1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
"use strict";Object.defineProperty(exports, "__esModule", { value: true });exports.decode = exports.verify = exports.sign = void 0;const encode_1 = require("../../utils/encode");const types_1 = require("./types");const types_2 = require("./types");var CryptoKeyFormat;(function (CryptoKeyFormat) {    CryptoKeyFormat["RAW"] = "raw";    CryptoKeyFormat["PKCS8"] = "pkcs8";    CryptoKeyFormat["SPKI"] = "spki";    CryptoKeyFormat["JWK"] = "jwk";})(CryptoKeyFormat || (CryptoKeyFormat = {}));var CryptoKeyUsage;(function (CryptoKeyUsage) {    CryptoKeyUsage["Ecrypt"] = "encrypt";    CryptoKeyUsage["Decrypt"] = "decrypt";    CryptoKeyUsage["Sign"] = "sign";    CryptoKeyUsage["Verify"] = "verify";    CryptoKeyUsage["Deriverkey"] = "deriveKey";    CryptoKeyUsage["DeriveBits"] = "deriveBits";    CryptoKeyUsage["WrapKey"] = "wrapKey";    CryptoKeyUsage["UnwrapKey"] = "unwrapKey";})(CryptoKeyUsage || (CryptoKeyUsage = {}));const param = (name) => {    switch (name.toUpperCase()) {        case 'HS256':            return {                name: 'HMAC',                hash: {                    name: 'SHA-256',                },            };        case 'HS384':            return {                name: 'HMAC',                hash: {                    name: 'SHA-384',                },            };        case 'HS512':            return {                name: 'HMAC',                hash: {                    name: 'SHA-512',                },            };        default:            throw new types_2.JwtAlgorithmNotImplemented(name);    }};const signing = async (data, secret, alg = types_1.AlgorithmTypes.HS256) => {    if (!crypto.subtle || !crypto.subtle.importKey) {        throw new Error('`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.');    }    const cryptoKey = await crypto.subtle.importKey(CryptoKeyFormat.RAW, (0, encode_1.utf8ToUint8Array)(secret), param(alg), false, [CryptoKeyUsage.Sign]);    return await crypto.subtle.sign(param(alg), cryptoKey, (0, encode_1.utf8ToUint8Array)(data));};const sign = async (payload, secret, alg = types_1.AlgorithmTypes.HS256) => {    const encodedPayload = await (0, encode_1.encodeBase64URL)(JSON.stringify(payload));    const encodedHeader = await (0, encode_1.encodeBase64URL)(JSON.stringify({ alg, typ: 'JWT' }));    const partialToken = `${encodedHeader}.${encodedPayload}`;    const signature = await (0, encode_1.arrayBufferToBase64URL)(await signing(partialToken, secret, alg));    return `${partialToken}.${signature}`;};exports.sign = sign;const verify = async (token, secret, alg = types_1.AlgorithmTypes.HS256) => {    const tokenParts = token.split('.');    if (tokenParts.length !== 3) {        throw new types_2.JwtTokenInvalid(token);    }    const { payload } = (0, exports.decode)(token);    if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1000)) {        throw new types_2.JwtTokenNotBefore(token);    }    if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000)) {        throw new types_2.JwtTokenExpired(token);    }    const signature = await (0, encode_1.arrayBufferToBase64URL)(await signing(tokenParts.slice(0, 2).join('.'), secret, alg));    if (signature !== tokenParts[2]) {        throw new types_2.JwtTokenSignatureMismatched(token);    }    return true;};exports.verify = verify;// eslint-disable-next-lineconst decode = (token) => {    try {        const [h, p] = token.split('.');        const header = JSON.parse((0, encode_1.decodeBase64URL)(h));        const payload = JSON.parse((0, encode_1.decodeBase64URL)(p));        return {            header,            payload,        };    }    catch (e) {        throw new types_2.JwtTokenInvalid(token);    }};exports.decode = decode;