forked from electrode-io/electrode-csrf-jwt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
jwt-token-engine.js
88 lines (73 loc) · 1.84 KB
/
jwt-token-engine.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
"use strict";
const jwt = require("jsonwebtoken");
const assert = require("assert");
const getIdGenerator = require("./get-id-generators");
const { MISSING_TOKEN, INVALID_TOKEN, BAD_TOKEN } = require("./errors");
const payloadOptions = [
"expiresIn",
"notBefore",
"expiresInMinutes",
"expiresInSeconds",
"audience",
"issuer",
"jwtid",
"subject",
"noTimeStamp",
"headers"
];
class JwtTokenEngine {
constructor(options) {
options = Object.assign({ secret: "csrf jwt secret" }, options);
this._uuidGen = getIdGenerator(options.uuidGen);
assert(this._uuidGen(), "UUID generator must not return falsy values");
this._secret = options.secret;
this._params = {};
payloadOptions.forEach(key => {
if (options[key]) {
this._params[key] = options[key];
}
});
}
create(payload) {
const uuid = this._uuidGen();
return {
header: jwt.sign(
Object.assign({}, payload, { uuid, type: "header" }),
this._secret,
this._params
),
cookie: jwt.sign(
Object.assign({}, payload, { uuid, type: "cookie" }),
this._secret,
this._params
)
};
}
verify(header, cookie) {
let error;
if (!header || !cookie) {
error = new Error(MISSING_TOKEN);
} else {
try {
header = jwt.verify(header, this._secret);
cookie = jwt.verify(cookie, this._secret);
const valid =
header.uuid &&
header.uuid === cookie.uuid &&
header.type === "header" &&
cookie.type === "cookie";
if (!valid) {
error = new Error(INVALID_TOKEN);
}
} catch (e) {
error = new Error(e.message === "jwt expired" ? INVALID_TOKEN : BAD_TOKEN);
}
}
return {
error,
header,
cookie
};
}
}
module.exports = JwtTokenEngine;