UNPKG

jsonwebtoken/sign.js

Version:

6.82 kBJavaScriptView Raw

1var timespan = require('./lib/timespan');
2var PS_SUPPORTED = require('./lib/psSupported');
3var jws = require('jws');
4var includes = require('lodash.includes');
5var isBoolean = require('lodash.isboolean');
6var isInteger = require('lodash.isinteger');
7var isNumber = require('lodash.isnumber');
8var isPlainObject = require('lodash.isplainobject');
9var isString = require('lodash.isstring');
10var once = require('lodash.once');
11
12var SUPPORTED_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none']
13if (PS_SUPPORTED) {
SUPPORTED_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');
15}
16
17var sign_options_schema = {
expiresIn: { isValid: function(value) { return isInteger(value) || (isString(value) && value); }, message: '"expiresIn" should be a number of seconds or string representing a timespan' },
notBefore: { isValid: function(value) { return isInteger(value) || (isString(value) && value); }, message: '"notBefore" should be a number of seconds or string representing a timespan' },
audience: { isValid: function(value) { return isString(value) || Array.isArray(value); }, message: '"audience" must be a string or array' },
algorithm: { isValid: includes.bind(null, SUPPORTED_ALGS), message: '"algorithm" must be a valid string enum value' },
header: { isValid: isPlainObject, message: '"header" must be an object' },
encoding: { isValid: isString, message: '"encoding" must be a string' },
issuer: { isValid: isString, message: '"issuer" must be a string' },
subject: { isValid: isString, message: '"subject" must be a string' },
jwtid: { isValid: isString, message: '"jwtid" must be a string' },
noTimestamp: { isValid: isBoolean, message: '"noTimestamp" must be a boolean' },
keyid: { isValid: isString, message: '"keyid" must be a string' },
mutatePayload: { isValid: isBoolean, message: '"mutatePayload" must be a boolean' }
30};
31
32var registered_claims_schema = {
iat: { isValid: isNumber, message: '"iat" should be a number of seconds' },
exp: { isValid: isNumber, message: '"exp" should be a number of seconds' },
nbf: { isValid: isNumber, message: '"nbf" should be a number of seconds' }
36};
37
38function validate(schema, allowUnknown, object, parameterName) {
if (!isPlainObject(object)) {
  throw new Error('Expected "' + parameterName + '" to be a plain object.');
}
Object.keys(object)
  .forEach(function(key) {
    var validator = schema[key];
    if (!validator) {
      if (!allowUnknown) {
        throw new Error('"' + key + '" is not allowed in "' + parameterName + '"');
      }
      return;
    }
    if (!validator.isValid(object[key])) {
      throw new Error(validator.message);
    }
  });
55}
56
57function validateOptions(options) {
return validate(sign_options_schema, false, options, 'options');
59}
60
61function validatePayload(payload) {
return validate(registered_claims_schema, true, payload, 'payload');
63}
64
65var options_to_payload = {
'audience': 'aud',
'issuer': 'iss',
'subject': 'sub',
'jwtid': 'jti'
70};
71
72var options_for_objects = [
'expiresIn',
'notBefore',
'noTimestamp',
'audience',
'issuer',
'subject',
'jwtid',
80];
81
82module.exports = function (payload, secretOrPrivateKey, options, callback) {
if (typeof options === 'function') {
  callback = options;
  options = {};
} else {
  options = options || {};
}
89
var isObjectPayload = typeof payload === 'object' &&
                      !Buffer.isBuffer(payload);
92
var header = Object.assign({
  alg: options.algorithm || 'HS256',
  typ: isObjectPayload ? 'JWT' : undefined,
  kid: options.keyid
}, options.header);
98
function failure(err) {
  if (callback) {
    return callback(err);
  }
  throw err;
}
105
if (!secretOrPrivateKey && options.algorithm !== 'none') {
  return failure(new Error('secretOrPrivateKey must have a value'));
}
109
if (typeof payload === 'undefined') {
  return failure(new Error('payload is required'));
} else if (isObjectPayload) {
  try {
    validatePayload(payload);
  }
  catch (error) {
    return failure(error);
  }
  if (!options.mutatePayload) {
    payload = Object.assign({},payload);
  }
} else {
  var invalid_options = options_for_objects.filter(function (opt) {
    return typeof options[opt] !== 'undefined';
  });
126
  if (invalid_options.length > 0) {
    return failure(new Error('invalid ' + invalid_options.join(',') + ' option for ' + (typeof payload ) + ' payload'));
  }
}
131
if (typeof payload.exp !== 'undefined' && typeof options.expiresIn !== 'undefined') {
  return failure(new Error('Bad "options.expiresIn" option the payload already has an "exp" property.'));
}
135
if (typeof payload.nbf !== 'undefined' && typeof options.notBefore !== 'undefined') {
  return failure(new Error('Bad "options.notBefore" option the payload already has an "nbf" property.'));
}
139
try {
  validateOptions(options);
}
catch (error) {
  return failure(error);
}
146
var timestamp = payload.iat || Math.floor(Date.now() / 1000);
148
if (options.noTimestamp) {
  delete payload.iat;
} else if (isObjectPayload) {
  payload.iat = timestamp;
}
154
if (typeof options.notBefore !== 'undefined') {
  try {
    payload.nbf = timespan(options.notBefore, timestamp);
  }
  catch (err) {
    return failure(err);
  }
  if (typeof payload.nbf === 'undefined') {
    return failure(new Error('"notBefore" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60'));
  }
}
166
if (typeof options.expiresIn !== 'undefined' && typeof payload === 'object') {
  try {
    payload.exp = timespan(options.expiresIn, timestamp);
  }
  catch (err) {
    return failure(err);
  }
  if (typeof payload.exp === 'undefined') {
    return failure(new Error('"expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60'));
  }
}
178
Object.keys(options_to_payload).forEach(function (key) {
  var claim = options_to_payload[key];
  if (typeof options[key] !== 'undefined') {
    if (typeof payload[claim] !== 'undefined') {
      return failure(new Error('Bad "options.' + key + '" option. The payload already has an "' + claim + '" property.'));
    }
    payload[claim] = options[key];
  }
});
188
var encoding = options.encoding || 'utf8';
190
if (typeof callback === 'function') {
  callback = callback && once(callback);
193
  jws.createSign({
    header: header,
    privateKey: secretOrPrivateKey,
    payload: payload,
    encoding: encoding
  }).once('error', callback)
    .once('done', function (signature) {
      callback(null, signature);
    });
} else {
  return jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding});
}
206};

