Update app and tooling
This commit is contained in:
Lawrence Chen
parent
3046531bdd
commit
e620ec7349
4950 changed files with 2975120 additions and 10 deletions
26
node_modules/jose/dist/node/cjs/jwt/decrypt.js
generated
vendored
Normal file
26
node_modules/jose/dist/node/cjs/jwt/decrypt.js
generated
vendored
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.jwtDecrypt = jwtDecrypt;
|
||||
const decrypt_js_1 = require("../jwe/compact/decrypt.js");
|
||||
const jwt_claims_set_js_1 = require("../lib/jwt_claims_set.js");
|
||||
const errors_js_1 = require("../util/errors.js");
|
||||
async function jwtDecrypt(jwt, key, options) {
|
||||
const decrypted = await (0, decrypt_js_1.compactDecrypt)(jwt, key, options);
|
||||
const payload = (0, jwt_claims_set_js_1.default)(decrypted.protectedHeader, decrypted.plaintext, options);
|
||||
const { protectedHeader } = decrypted;
|
||||
if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {
|
||||
throw new errors_js_1.JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', payload, 'iss', 'mismatch');
|
||||
}
|
||||
if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {
|
||||
throw new errors_js_1.JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', payload, 'sub', 'mismatch');
|
||||
}
|
||||
if (protectedHeader.aud !== undefined &&
|
||||
JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {
|
||||
throw new errors_js_1.JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', payload, 'aud', 'mismatch');
|
||||
}
|
||||
const result = { payload, protectedHeader };
|
||||
if (typeof key === 'function') {
|
||||
return { ...result, key: decrypted.key };
|
||||
}
|
||||
return result;
|
||||
}
|
||||
79
node_modules/jose/dist/node/cjs/jwt/encrypt.js
generated
vendored
Normal file
79
node_modules/jose/dist/node/cjs/jwt/encrypt.js
generated
vendored
Normal file
|
|
@ -0,0 +1,79 @@
|
|||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.EncryptJWT = void 0;
|
||||
const encrypt_js_1 = require("../jwe/compact/encrypt.js");
|
||||
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
|
||||
const produce_js_1 = require("./produce.js");
|
||||
class EncryptJWT extends produce_js_1.ProduceJWT {
|
||||
_cek;
|
||||
_iv;
|
||||
_keyManagementParameters;
|
||||
_protectedHeader;
|
||||
_replicateIssuerAsHeader;
|
||||
_replicateSubjectAsHeader;
|
||||
_replicateAudienceAsHeader;
|
||||
setProtectedHeader(protectedHeader) {
|
||||
if (this._protectedHeader) {
|
||||
throw new TypeError('setProtectedHeader can only be called once');
|
||||
}
|
||||
this._protectedHeader = protectedHeader;
|
||||
return this;
|
||||
}
|
||||
setKeyManagementParameters(parameters) {
|
||||
if (this._keyManagementParameters) {
|
||||
throw new TypeError('setKeyManagementParameters can only be called once');
|
||||
}
|
||||
this._keyManagementParameters = parameters;
|
||||
return this;
|
||||
}
|
||||
setContentEncryptionKey(cek) {
|
||||
if (this._cek) {
|
||||
throw new TypeError('setContentEncryptionKey can only be called once');
|
||||
}
|
||||
this._cek = cek;
|
||||
return this;
|
||||
}
|
||||
setInitializationVector(iv) {
|
||||
if (this._iv) {
|
||||
throw new TypeError('setInitializationVector can only be called once');
|
||||
}
|
||||
this._iv = iv;
|
||||
return this;
|
||||
}
|
||||
replicateIssuerAsHeader() {
|
||||
this._replicateIssuerAsHeader = true;
|
||||
return this;
|
||||
}
|
||||
replicateSubjectAsHeader() {
|
||||
this._replicateSubjectAsHeader = true;
|
||||
return this;
|
||||
}
|
||||
replicateAudienceAsHeader() {
|
||||
this._replicateAudienceAsHeader = true;
|
||||
return this;
|
||||
}
|
||||
async encrypt(key, options) {
|
||||
const enc = new encrypt_js_1.CompactEncrypt(buffer_utils_js_1.encoder.encode(JSON.stringify(this._payload)));
|
||||
if (this._replicateIssuerAsHeader) {
|
||||
this._protectedHeader = { ...this._protectedHeader, iss: this._payload.iss };
