coolaj86/keyfetch.js
1
0
Fork 0
mirror of https://github.com/therootcompany/keyfetch.js.git synced 2024-11-16 17:29:02 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: coolaj86:a84e833571e4bd4949157176ec48a235e957ea96
Branches Tags
coolaj86:main
coolaj86:v2
coolaj86:v3.0.2
coolaj86:v2.1.1
coolaj86:v3.0.1
coolaj86:v3.0.0
coolaj86:v2.1.0
coolaj86:v2.0.0
coolaj86:v1.2.2
coolaj86:v1.3.0
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.10
coolaj86:v1.1.9
coolaj86:v1.1.8
coolaj86:v1.1.6
coolaj86:v1.1.2
..
compare: coolaj86:523a4f0d1a70b6c56ac248044be1553cf2a4a022
Branches Tags
coolaj86:main
coolaj86:v2
coolaj86:v3.0.2
coolaj86:v2.1.1
coolaj86:v3.0.1
coolaj86:v3.0.0
coolaj86:v2.1.0
coolaj86:v2.0.0
coolaj86:v1.2.2
coolaj86:v1.3.0
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.10
coolaj86:v1.1.9
coolaj86:v1.1.8
coolaj86:v1.1.6
coolaj86:v1.1.2

No commits in common. "a84e833571e4bd4949157176ec48a235e957ea96" and "523a4f0d1a70b6c56ac248044be1553cf2a4a022" have entirely different histories.
a84e833571 ... 523a4f0d1a

6 changed files with 92 additions and 265 deletions
Show Stats Expand all files Collapse all files

11
CHANGELOG.md
View File

@ -1,11 +0,0 @@
# v3.0.0
**Breaking Change**: Standardize error `message`s (now they're more client-friendly).
# v2.1.0
Feature: Add `code`, `status`, and `details` to errors.
# v2.0.0
**Breaking Change**: require `issuers` array (rather than `["*"]` by default).

60
README.md
View File

@ -11,7 +11,7 @@ Works great for
- [x] `jsonwebtoken` (Auth0) - [x] `jsonwebtoken` (Auth0)
- [x] OIDC (OpenID Connect) - [x] OIDC (OpenID Connect)
- [x] .well-known/jwks.json (Auth0, Okta) - [x] .well-known/jwks.json (Auth0)
- [x] Other JWKs URLs - [x] Other JWKs URLs
Crypto Support Crypto Support
@ -19,19 +19,8 @@ Crypto Support
- [x] JWT verification - [x] JWT verification
- [x] RSA (all variants) - [x] RSA (all variants)
- [x] EC / ECDSA (NIST variants P-256, P-384) - [x] EC / ECDSA (NIST variants P-256, P-384)
- [x] Sane error codes
- [ ] esoteric variants (excluded to keep the code featherweight and secure) - [ ] esoteric variants (excluded to keep the code featherweight and secure)
# Table of Contents
- Install
- Usage
- API
- Auth0 / Okta
- OIDC
- Errors
- Change Log
# Install # Install
```bash ```bash
@ -259,50 +248,3 @@ keyfetch.init({
There is no background task to cleanup expired keys as of yet. There is no background task to cleanup expired keys as of yet.
For now you can limit the number of keys fetched by having a simple whitelist. For now you can limit the number of keys fetched by having a simple whitelist.
# Errors
`JSON.stringify()`d errors look like this:
```js
{
code: "INVALID_JWT",
status: 401,
details: [ "jwt.claims.exp = 1634804500", "DEBUG: helpful message" ]
message: "token's 'exp' has passed or could not parsed: 1634804500"
}
```
SemVer Compatibility:
- `code` & `status` will remain the same.
- `message` is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
- `details` may be added to, but not subtracted from
| Hint | Code | Status | Message (truncated) |
| ----------------- | ------------- | ------ | ------------------------------------------------------ |
| bad gateway | BAD_GATEWAY | 502 | The auth token could not be verified because our se... |
| insecure issuer | MALFORMED_JWT | 400 | The auth token could not be verified because our se... |
| parse error | MALFORMED_JWT | 400 | The auth token could not be verified because it is ... |
| no issuer | MALFORMED_JWT | 400 | The auth token could not be verified because it doe... |
| malformed exp | MALFORMED_JWT | 400 | The auth token could not be verified because it's e... |
| expired | INVALID_JWT | 401 | The auth token is expired. To try again, go to the ... |
| inactive | INVALID_JWT | 401 | The auth token isn't valid yet. It's activation dat... |
| bad signature | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| jwk not found old | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
| jwk not found | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
| no jwkws uri | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| unknown issuer | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| failed claims | INVALID_JWT | 401 | The auth token did not pass verification because it... |
# Change Log
Minor Breaking changes (with a major version bump):
- v3.0.0
- reworked error messages (also available in v2.1.0 as `client_message`)
- started using `let` and template strings (drops _really_ old node compat)
- v2.0.0
- changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified
See other changes in [CHANGELOG.md](./CHANGELOG.md).

