refactor(jwt): accept secret as first arg

boywithkeyboard-archive · Aug 18, 2023 · 3a64b86 · 3a64b86
1 parent ac6e82c
commit 3a64b86
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 16 deletions.
diff --git a/jwt.ts b/jwt.ts
@@ -3,13 +3,8 @@ import {
   decode,
   encode,
 } from 'https://deno.land/std@0.198.0/encoding/base64.ts'
-import {
-  create,
-  getNumericDate,
-  Payload as JwtPayload,
-  verify as _verify,
-  VerifyOptions,
-} from 'https://deno.land/x/djwt@v2.8/mod.ts'
+import * as Jwt from 'https://deno.land/x/djwt@v2.8/mod.ts'
+import { Context } from './mod.ts'
 
 interface Payload {
   iss?: string
@@ -55,16 +50,22 @@ export function importKey(key: string) {
  */
 // deno-lint-ignore ban-types
 export async function sign<T extends Record<string, unknown> = {}>(
+  secret: string | CryptoKey | Context,
   payload: T & Payload,
-  secret: string | CryptoKey,
 ) {
-  const key = typeof secret === 'string' ? await importKey(secret) : secret
+  const key = typeof secret === 'string'
+    ? await importKey(secret)
+    : secret instanceof Context
+    ? await importKey(
+      (secret.env('jwt_secret') ?? secret.env('JWT_SECRET')) as string,
+    )
+    : secret
 
   const { exp, nbf, ...rest } = payload
 
-  return await create({ alg: 'HS512', typ: 'JWT' }, {
-    ...(exp && { exp: getNumericDate(exp) }),
-    ...(nbf && { nbf: getNumericDate(nbf) }),
+  return await Jwt.create({ alg: 'HS512', typ: 'JWT' }, {
+    ...(exp && { exp: Jwt.getNumericDate(exp) }),
+    ...(nbf && { nbf: Jwt.getNumericDate(nbf) }),
     ...rest,
   }, key)
 }
@@ -73,14 +74,20 @@ export async function sign<T extends Record<string, unknown> = {}>(
  * Verify the validity of a JWT.
  */
 export async function verify<T extends Record<string, unknown> = Payload>(
+  secret: string | CryptoKey | Context,
   token: string,
-  secret: string | CryptoKey,
-  options?: VerifyOptions,
+  options?: Jwt.VerifyOptions,
 ) {
   try {
-    const key = typeof secret === 'string' ? await importKey(secret) : secret
+    const key = typeof secret === 'string'
+      ? await importKey(secret)
+      : secret instanceof Context
+      ? await importKey(
+        (secret.env('jwt_secret') ?? secret.env('JWT_SECRET')) as string,
+      )
+      : secret
 
-    return await _verify(token, key, options) as JwtPayload & T
+    return await Jwt.verify(token, key, options) as Jwt.Payload & T
   } catch (_err) {
     return
   }

diff --git a/test/jwt.test.ts b/test/jwt.test.ts
@@ -0,0 +1,37 @@
+// Copyright 2023 Samuel Kopp. All rights reserved. Apache-2.0 license.
+import { cheetah } from '../cheetah.ts'
+import { createKey, importKey } from '../jwt.ts'
+import { jwt } from '../mod.ts'
+import { assertEquals, assertInstanceOf } from '../test/deps.ts'
+
+Deno.test('jwt', async () => {
+  const key = await createKey()
+  const cryptoKey = await importKey(key)
+
+  assertInstanceOf(cryptoKey, CryptoKey)
+
+  const token = await jwt.sign(key, { example: 'object' })
+
+  assertEquals(await jwt.verify(await createKey(), token) === undefined, true)
+  assertEquals(await jwt.verify(key, token) !== undefined, true)
+  assertEquals(await jwt.verify(cryptoKey, token) !== undefined, true)
+
+  Deno.env.set('jwt_secret', key)
+
+  const app = new cheetah()
+
+  app.get('/one', async (c) => {
+    assertEquals(await jwt.verify(c, token) !== undefined, true)
+  })
+
+  await app.fetch(new Request('http://localhost/one'))
+
+  Deno.env.delete('jwt_secret')
+  Deno.env.set('JWT_SECRET', key)
+
+  app.get('/two', async (c) => {
+    assertEquals(await jwt.verify(c, token) !== undefined, true)
+  })
+
+  await app.fetch(new Request('http://localhost/two'))
+})
diff --git a/x/x.test.tsx b/x/x.test.tsx
@@ -5,6 +5,8 @@ import { assertEquals, assertInstanceOf } from '../test/deps.ts'
 import { h, jsx } from './jsx.tsx'
 import { createKey, importKey, sign, verify } from './jwt.ts'
 
+// TODO delete at v2.0
+
 Deno.test('x', async (t) => {
   await t.step('jwt', async () => {
     const key = await createKey()