Improve type safety and compatibility with Bun #2879
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
matthieusieben
commented
Oct 25, 2024
|
|
||
| protected async getKey() { | ||
| export class JoseKey<J extends Jwk = Jwk> extends Key<J> { | ||
| protected async getKeyObj(alg: string) { |
There was a problem hiding this comment.
This is the change that fixes compatibility with bun
Comment on lines
+85
to
126
| async verifyJwt<C extends string = never>( | ||
| token: SignedJwt, | ||
| options?: VerifyOptions<C>, | ||
| ): Promise<VerifyResult<C>> { | ||
| try { | ||
| const keyObj = await this.getKey() | ||
| const result = await jwtVerify(token, keyObj, { | ||
| ...options, | ||
| algorithms: this.algorithms, | ||
| } as JWTVerifyOptions) | ||
|
|
||
| return result as VerifyResult<P, C> | ||
| } catch (error) { | ||
| if (error instanceof JOSEError) { | ||
| throw new JwtVerifyError(error.message, error.code, { cause: error }) | ||
| const result = await jwtVerify( | ||
| token, | ||
| async ({ alg }) => this.getKeyObj(alg), | ||
| { ...options, algorithms: this.algorithms } as JWTVerifyOptions, | ||
| ) | ||
|
|
||
| // @NOTE if all tokens are signed exclusively through createJwt(), then | ||
| // there should be no need to parse the payload and headers here. But | ||
| // since the JWT could have been signed with the same key from somewhere | ||
| // else, let's parse it to ensure the integrity (and type safety) of the | ||
| // data. | ||
| const headerParsed = jwtHeaderSchema.safeParse(result.protectedHeader) | ||
| if (!headerParsed.success) { | ||
| throw new JwtVerifyError('Invalid JWT header', undefined, { | ||
| cause: headerParsed.error, | ||
| }) | ||
| } | ||
|
|
||
| const payloadParsed = jwtPayloadSchema.safeParse(result.payload) | ||
| if (!payloadParsed.success) { | ||
| throw new JwtVerifyError('Invalid JWT payload', undefined, { | ||
| cause: payloadParsed.error, | ||
| }) | ||
| } | ||
|
|
||
| return { | ||
| protectedHeader: headerParsed.data, | ||
| // "requiredClaims" enforced by jwtVerify() | ||
| payload: payloadParsed.data as RequiredKey<JwtPayload, C>, | ||
| } | ||
| } catch (cause) { | ||
| if (cause instanceof JOSEError) { | ||
| throw new JwtVerifyError(cause.message, cause.code, { cause }) | ||
| } else { | ||
| throw JwtVerifyError.from(error) | ||
| throw JwtVerifyError.from(cause) | ||
| } | ||
| } |
There was a problem hiding this comment.
Removed type casting & replaced with actual validation to ensure type safety.
| /** "crit" (Critical) Header Parameter */ | ||
| crit: z.array(z.string()).optional(), | ||
| }) | ||
| .passthrough() |
There was a problem hiding this comment.
Avoid stripping unknown keys.
| ) | ||
| .optional(), | ||
| }) | ||
| .passthrough() |
There was a problem hiding this comment.
Avoid stripping unknown keys.
| @@ -24,25 +26,28 @@ export abstract class Key { | |||
| return false | |||
| } | |||
|
|
|||
| get privateJwk(): Jwk | undefined { | |||
| get privateJwk(): Readonly<J> | undefined { | |||
There was a problem hiding this comment.
returned value should not be altered
| } | ||
|
|
||
| @cachedGetter | ||
| get bareJwk(): Jwk | undefined { | ||
| get bareJwk(): Readonly<Jwk> | undefined { |
There was a problem hiding this comment.
returned value should not be altered (because it is cached)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.