74
keyfetch.js
View File

@ -19,7 +19,7 @@ async function requestAsync(req) {
// differentiate potentially temporary server errors from 404 // differentiate potentially temporary server errors from 404
if (!resp.ok && (resp.statusCode >= 500 || resp.statusCode < 200)) { if (!resp.ok && (resp.statusCode >= 500 || resp.statusCode < 200)) {
throw Errors.BAD_GATEWAY({ response: resp }); throw Errors.BAD_GATEWAY();
} }
return resp; return resp;
@ -37,8 +37,6 @@ function checkMinDefaultMax(opts, key, n, d, x) {
} }
} }
keyfetch._errors = Errors;
keyfetch._clear = function () { keyfetch._clear = function () {
keyCache = {}; keyCache = {};
}; };
@ -48,15 +46,14 @@ keyfetch.init = function (opts) {
staletime = checkMinDefaultMax(opts, "staletime", 1 * 60, staletime, 31 * 24 * 60 * 60); staletime = checkMinDefaultMax(opts, "staletime", 1 * 60, staletime, 31 * 24 * 60 * 60);
}; };
keyfetch._oidc = async function (iss) { keyfetch._oidc = async function (iss) {
var url = normalizeIss(iss) + "/.well-known/openid-configuration";
var resp = await requestAsync({ var resp = await requestAsync({
url: url, url: normalizeIss(iss) + "/.well-known/openid-configuration",
json: true json: true
}); });
var oidcConf = resp.body; var oidcConf = resp.body;
if (!oidcConf.jwks_uri) { if (!oidcConf.jwks_uri) {
throw Errors.NO_JWKS_URI(url); throw Errors.OIDC_CONFIG_NOT_FOUND();
} }
return oidcConf; return oidcConf;
}; };
@ -196,7 +193,7 @@ keyfetch._setCache = function (iss, cacheable) {
function normalizeIss(iss) { function normalizeIss(iss) {
if (!iss) { if (!iss) {
throw Errors.NO_ISSUER(); throw Errors.TOKEN_NO_ISSUER();
} }
// We definitely don't want false negatives stemming // We definitely don't want false negatives stemming
@ -220,7 +217,7 @@ keyfetch.jwt.decode = function (jwt) {
obj.claims = JSON.parse(Buffer.from(obj.payload, "base64")); obj.claims = JSON.parse(Buffer.from(obj.payload, "base64"));
return obj; return obj;
} catch (e) { } catch (e) {
var err = Errors.PARSE_ERROR(jwt); var err = Errors.TOKEN_PARSE_ERROR(jwt);
err.details = e.message; err.details = e.message;
throw err; throw err;
} }
@ -230,7 +227,7 @@ keyfetch.jwt.verify = async function (jwt, opts) {
opts = {}; opts = {};
} }
var jws; var decoded;
var exp; var exp;
var nbf; var nbf;
var active; var active;
@ -252,68 +249,60 @@ keyfetch.jwt.verify = async function (jwt, opts) {
} }
var claims = opts.claims || {}; var claims = opts.claims || {};
if (!jwt || "string" === typeof jwt) { if (!jwt || "string" === typeof jwt) {
jws = keyfetch.jwt.decode(jwt); decoded = keyfetch.jwt.decode(jwt);
} else { } else {
jws = jwt; decoded = jwt;
} }
if (!jws.claims.iss || !issuers.some(isTrustedIssuer(jws.claims.iss))) { if (!decoded.claims.iss || !issuers.some(isTrustedIssuer(decoded.claims.iss))) {
if (!(opts.jwk || opts.jwks)) { if (!(opts.jwk || opts.jwks)) {
throw Errors.UNKNOWN_ISSUER(jws.claims.iss || ""); throw Errors.ISSUER_NOT_TRUSTED(decoded.claims.iss || "");
} }
} }
// Note claims.iss validates more strictly than opts.issuers (requires exact match) // Note claims.iss validates more strictly than opts.issuers (requires exact match)
var failedClaims = Object.keys(claims) if (
.filter(function (key) { !Object.keys(claims).every(function (key) {
if (claims[key] !== jws.claims[key]) { if (claims[key] === decoded.claims[key]) {
return true; return true;
} }
}) })
.map(function (key) { ) {
return "jwt.claims." + key + " = " + JSON.stringify(jws.claims[key]); throw Errors.CLAIMS_MISMATCH(Object.keys(claims));
});
if (failedClaims.length) {
throw Errors.FAILED_CLAIMS(failedClaims, Object.keys(claims));
} }
exp = jws.claims.exp; exp = decoded.claims.exp;
if (exp && false !== opts.exp) { if (exp && false !== opts.exp) {
now = Date.now(); now = Date.now();
// TODO document that opts.exp can be used as leeway? Or introduce opts.leeway? // TODO document that opts.exp can be used as leeway? Or introduce opts.leeway?