|
||||
}
|
||||
if (this._replicateSubjectAsHeader) {
|
||||
this._protectedHeader = { ...this._protectedHeader, sub: this._payload.sub };
|
||||
}
|
||||
if (this._replicateAudienceAsHeader) {
|
||||
this._protectedHeader = { ...this._protectedHeader, aud: this._payload.aud };
|
||||
}
|
||||
enc.setProtectedHeader(this._protectedHeader);
|
||||
if (this._iv) {
|
||||
enc.setInitializationVector(this._iv);
|
||||
}
|
||||
if (this._cek) {
|
||||
enc.setContentEncryptionKey(this._cek);
|
||||
}
|
||||
if (this._keyManagementParameters) {
|
||||
enc.setKeyManagementParameters(this._keyManagementParameters);
|
||||
}
|
||||
return enc.encrypt(key, options);
|
||||
}
|
||||
}
|
||||
exports.EncryptJWT = EncryptJWT;
|
||||
80
node_modules/jose/dist/node/cjs/jwt/produce.js
generated
vendored
Normal file
80
node_modules/jose/dist/node/cjs/jwt/produce.js
generated
vendored
Normal file
|
|
@ -0,0 +1,80 @@
|
|||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.ProduceJWT = void 0;
|
||||
const epoch_js_1 = require("../lib/epoch.js");
|
||||
const is_object_js_1 = require("../lib/is_object.js");
|
||||
const secs_js_1 = require("../lib/secs.js");
|
||||
function validateInput(label, input) {
|
||||
if (!Number.isFinite(input)) {
|
||||
throw new TypeError(`Invalid ${label} input`);
|
||||
}
|
||||
return input;
|
||||
}
|
||||
class ProduceJWT {
|
||||
_payload;
|
||||
constructor(payload = {}) {
|
||||
if (!(0, is_object_js_1.default)(payload)) {
|
||||
throw new TypeError('JWT Claims Set MUST be an object');
|
||||
}
|
||||
this._payload = payload;
|
||||
}
|
||||
setIssuer(issuer) {
|
||||
this._payload = { ...this._payload, iss: issuer };
|
||||
return this;
|
||||
}
|
||||
setSubject(subject) {
|
||||
this._payload = { ...this._payload, sub: subject };
|
||||
return this;
|
||||
}
|
||||
setAudience(audience) {
|
||||
this._payload = { ...this._payload, aud: audience };
|
||||
return this;
|
||||
}
|
||||
setJti(jwtId) {
|
||||
this._payload = { ...this._payload, jti: jwtId };
|
||||
return this;
|
||||
}
|
||||
setNotBefore(input) {
|
||||
if (typeof input === 'number') {
|
||||
this._payload = { ...this._payload, nbf: validateInput('setNotBefore', input) };
|
||||
}
|
||||
else if (input instanceof Date) {
|
||||
this._payload = { ...this._payload, nbf: validateInput('setNotBefore', (0, epoch_js_1.default)(input)) };
|
||||
}
|
||||
else {
|
||||
this._payload = { ...this._payload, nbf: (0, epoch_js_1.default)(new Date()) + (0, secs_js_1.default)(input) };
|
||||
}
|
||||
return this;
|
||||
}
|
||||
setExpirationTime(input) {
|
||||
if (typeof input === 'number') {
|
||||
this._payload = { ...this._payload, exp: validateInput('setExpirationTime', input) };
|
||||
}
|
||||
else if (input instanceof Date) {
|
||||
this._payload = { ...this._payload, exp: validateInput('setExpirationTime', (0, epoch_js_1.default)(input)) };
|
||||
}
|
||||
else {
|
||||
this._payload = { ...this._payload, exp: (0, epoch_js_1.default)(new Date()) + (0, secs_js_1.default)(input) };
|
||||
}
|
||||
return this;
|
||||
}
|
||||
setIssuedAt(input) {
|
||||
if (typeof input === 'undefined') {
|
||||
this._payload = { ...this._payload, iat: (0, epoch_js_1.default)(new Date()) };
|
||||
}
|
||||
else if (input instanceof Date) {
|
||||
this._payload = { ...this._payload, iat: validateInput('setIssuedAt', (0, epoch_js_1.default)(input)) };
|
||||
}
|
||||
else if (typeof input === 'string') {
|
||||
this._payload = {
|
||||
...this._payload,
|
||||
iat: validateInput('setIssuedAt', (0, epoch_js_1.default)(new Date()) + (0, secs_js_1.default)(input)),
|
||||
};
|
||||
}
|
||||
else {
|
||||
this._payload = { ...this._payload, iat: validateInput('setIssuedAt', input) };
|
||||
}
|
||||
return this;
|
||||
}
|
||||
}
|
||||
exports.ProduceJWT = ProduceJWT;
|
||||
25
node_modules/jose/dist/node/cjs/jwt/sign.js
generated
vendored
Normal file
25
