Buckets:
| // src/middleware/jwt/jwt.ts | |
| import { getCookie, getSignedCookie } from "../../helper/cookie/index.js"; | |
| import { HTTPException } from "../../http-exception.js"; | |
| import { Jwt } from "../../utils/jwt/index.js"; | |
| import "../../context.js"; | |
| var jwt = (options) => { | |
| const verifyOpts = options.verification || {}; | |
| if (!options || !options.secret) { | |
| throw new Error('JWT auth middleware requires options for "secret"'); | |
| } | |
| if (!options.alg) { | |
| throw new Error('JWT auth middleware requires options for "alg"'); | |
| } | |
| if (!crypto.subtle || !crypto.subtle.importKey) { | |
| throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it."); | |
| } | |
| return async function jwt2(ctx, next) { | |
| const headerName = options.headerName || "Authorization"; | |
| const credentials = ctx.req.raw.headers.get(headerName); | |
| let token; | |
| if (credentials) { | |
| const parts = credentials.split(/\s+/); | |
| if (parts.length !== 2) { | |
| const errDescription = "invalid credentials structure"; | |
| throw new HTTPException(401, { | |
| message: errDescription, | |
| res: unauthorizedResponse({ | |
| ctx, | |
| error: "invalid_request", | |
| errDescription | |
| }) | |
| }); | |
| } else { | |
| token = parts[1]; | |
| } | |
| } else if (options.cookie) { | |
| if (typeof options.cookie == "string") { | |
| token = getCookie(ctx, options.cookie); | |
| } else if (options.cookie.secret) { | |
| if (options.cookie.prefixOptions) { | |
| token = await getSignedCookie( | |
| ctx, | |
| options.cookie.secret, | |
| options.cookie.key, | |
| options.cookie.prefixOptions | |
| ); | |
| } else { | |
| token = await getSignedCookie(ctx, options.cookie.secret, options.cookie.key); | |
| } | |
| } else { | |
| if (options.cookie.prefixOptions) { | |
| token = getCookie(ctx, options.cookie.key, options.cookie.prefixOptions); | |
| } else { | |
| token = getCookie(ctx, options.cookie.key); | |
| } | |
| } | |
| } | |
| if (!token) { | |
| const errDescription = "no authorization included in request"; | |
| throw new HTTPException(401, { | |
| message: errDescription, | |
| res: unauthorizedResponse({ | |
| ctx, | |
| error: "invalid_request", | |
| errDescription | |
| }) | |
| }); | |
| } | |
| let payload; | |
| let cause; | |
| try { | |
| payload = await Jwt.verify(token, options.secret, { | |
| alg: options.alg, | |
| ...verifyOpts | |
| }); | |
| } catch (e) { | |
| cause = e; | |
| } | |
| if (!payload) { | |
| throw new HTTPException(401, { | |
| message: "Unauthorized", | |
| res: unauthorizedResponse({ | |
| ctx, | |
| error: "invalid_token", | |
| statusText: "Unauthorized", | |
| errDescription: "token verification failure" | |
| }), | |
| cause | |
| }); | |
| } | |
| ctx.set("jwtPayload", payload); | |
| await next(); | |
| }; | |
| }; | |
| function unauthorizedResponse(opts) { | |
| return new Response("Unauthorized", { | |
| status: 401, | |
| statusText: opts.statusText, | |
| headers: { | |
| "WWW-Authenticate": `Bearer realm="${opts.ctx.req.url}",error="${opts.error}",error_description="${opts.errDescription}"` | |
| } | |
| }); | |
| } | |
| var verifyWithJwks = Jwt.verifyWithJwks; | |
| var verify = Jwt.verify; | |
| var decode = Jwt.decode; | |
| var sign = Jwt.sign; | |
| export { | |
| decode, | |
| jwt, | |
| sign, | |
| verify, | |
| verifyWithJwks | |
| }; | |
Xet Storage Details
- Size:
- 3.36 kB
- Xet hash:
- 57b114e5fc9ec038ef27fa7dd44aa1c7d1b9f669b26e5b067b484e7d61c65d61
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.