// fair, but not necessary
exp = parseInt(exp, 10);
if (isNaN(exp)) {
throw Errors.MALFORMED_EXP(JSON.stringify(jws.claims.exp));
}
then = (opts.exp || 0) + parseInt(exp, 10); then = (opts.exp || 0) + parseInt(exp, 10);
active = then - now / 1000 > 0; active = then - now / 1000 > 0;
// expiration was on the token or, if not, such a token is not allowed // expiration was on the token or, if not, such a token is not allowed
if (!active) { if (!active) {
throw Errors.EXPIRED(exp); throw Errors.TOKEN_EXPIRED(exp);
} }
} }
nbf = jws.claims.nbf; nbf = decoded.claims.nbf;
if (nbf) { if (nbf) {
active = parseInt(nbf, 10) - Date.now() / 1000 <= 0; active = parseInt(nbf, 10) - Date.now() / 1000 <= 0;
if (!active) { if (!active) {
throw Errors.INACTIVE(nbf); throw Errors.TOKEN_INACTIVE(nbf);
} }
} }
if (opts.jwks || opts.jwk) { if (opts.jwks || opts.jwk) {
return overrideLookup(opts.jwks || [opts.jwk]); return overrideLookup(opts.jwks || [opts.jwk]);
} }
var kid = jws.header.kid; var kid = decoded.header.kid;
var iss; var iss;
var fetcher; var fetcher;
var fetchOne; var fetchOne;
if (!opts.strategy || "oidc" === opts.strategy) { if (!opts.strategy || "oidc" === opts.strategy) {
iss = jws.claims.iss; iss = decoded.claims.iss;
fetcher = keyfetch.oidcJwks; fetcher = keyfetch.oidcJwks;
fetchOne = keyfetch.oidcJwk; fetchOne = keyfetch.oidcJwk;
} else if ("auth0" === opts.strategy || "well-known" === opts.strategy) { } else if ("auth0" === opts.strategy || "well-known" === opts.strategy) {
iss = jws.claims.iss; iss = decoded.claims.iss;
fetcher = keyfetch.wellKnownJwks; fetcher = keyfetch.wellKnownJwks;
fetchOne = keyfetch.wellKnownJwk; fetchOne = keyfetch.wellKnownJwk;
} else { } else {
@ -328,10 +317,10 @@ keyfetch.jwt.verify = async function (jwt, opts) {
return fetcher(iss).then(verifyAny); return fetcher(iss).then(verifyAny);
function verifyOne(hit) { function verifyOne(hit) {
if (true === keyfetch.jws.verify(jws, hit)) { if (true === keyfetch.jws.verify(decoded, hit)) {
return jws; return decoded;
} }
throw Errors.BAD_SIGNATURE(jws.protected + "." + jws.payload + "." + jws.signature); throw Errors.TOKEN_INVALID_SIGNATURE();
} }
function verifyAny(hits) { function verifyAny(hits) {
@ -341,19 +330,20 @@ keyfetch.jwt.verify = async function (jwt, opts) {
if (kid !== hit.jwk.kid && kid !== hit.thumbprint) { if (kid !== hit.jwk.kid && kid !== hit.thumbprint) {
return; return;
} }
if (true === keyfetch.jws.verify(jws, hit)) { if (true === keyfetch.jws.verify(decoded, hit)) {
return true; return true;
} }
throw Errors.BAD_SIGNATURE(); throw Errors.TOKEN_INVALID_SIGNATURE();
} } else {
if (true === keyfetch.jws.verify(jws, hit)) { if (true === keyfetch.jws.verify(decoded, hit)) {
return true; return true;
} }
}
}) })
) { ) {
return jws; return decoded;
} }
throw Errors.JWK_NOT_FOUND_OLD(kid); throw Errors.TOKEN_UNKNOWN_SIGNER();
} }
function overrideLookup(jwks) { function overrideLookup(jwks) {

204
lib/errors.js
View File

@ -19,47 +19,30 @@
* }} opts * }} opts
* @returns {AuthError} * @returns {AuthError}
*/ */
function create(old, msg, code, status, details) { function create(msg, { status = 401, code = "", details }) {
/** @type AuthError */ /** @type AuthError */
//@ts-ignore //@ts-ignore
let err = new Error(msg); var err = new Error(msg);
err.message = msg; err.message = err.message;
err._old_message = old;
err.code = code;
err.status = status; err.status = status;
err.code = code;
if (details) { if (details) {
err.details = details; err.details = details;
} }
err.source = "keyfetch"; err.source = "keyfetch";
err.toJSON = toJSON;
err.toString = toString;
return err; return err;
} }
function toJSON() {
/*jshint validthis:true*/
return {
message: this.message,
status: this.status,
code: this.code,
details: this.details
};
}
function toString() {
/*jshint validthis:true*/
return this.stack + "\n" + JSON.stringify(this);
}
// DEVELOPER_ERROR - a good token won't make a difference // DEVELOPER_ERROR - a good token won't make a difference
var E_DEVELOPER = "DEVELOPER_ERROR"; var E_DEVELOPER = "DEVELOPER_ERROR";
// BAD_GATEWAY - there may be a temporary error fetching the public or or whatever // BAD_GATEWAY - there may be a temporary error fetching the public or or whatever
var E_BAD_GATEWAY = "BAD_GATEWAY"; var E_BAD_GATEWAY = "BAD_GATEWAY";
// MALFORMED_JWT - the token could not be verified - not parsable, missing claims, etc // MALFORMED_TOKEN - the token could not be verified - not parsable, missing claims, etc
var E_MALFORMED = "MALFORMED_JWT"; var E_MALFORMED = "MALFORMED_JWT";
// INVALID_JWT - the token's properties don't meet requirements - iss, claims, sig, exp // INVALID_TOKEN - the token's properties don't meet requirements - iss, claims, sig, exp
var E_INVALID = "INVALID_JWT"; var E_INVALID = "INVALID_JWT";
module.exports = { module.exports = {
@ -71,20 +54,12 @@ module.exports = {
* @param {string} msg * @param {string} msg
* @returns {AuthError} * @returns {AuthError}
*/ */
DEVELOPER_ERROR: function (old, msg, details) { DEVELOPER_ERROR: function (msg) {
return create(old, msg || old, E_DEVELOPER, 500, details); return create(msg, { status: 500, code: E_DEVELOPER });
}, },
BAD_GATEWAY: function (err) { BAD_GATEWAY: function (/*err*/) {
var msg = var msg = "The server encountered a network error or a bad gateway.";
"The auth token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server."; return create(msg, { status: 502, code: E_BAD_GATEWAY });
var details = [];
if (err.message) {
details.push("error.message = " + err.message);
}
if (err.response && err.response.statusCode) {
details.push("response.statusCode = " + err.response.statusCode);
}
return create(msg, msg, E_BAD_GATEWAY, 502, details);
}, },
// //
@ -96,46 +71,25 @@ module.exports = {
* @returns {AuthError} * @returns {AuthError}
*/ */
INSECURE_ISSUER: function (iss) { INSECURE_ISSUER: function (iss) {
var old =
"'" + iss + "' is NOT secure. Set env 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow for testing. (iss)";
var details = [
"jwt.claims.iss = " + JSON.stringify(iss),
"DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)."
];
var msg = var msg =
'The auth token could not be verified because our server could connect to its issuing server ("iss") securely.'; "'" + iss + "' is NOT secure. Set env 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow for testing. (iss)";
return create(old, msg, E_MALFORMED, 400, details); return create(msg, { status: 400, code: E_MALFORMED });
}, },
/** /**
* @param {string} jwt * @param {string} jwt
* @returns {AuthError} * @returns {AuthError}
*/ */
PARSE_ERROR: function (jwt) { TOKEN_PARSE_ERROR: function (jwt) {
var old = "could not parse jwt: '" + jwt + "'"; var msg = "could not parse jwt: '" + jwt + "'";
var msg = "The auth token could not be verified because it is malformed."; return create(msg, { status: 400, code: E_MALFORMED });
var details = ["jwt = " + JSON.stringify(jwt)];
return create(old, msg, E_MALFORMED, 400, details);
}, },
/** /**
* @param {string} iss * @param {string} iss
* @returns {AuthError} * @returns {AuthError}
*/ */
NO_ISSUER: function (iss) { TOKEN_NO_ISSUER: function (iss) {
var old = "'iss' is not defined"; var msg = "'iss' is not defined";
var msg = 'The auth token could not be verified because it doesn\'t specify an issuer ("iss").'; return create(msg, { status: 400, code: E_MALFORMED });
var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
return create(old, msg, E_MALFORMED, 400, details);
},
/**
* @param {string} iss
* @returns {AuthError}
*/
MALFORMED_EXP: function (exp) {
var old = "token's 'exp' has passed or could not parsed: '" + exp + "'";
var msg = 'The auth token could not be verified because it\'s expiration date ("exp") could not be read';
var details = ["jwt.claims.exp = " + JSON.stringify(exp)];
return create(old, msg, E_MALFORMED, 400, details);
}, },
// //
@ -146,125 +100,77 @@ module.exports = {
* @param {number} exp * @param {number} exp
* @returns {AuthError} * @returns {AuthError}
*/ */
EXPIRED: function (exp) { TOKEN_EXPIRED: function (exp) {
var old = "token's 'exp' has passed or could not parsed: '" + exp + "'"; //var msg = "The auth token is expired. (exp='" + exp + "')";
// var msg = "The auth token did not pass verification because it is expired.not properly signed."; var msg = "token's 'exp' has passed or could not parsed: '" + exp + "'";
var msg = "The auth token is expired. To try again, go to the main page and sign in."; return create(msg, { code: E_INVALID });
var details = ["jwt.claims.exp = " + JSON.stringify(exp)];
return create(old, msg, E_INVALID, 401, details);
}, },
/** /**
* @param {number} nbf * @param {number} nbf
* @returns {AuthError} * @returns {AuthError}
*/ */
INACTIVE: function (nbf) { TOKEN_INACTIVE: function (nbf) {
var old = "token's 'nbf' has not been reached or could not parsed: '" + nbf + "'"; //var msg = "The auth token is not active yet. (nbf='" + nbf + "')";
var msg = "The auth token isn't valid yet. It's activation date (\"nbf\") is in the future."; var msg = "token's 'nbf' has not been reached or could not parsed: '" + nbf + "'";
var details = ["jwt.claims.nbf = " + JSON.stringify(nbf)]; return create(msg, { code: E_INVALID });
return create(old, msg, E_INVALID, 401, details);
}, },
/** @returns {AuthError} */ /** @returns {AuthError} */
BAD_SIGNATURE: function (jwt) { TOKEN_INVALID_SIGNATURE: function () {
var old = "token signature verification was unsuccessful"; //var msg = "The auth token is not properly signed and could not be verified.";
var msg = "The auth token did not pass verification because it is not properly signed."; var msg = "token signature verification was unsuccessful";
var details = ["jwt = " + JSON.stringify(jwt)]; return create(msg, { code: E_INVALID });
return create(old, msg, E_INVALID, 401, details);
}, },
/** /** @returns {AuthError} */
* @param {string} kid TOKEN_UNKNOWN_SIGNER: function () {
* @returns {AuthError} var msg = "Retrieved a list of keys, but none of them matched the 'kid' (key id) of the token.";
*/ return create(msg, { code: E_INVALID });
JWK_NOT_FOUND_OLD: function (kid) {
var old = "Retrieved a list of keys, but none of them matched the 'kid' (key id) of the token.";
var msg =
'The auth token did not pass verification because our server couldn\'t find a mutually trusted verification key ("jwk").';
var details = ["jws.header.kid = " + JSON.stringify(kid)];
return create(old, msg, E_INVALID, 401, details);
}, },
/** /**
* @param {string} id * @param {string} id
* @returns {AuthError} * @returns {AuthError}
*/ */
JWK_NOT_FOUND: function (id) { JWK_NOT_FOUND: function (id) {
// TODO Distinguish between when it's a kid vs thumbprint. var msg = "No JWK found by kid or thumbprint '" + id + "'";
var old = "No JWK found by kid or thumbprint '" + id + "'"; return create(msg, { code: E_INVALID });
var msg =
'The auth token did not pass verification because our server couldn\'t find a mutually trusted verification key ("jwk").';
var details = ["jws.header.kid = " + JSON.stringify(id)];
return create(old, msg, E_INVALID, 401, details);
}, },
/** @returns {AuthError} */ /** @returns {AuthError} */
NO_JWKWS_URI: function (url) { OIDC_CONFIG_NOT_FOUND: function () {
var old = "Failed to retrieve openid configuration"; //var msg = "Failed to retrieve OpenID configuration for token issuer";
var msg = var msg = "Failed to retrieve openid configuration";
'The auth token did not pass verification because its issuing server did not list any verification keys ("jwks").'; return create(msg, { code: E_INVALID });
var details = ["OpenID Provider Configuration: " + JSON.stringify(url)];
return create(old, msg, E_INVALID, 401, details);
}, },
/** /**
* @param {string} iss * @param {string} iss
* @returns {AuthError} * @returns {AuthError}
*/ */
UNKNOWN_ISSUER: function (iss) { ISSUER_NOT_TRUSTED: function (iss) {
var old = "token was issued by an untrusted issuer: '" + iss + "'"; var msg = "token was issued by an untrusted issuer: '" + iss + "'";
var msg = "The auth token did not pass verification because it wasn't issued by a server that we trust."; return create(msg, { code: E_INVALID });
var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
return create(old, msg, E_INVALID, 401, details);
}, },
/** /**
* @param {Array<string>} details * @param {Array<string>} claimNames
* @returns {AuthError} * @returns {AuthError}
*/ */
FAILED_CLAIMS: function (details, claimNames) { CLAIMS_MISMATCH: function (claimNames) {
var old = "token did not match on one or more authorization claims: '" + claimNames + "'"; var msg = "token did not match on one or more authorization claims: '" + claimNames + "'";
var msg = return create(msg, { code: E_INVALID });
'The auth token did not pass verification because it failed some of the verification criteria ("claims").';
return create(old, msg, E_INVALID, 401, details);
} }
}; };
var Errors = module.exports;
// for README // for README
if (require.main === module) { if (require.main === module) {
let maxWidth = 54; console.info("| Name | Status | Message (truncated) |");
let header = ["Hint", "Code", "Status", "Message (truncated)"]; console.info("| ---- | ------ | ------------------- |");
let widths = header.map(function (v) {
return Math.min(maxWidth, String(v).length);
});
let rows = [];
Object.keys(module.exports).forEach(function (k) { Object.keys(module.exports).forEach(function (k) {
//@ts-ignore //@ts-ignore
var E = module.exports[k]; var E = module.exports[k];
var e = E("test"); var e = E();
var code = e.code; var code = e.code;
var msg = e.message; var msg = e.message;
var hint = k.toLowerCase().replace(/_/g, " "); if ("E_" + k !== e.code) {
widths[0] = Math.max(widths[0], String(hint).length); code = k;
widths[1] = Math.max(widths[1], String(code).length); msg = e.details || msg;
widths[2] = Math.max(widths[2], String(e.status).length);
widths[3] = Math.min(maxWidth, Math.max(widths[3], String(msg).length));
rows.push([hint, code, e.status, msg]);
});
rows.forEach(function (cols, i) {
let cells = cols.map(function (col, i) {
if (col.length > maxWidth) {
col = col.slice(0, maxWidth - 3);
col += "...";
} }
return String(col).padEnd(widths[i], " "); console.info(`| ${code} | ${e.status} | ${msg.slice(0, 45)}... |`);
}); });
let out = `| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3].slice(0, widths[3])} |`;
//out = out.replace(/\| /g, " ").replace(/\|/g, "");
console.info(out);
if (i === 0) {
cells = cols.map(function (col, i) {
return "-".padEnd(widths[i], "-");
});
console.info(`| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3]} |`);
}
});
console.log();
console.log(Errors.MALFORMED_EXP());
console.log();
console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2));
} }

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{ {
"name": "keyfetch", "name": "keyfetch",
"version": "3.0.2", "version": "2.0.0",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "keyfetch", "name": "keyfetch",
"version": "3.0.2", "version": "2.0.0",
"license": "MPL-2.0", "license": "MPL-2.0",
"dependencies": { "dependencies": {
"@root/request": "^1.8.0", "@root/request": "^1.8.0",

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "keyfetch", "name": "keyfetch",
"version": "3.0.2", "version": "2.0.0",
"description": "Lightweight support for fetching JWKs.", "description": "Lightweight support for fetching JWKs.",
"homepage": "https://git.rootprojects.org/root/keyfetch.js", "homepage": "https://git.rootprojects.org/root/keyfetch.js",
"main": "keyfetch.js", "main": "keyfetch.js",