node_modules/jose/dist/node/cjs/jwt/sign.js
generated
vendored
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.SignJWT = void 0;
|
||||
const sign_js_1 = require("../jws/compact/sign.js");
|
||||
const errors_js_1 = require("../util/errors.js");
|
||||
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
|
||||
const produce_js_1 = require("./produce.js");
|
||||
class SignJWT extends produce_js_1.ProduceJWT {
|
||||
_protectedHeader;
|
||||
setProtectedHeader(protectedHeader) {
|
||||
this._protectedHeader = protectedHeader;
|
||||
return this;
|
||||
}
|
||||
async sign(key, options) {
|
||||
const sig = new sign_js_1.CompactSign(buffer_utils_js_1.encoder.encode(JSON.stringify(this._payload)));
|
||||
sig.setProtectedHeader(this._protectedHeader);
|
||||
if (Array.isArray(this._protectedHeader?.crit) &&
|
||||
this._protectedHeader.crit.includes('b64') &&
|
||||
this._protectedHeader.b64 === false) {
|
||||
throw new errors_js_1.JWTInvalid('JWTs MUST NOT use unencoded payload');
|
||||
}
|
||||
return sig.sign(key, options);
|
||||
}
|
||||
}
|
||||
exports.SignJWT = SignJWT;
|
||||
36
node_modules/jose/dist/node/cjs/jwt/unsecured.js
generated
vendored
Normal file
36
node_modules/jose/dist/node/cjs/jwt/unsecured.js
generated
vendored
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.UnsecuredJWT = void 0;
|
||||
const base64url = require("../runtime/base64url.js");
|
||||
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
|
||||
const errors_js_1 = require("../util/errors.js");
|
||||
const jwt_claims_set_js_1 = require("../lib/jwt_claims_set.js");
|
||||
const produce_js_1 = require("./produce.js");
|
||||
class UnsecuredJWT extends produce_js_1.ProduceJWT {
|
||||
encode() {
|
||||
const header = base64url.encode(JSON.stringify({ alg: 'none' }));
|
||||
const payload = base64url.encode(JSON.stringify(this._payload));
|
||||
return `${header}.${payload}.`;
|
||||
}
|
||||
static decode(jwt, options) {
|
||||
if (typeof jwt !== 'string') {
|
||||
throw new errors_js_1.JWTInvalid('Unsecured JWT must be a string');
|
||||
}
|
||||
const { 0: encodedHeader, 1: encodedPayload, 2: signature, length } = jwt.split('.');
|
||||
if (length !== 3 || signature !== '') {
|
||||
throw new errors_js_1.JWTInvalid('Invalid Unsecured JWT');
|
||||
}
|
||||
let header;
|
||||
try {
|
||||
header = JSON.parse(buffer_utils_js_1.decoder.decode(base64url.decode(encodedHeader)));
|
||||
if (header.alg !== 'none')
|
||||
throw new Error();
|
||||
}
|
||||
catch {
|
||||
throw new errors_js_1.JWTInvalid('Invalid Unsecured JWT');
|
||||
}
|
||||
const payload = (0, jwt_claims_set_js_1.default)(header, base64url.decode(encodedPayload), options);
|
||||
return { payload, header };
|
||||
}
|
||||
}
|
||||
exports.UnsecuredJWT = UnsecuredJWT;
|
||||
18
node_modules/jose/dist/node/cjs/jwt/verify.js
generated
vendored
Normal file
18
node_modules/jose/dist/node/cjs/jwt/verify.js
generated
vendored
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.jwtVerify = jwtVerify;
|
||||
const verify_js_1 = require("../jws/compact/verify.js");
|
||||
const jwt_claims_set_js_1 = require("../lib/jwt_claims_set.js");
|
||||
const errors_js_1 = require("../util/errors.js");
|
||||
async function jwtVerify(jwt, key, options) {
|
||||
const verified = await (0, verify_js_1.compactVerify)(jwt, key, options);
|
||||
if (verified.protectedHeader.crit?.includes('b64') && verified.protectedHeader.b64 === false) {
|
||||
throw new errors_js_1.JWTInvalid('JWTs MUST NOT use unencoded payload');
|
||||
}
|
||||
const payload = (0, jwt_claims_set_js_1.default)(verified.protectedHeader, verified.payload, options);
|
||||
const result = { payload, protectedHeader: verified.protectedHeader };
|
||||
if (typeof key === 'function') {
|
||||
return { ...result, key: verified.key };
|
||||
}
|
||||
return result;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue