if (Buffer.isBuffer(key)) {
-    try {
-      key = bytesToKeyObject(key)
-    } catch {}
-  }
+const checkKey = _checkPublicKey.bind(undefined, 'v2')
 
-  if (!isKeyObject(key) || key.type === 'private') {
-    try {
-      key = createPublicKey(key)
-    } catch {}
-  }
-
-  if (!isKeyObject(key)) {
-    throw new TypeError('invalid key provided')
-  }
-
-  if (key.type !== 'public' || key.asymmetricKeyType !== 'ed25519') {
-    throw new TypeError('v2.public verify key must be a public ed25519 key')
-  }
-
-  return key
-}
-
 module.exports = async function v2Verify(
@@ -42,21 +16,3 @@ token,
 
-  if (buffer) {
-    if (Object.keys(options).length !== 0) {
-      throw new TypeError('options cannot contain claims when options.buffer is true')
-    }
-    if (complete) {
-      return { payload: m, footer, version: 'v2', purpose: 'public' }
-    }
-
-    return m
-  }
-
-  const payload = parse(m)
-  assertPayload(options, payload)
-
-  if (complete) {
-    return { payload, footer, version: 'v2', purpose: 'public' }
-  }
-
-  return payload
+  return post('v2', buffer, options, complete, m, footer, 'public')
 }

lib/v3/decrypt.js

@@ -1,8 +0,5 @@
-const { decode } = require('../help/base64url')
 const { 'v3.local-decrypt': decrypt } = require('../help/crypto_worker')
-const { PasetoInvalid } = require('../errors')
-const assertPayload = require('../help/assert_payload')
 const checkKey = require('../help/symmetric_key_check').bind(undefined, 'v3.local')
 const checkAssertion = require('../help/check_assertion')
-const parse = require('../help/parse_paseto_payload')
+const { pre, post } = require('../help/consume')
 
@@ -16,44 +13,8 @@ const h = 'v3.local.'
 ) {
-  if (typeof token !== 'string') {
-    throw new TypeError(`token must be a string, got: ${typeof token}`)
-  }
-
+  const { raw, f } = pre(h, token)
   key = checkKey(key)
   const i = checkAssertion(assertion)
-
-  if (token.substr(0, h.length) !== h) {
-    throw new PasetoInvalid('token is not a v3.local PASETO')
-  }
-
-  const { 0: b64, 1: b64f = '', length } = token.substr(h.length).split('.')
-  if (length > 2) {
-    throw new PasetoInvalid('token value is not a PASETO formatted value')
-  }
-
-  const f = decode(b64f)
-  const raw = decode(b64)
   const k = key.export()
-
   const m = await decrypt(raw, f, k, i)
-
-  if (buffer) {
-    if (Object.keys(options).length !== 0) {
-      throw new TypeError('options cannot contain claims when options.buffer is true')
-    }
-    if (complete) {
-      return { payload: m, footer: f.length ? f : undefined, version: 'v3', purpose: 'local' }
-    }
-
-    return m
-  }
-
-  const payload = parse(m)
-
-  assertPayload(options, payload)
-
-  if (complete) {
-    return { payload, footer: f.length ? f : undefined, version: 'v3', purpose: 'local' }
-  }
-
-  return payload
+  return post('v3', buffer, options, complete, m, f, 'local')
 }

lib/v3/verify.js

 const { createPublicKey } = require('crypto')
 
-const assertPayload = require('../help/assert_payload')
-const parse = require('../help/parse_paseto_payload')
 const checkAssertion = require('../help/check_assertion')
@@ -10,2 +8,3 @@ const verify = require('../help/verify')
 const compressPk = require('../help/compress_pk')
+const { post } = require('../help/consume')
 
@@ -55,24 +54,6 @@ function checkKey(key) {
     i,
-    compressPk(key)
+    compressPk(key),
   )
 