1	`var timespan = require('./lib/timespan');`
2	`var PS_SUPPORTED = require('./lib/psSupported');`
3	`var jws = require('jws');`
4	`var includes = require('lodash.includes');`
5	`var isBoolean = require('lodash.isboolean');`
6	`var isInteger = require('lodash.isinteger');`
7	`var isNumber = require('lodash.isnumber');`
8	`var isPlainObject = require('lodash.isplainobject');`
9	`var isString = require('lodash.isstring');`
10	`var once = require('lodash.once');`
11
12	`var SUPPORTED_ALGS = ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none']`
13	`if (PS_SUPPORTED) {`
14	`SUPPORTED_ALGS.splice(3, 0, 'PS256', 'PS384', 'PS512');`
15	`}`
16
17	`var sign_options_schema = {`
18	`expiresIn: { isValid: function(value) { return isInteger(value) \|\| (isString(value) && value); }, message: '"expiresIn" should be a number of seconds or string representing a timespan' },`
19	`notBefore: { isValid: function(value) { return isInteger(value) \|\| (isString(value) && value); }, message: '"notBefore" should be a number of seconds or string representing a timespan' },`
20	`audience: { isValid: function(value) { return isString(value) \|\| Array.isArray(value); }, message: '"audience" must be a string or array' },`
21	`algorithm: { isValid: includes.bind(null, SUPPORTED_ALGS), message: '"algorithm" must be a valid string enum value' },`
22	`header: { isValid: isPlainObject, message: '"header" must be an object' },`
23	`encoding: { isValid: isString, message: '"encoding" must be a string' },`
24	`issuer: { isValid: isString, message: '"issuer" must be a string' },`
25	`subject: { isValid: isString, message: '"subject" must be a string' },`
26	`jwtid: { isValid: isString, message: '"jwtid" must be a string' },`
27	`noTimestamp: { isValid: isBoolean, message: '"noTimestamp" must be a boolean' },`
28	`keyid: { isValid: isString, message: '"keyid" must be a string' },`
29	`mutatePayload: { isValid: isBoolean, message: '"mutatePayload" must be a boolean' }`
30	`};`
31
32	`var registered_claims_schema = {`
33	`iat: { isValid: isNumber, message: '"iat" should be a number of seconds' },`
34	`exp: { isValid: isNumber, message: '"exp" should be a number of seconds' },`
35	`nbf: { isValid: isNumber, message: '"nbf" should be a number of seconds' }`
36	`};`
37
38	`function validate(schema, allowUnknown, object, parameterName) {`
39	`if (!isPlainObject(object)) {`
40	`throw new Error('Expected "' + parameterName + '" to be a plain object.');`
41	`}`
42	`Object.keys(object)`
43	`.forEach(function(key) {`
44	`var validator = schema[key];`
45	`if (!validator) {`
46	`if (!allowUnknown) {`
47	`throw new Error('"' + key + '" is not allowed in "' + parameterName + '"');`
48	`}`
49	`return;`
50	`}`
51	`if (!validator.isValid(object[key])) {`
52	`throw new Error(validator.message);`
53	`}`
54	`});`
55	`}`
56
57	`function validateOptions(options) {`
58	`return validate(sign_options_schema, false, options, 'options');`
59	`}`
60
61	`function validatePayload(payload) {`
62	`return validate(registered_claims_schema, true, payload, 'payload');`
63	`}`
64
65	`var options_to_payload = {`
66	`'audience': 'aud',`
67	`'issuer': 'iss',`
68	`'subject': 'sub',`
69	`'jwtid': 'jti'`
70	`};`
71
72	`var options_for_objects = [`
73	`'expiresIn',`
74	`'notBefore',`
75	`'noTimestamp',`
76	`'audience',`
77	`'issuer',`
78	`'subject',`
79	`'jwtid',`
80	`];`
81
82	`module.exports = function (payload, secretOrPrivateKey, options, callback) {`
83	`if (typeof options === 'function') {`
84	`callback = options;`
85	`options = {};`
86	`} else {`
87	`options = options \|\| {};`
88	`}`
89
90	`var isObjectPayload = typeof payload === 'object' &&`
91	`!Buffer.isBuffer(payload);`
92
93	`var header = Object.assign({`
94	`alg: options.algorithm \|\| 'HS256',`
95	`typ: isObjectPayload ? 'JWT' : undefined,`
96	`kid: options.keyid`
97	`}, options.header);`
98
99	`function failure(err) {`
100	`if (callback) {`
101	`return callback(err);`
102	`}`
103	`throw err;`
104	`}`
105
106	`if (!secretOrPrivateKey && options.algorithm !== 'none') {`
107	`return failure(new Error('secretOrPrivateKey must have a value'));`
108	`}`
109
110	`if (typeof payload === 'undefined') {`
111	`return failure(new Error('payload is required'));`
112	`} else if (isObjectPayload) {`
113	`try {`
114	`validatePayload(payload);`
115	`}`
116	`catch (error) {`
117	`return failure(error);`
118	`}`
119	`if (!options.mutatePayload) {`
120	`payload = Object.assign({},payload);`
121	`}`
122	`} else {`
123	`var invalid_options = options_for_objects.filter(function (opt) {`
124	`return typeof options[opt] !== 'undefined';`
125	`});`
126
127	`if (invalid_options.length > 0) {`
128	`return failure(new Error('invalid ' + invalid_options.join(',') + ' option for ' + (typeof payload ) + ' payload'));`
129	`}`
130	`}`
131
132	`if (typeof payload.exp !== 'undefined' && typeof options.expiresIn !== 'undefined') {`
133	`return failure(new Error('Bad "options.expiresIn" option the payload already has an "exp" property.'));`
134	`}`
135
136	`if (typeof payload.nbf !== 'undefined' && typeof options.notBefore !== 'undefined') {`
137	`return failure(new Error('Bad "options.notBefore" option the payload already has an "nbf" property.'));`
138	`}`
139
140	`try {`
141	`validateOptions(options);`
142	`}`
143	`catch (error) {`
144	`return failure(error);`
145	`}`
146
147	`var timestamp = payload.iat \|\| Math.floor(Date.now() / 1000);`
148
149	`if (options.noTimestamp) {`
150	`delete payload.iat;`
151	`} else if (isObjectPayload) {`
152	`payload.iat = timestamp;`
153	`}`
154
155	`if (typeof options.notBefore !== 'undefined') {`
156	`try {`
157	`payload.nbf = timespan(options.notBefore, timestamp);`
158	`}`
159	`catch (err) {`
160	`return failure(err);`
161	`}`
162	`if (typeof payload.nbf === 'undefined') {`
163	`return failure(new Error('"notBefore" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60'));`
164	`}`
165	`}`
166
167	`if (typeof options.expiresIn !== 'undefined' && typeof payload === 'object') {`
168	`try {`
169	`payload.exp = timespan(options.expiresIn, timestamp);`
170	`}`
171	`catch (err) {`
172	`return failure(err);`
173	`}`
174	`if (typeof payload.exp === 'undefined') {`
175	`return failure(new Error('"expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60'));`
176	`}`
177	`}`
178
179	`Object.keys(options_to_payload).forEach(function (key) {`
180	`var claim = options_to_payload[key];`
181	`if (typeof options[key] !== 'undefined') {`
182	`if (typeof payload[claim] !== 'undefined') {`
183	`return failure(new Error('Bad "options.' + key + '" option. The payload already has an "' + claim + '" property.'));`
184	`}`
185	`payload[claim] = options[key];`
186	`}`
187	`});`
188
189	`var encoding = options.encoding \|\| 'utf8';`
190
191	`if (typeof callback === 'function') {`
192	`callback = callback && once(callback);`
193
194	`jws.createSign({`
195	`header: header,`
196	`privateKey: secretOrPrivateKey,`
197	`payload: payload,`
198	`encoding: encoding`
199	`}).once('error', callback)`
200	`.once('done', function (signature) {`
201	`callback(null, signature);`
202	`});`
203	`} else {`
204	`return jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding});`
205	`}`
206	`};`