1 | ;
|
2 | Object.defineProperty(exports, "__esModule", { value: true });
|
3 | exports.validate = exports.decode = exports.verify = exports.sign = exports.InvalidHmacError = void 0;
|
4 | const crypto_1 = require("crypto");
|
5 | /**
|
6 | * InvalidHmacError is thrown when HMACs don't match
|
7 | * @source https://rclayton.silvrback.com/custom-errors-in-node-js
|
8 | */
|
9 | class InvalidHmacError extends Error {
|
10 | constructor(message) {
|
11 | super(message);
|
12 | this.name = this.constructor.name;
|
13 | Error.captureStackTrace(this, this.constructor);
|
14 | }
|
15 | }
|
16 | exports.InvalidHmacError = InvalidHmacError;
|
17 | /**
|
18 | * Generate a new TWT from a payload and signature
|
19 | * @param payload - Payload
|
20 | * @param secret - Secret
|
21 | * @example
|
22 | * // returns "hello5112055c05f944f85755efc5cd8970e194e9f45b"
|
23 | * sign("hello", "secret");
|
24 | */
|
25 | exports.sign = (payload, secret, length = 32, algorithm = "md5") => `${payload}${crypto_1.createHmac(algorithm, secret)
|
26 | .update(payload)
|
27 | .digest("hex")
|
28 | .substring(0, length)}`;
|
29 | /**
|
30 | * Verify a TWT using its secret
|
31 | * @param twt - TWT
|
32 | * @param secret - Secret
|
33 | * @example
|
34 | * // returns "hello"
|
35 | * verify("hello5112055c05f944f85755efc5cd8970e194e9f45b", "secret");
|
36 | * @example
|
37 | * // Throws an InvalidHmacError
|
38 | * verify("hello-this-is-not-the-correct-hmac", "secret");
|
39 | * @example
|
40 | * // Throws an InvalidHmacError
|
41 | * verify("hello5112055c05f944f85755efc5cd8970e194e9f45b", "incorrect-secret");
|
42 | */
|
43 | exports.verify = (twt, secret, length = 32, algorithm = "md5") => {
|
44 | const [payload, hmac] = [
|
45 | twt.substring(0, twt.length - length),
|
46 | twt.substr(twt.length - length),
|
47 | ];
|
48 | if (crypto_1.createHmac(algorithm, secret)
|
49 | .update(payload)
|
50 | .digest("hex")
|
51 | .substr(0, length) !== hmac)
|
52 | throw new InvalidHmacError();
|
53 | return payload;
|
54 | };
|
55 | /**
|
56 | * Decode a TWT **without** verifying it (not recommended)
|
57 | * @param twt - TWT
|
58 | * @example
|
59 | * // returns "hello"
|
60 | * decode("hello5112055c05f944f85755efc5cd8970e194e9f45b");
|
61 | * @example
|
62 | * // returns "hello"
|
63 | * decode("hellothis-is-not-the-correct-hmac");
|
64 | */
|
65 | exports.decode = (twt, length = 32) => twt.substring(0, twt.length - length);
|
66 | /**
|
67 | * Validate a TWT **without** verifying it
|
68 | * @param twt - TWT
|
69 | * @example
|
70 | * // returns true
|
71 | * decode("hello5112055c05f944f85755efc5cd8970e194e9f45b");
|
72 | * @example
|
73 | * // returns false
|
74 | * decode("hellothis-is-not-32-characters");
|
75 | * // returns true
|
76 | * decode("hellothis-is-32-characters-abcdefghijklmnopqr");
|
77 | */
|
78 | exports.validate = (twt, length = 32) => {
|
79 | const [payload, hmac] = [
|
80 | twt.substring(0, twt.length - length),
|
81 | twt.substr(twt.length - length),
|
82 | ];
|
83 | return twt.length === payload.length + length && hmac.length === length;
|
84 | };
|
85 | //# sourceMappingURL=index.js.map |
\ | No newline at end of file |