-  if (buffer) {
-    if (Object.keys(options).length !== 0) {
-      throw new TypeError('options cannot contain claims when options.buffer is true')
-    }
-    if (complete) {
-      return { payload: m, footer, version: 'v3', purpose: 'public' }
-    }
-
-    return m
-  }
-
-  const payload = parse(m)
-  assertPayload(options, payload)
-
-  if (complete) {
-    return { payload, footer, version: 'v3', purpose: 'public' }
-  }
-
-  return payload
+  return post('v3', buffer, options, complete, m, footer, 'public')
 }

lib/v4/key.js

@@ -1,2 +0,8 @@
-const { _generateKey, _keyObjectToBytes, bytesToKeyObject } = require('../v2/key')
+const {
+  _checkPrivateKey,
+  _checkPublicKey,
+  _generateKey,
+  _keyObjectToBytes,
+  bytesToKeyObject,
+} = require('../v2/key')
 
@@ -12,5 +18,7 @@ async function generateKey(...args) {
 module.exports = {
+  _checkPrivateKey,
+  _checkPublicKey,
+  bytesToKeyObject,
   generateKey,
-  bytesToKeyObject,
   keyObjectToBytes,
 }

lib/v4/sign.js

@@ -1,3 +0,1 @@
-const { createPrivateKey } = require('crypto')
-
 const checkFooter = require('../help/check_footer')
@@ -7,29 +5,6 @@ const checkPayload = require('../help/check_payload')
 const sign = require('../help/sign')
-const isKeyObject = require('../help/is_key_object')
-const { bytesToKeyObject } = require('./key')
+const { _checkPrivateKey } = require('./key')
 
-function checkKey(key) {
-  if (Buffer.isBuffer(key)) {
-    try {
-      key = bytesToKeyObject(key)
-    } catch {}
-  }
+const checkKey = _checkPrivateKey.bind(undefined, 'v4')
 
-  if (!isKeyObject(key)) {
-    try {
-      key = createPrivateKey(key)
-    } catch {}
-  }
-
-  if (!isKeyObject(key)) {
-    throw new TypeError('invalid key provided')
-  }
-
-  if (key.type !== 'private' || key.asymmetricKeyType !== 'ed25519') {
-    throw new TypeError('v4.public signing key must be a private ed25519 key')
-  }
-
-  return key
-}
-
 module.exports = async function v4Sign(payload, key, { footer, assertion, ...options } = {}) {
@@ -36,0 +11,0 @@ const m = checkPayload(payload, options)

lib/v4/verify.js

@@ -1,34 +0,8 @@
-const { createPublicKey } = require('crypto')
-
-const assertPayload = require('../help/assert_payload')
-const parse = require('../help/parse_paseto_payload')
 const checkAssertion = require('../help/check_assertion')
 const verify = require('../help/verify')
-const isKeyObject = require('../help/is_key_object')
-const { bytesToKeyObject } = require('./key')
+const { _checkPublicKey } = require('./key')
+const { post } = require('../help/consume')
 
-function checkKey(key) {
-  if (Buffer.isBuffer(key)) {
-    try {
-      key = bytesToKeyObject(key)
-    } catch {}
-  }
+const checkKey = _checkPublicKey.bind(undefined, 'v4')
 
-  if (!isKeyObject(key) || key.type === 'private') {
-    try {
-      key = createPublicKey(key)
-    } catch {}
-  }
-
-  if (!isKeyObject(key)) {
-    throw new TypeError('invalid key provided')
-  }
-
-  if (key.type !== 'public' || key.asymmetricKeyType !== 'ed25519') {
-    throw new TypeError('v4.public verify key must be a public ed25519 key')
-  }
-
-  return key
-}
-
 module.exports = async function v4Verify(
@@ -44,21 +18,3 @@ token,
 
-  if (buffer) {
-    if (Object.keys(options).length !== 0) {
-      throw new TypeError('options cannot contain claims when options.buffer is true')
-    }
-    if (complete) {
-      return { payload: m, footer, version: 'v4', purpose: 'public' }
-    }
-
-    return m
-  }
-
-  const payload = parse(m)
-  assertPayload(options, payload)
-
-  if (complete) {
-    return { payload, footer, version: 'v4', purpose: 'public' }
-  }
-
-  return payload
+  return post('v4', buffer, options, complete, m, footer, 'public')
 }

package.json

 {
   "name": "paseto",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "PASETO for Node.js with no dependencies",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Number of package files

48

increased by2.13%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

48792

decreased by-7.51%

Lines of code

1357

decreased by-8.25%

No dependency changes