2024-11-16 17:29:02 +00:00
4 changed files with 33 additions and 59 deletions
--- a/README.md
+++ b/README.md
@ -276,24 +276,26 @@ For now you can limit the number of keys fetched by having a simple whitelist.
 SemVer Compatibility:
 -   `code` & `status` will remain the same.
-   `message` is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
+-   The `message` property of an error is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
-   `details` may be added to, but not subtracted from
+
 For backwards compatibility with v1, the non-stringified `message` is the same as what it was in v1 (and the v2 message is `client_message`, which replaces `message` in v3). Don't rely on it. Rely on `code`.
 | Hint                | Code            | Status | Message (truncated)                              |
-| ----------------- | ------------- | ------ | ------------------------------------------------------ |
+| ------------------- | --------------- | ------ | ------------------------------------------------ |
-| bad gateway       | BAD_GATEWAY   | 502    | The auth token could not be verified because our se... |
+| (developer error)   | DEVELOPER_ERROR | 500    | test...                                          |
-| insecure issuer   | MALFORMED_JWT | 400    | The auth token could not be verified because our se... |
+| (bad gateway)       | BAD_GATEWAY     | 502    | The token could not be verified because our s... |
-| parse error       | MALFORMED_JWT | 400    | The auth token could not be verified because it is ... |
+| (insecure issuer)   | MALFORMED_JWT   | 400    | 'test' is NOT secure. Set env 'KEYFETCH_ALLOW... |
-| no issuer         | MALFORMED_JWT | 400    | The auth token could not be verified because it doe... |
+| (parse error)       | MALFORMED_JWT   | 400    | could not parse jwt: 'test'...                   |
-| malformed exp     | MALFORMED_JWT | 400    | The auth token could not be verified because it's e... |
+| (no issuer)         | MALFORMED_JWT   | 400    | 'iss' is not defined...                          |
-| expired           | INVALID_JWT   | 401    | The auth token is expired. To try again, go to the ... |
+| (malformed exp)     | MALFORMED_JWT   | 400    | token's 'exp' has passed or could not parsed:... |
-| inactive          | INVALID_JWT   | 401    | The auth token isn't valid yet. It's activation dat... |
+| (expired)           | INVALID_JWT     | 401    | token's 'exp' has passed or could not parsed:... |
-| bad signature     | INVALID_JWT   | 401    | The auth token did not pass verification because it... |
+| (inactive)          | INVALID_JWT     | 401    | token's 'nbf' has not been reached or could n... |
-| jwk not found old | INVALID_JWT   | 401    | The auth token did not pass verification because ou... |
+| (bad signature)     | INVALID_JWT     | 401    | token signature verification was unsuccessful... |
-| jwk not found     | INVALID_JWT   | 401    | The auth token did not pass verification because ou... |
+| (jwk not found old) | INVALID_JWT     | 401    | Retrieved a list of keys, but none of them ma... |
-| no jwkws uri      | INVALID_JWT   | 401    | The auth token did not pass verification because it... |
+| (jwk not found)     | INVALID_JWT     | 401    | No JWK found by kid or thumbprint 'test'...      |
-| unknown issuer    | INVALID_JWT   | 401    | The auth token did not pass verification because it... |
+| (no jwkws uri)      | INVALID_JWT     | 401    | Failed to retrieve openid configuration...       |
-| failed claims     | INVALID_JWT   | 401    | The auth token did not pass verification because it... |
+| (unknown issuer)    | INVALID_JWT     | 401    | token was issued by an untrusted issuer: 'tes... |
 | (failed claims)     | INVALID_JWT     | 401    | token did not match on one or more authorizat... |
 # Change Log
--- a/lib/errors.js
+++ b/lib/errors.js
@ -39,7 +39,7 @@ function create(old, msg, code, status, details) {
 function toJSON() {
    /*jshint validthis:true*/
    return {
-        message: this.message,
+        message: this.client_message,
        status: this.status,
        code: this.code,
        details: this.details
@ -72,11 +72,11 @@ module.exports = {
     * @returns {AuthError}
     */
    DEVELOPER_ERROR: function (old, msg, details) {
-        return create(old, msg || old, E_DEVELOPER, 500, details);
+        return create(old, msg, E_DEVELOPER, 500, details);
    },
    BAD_GATEWAY: function (err) {
        var msg =
-            "The auth token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
+            "The token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
        var details = [];
        if (err.message) {
            details.push("error.message = " + err.message);
@ -84,7 +84,7 @@ module.exports = {
        if (err.response && err.response.statusCode) {
            details.push("response.statusCode = " + err.response.statusCode);
        }
-        return create(msg, msg, E_BAD_GATEWAY, 502, details);
+        return create(msg, msg, E_BAD_GATEWAY, 502);
    },
    //
@ -103,7 +103,7 @@ module.exports = {
            "DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)."
        ];
        var msg =
-            'The auth token could not be verified because our server could connect to its issuing server ("iss") securely.';
+            'The token could not be verified because our server could connect to its issuing server ("iss") securely.';
        return create(old, msg, E_MALFORMED, 400, details);
    },
    /**
@ -112,7 +112,7 @@ module.exports = {
     */
    PARSE_ERROR: function (jwt) {
        var old = "could not parse jwt: '" + jwt + "'";
-        var msg = "The auth token could not be verified because it is malformed.";
+        var msg = "The auth token is malformed.";
        var details = ["jwt = " + JSON.stringify(jwt)];
        return create(old, msg, E_MALFORMED, 400, details);
    },
@ -122,7 +122,7 @@ module.exports = {
     */
    NO_ISSUER: function (iss) {
        var old = "'iss' is not defined";
-        var msg = 'The auth token could not be verified because it doesn\'t specify an issuer ("iss").';
+        var msg = 'The token could not be verified because it doesn\'t specify an issuer ("iss").';
        var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
        return create(old, msg, E_MALFORMED, 400, details);
    },
@ -226,45 +226,17 @@ var Errors = module.exports;
 // for README
 if (require.main === module) {
-    let maxWidth = 54;
+    console.info("| Hint | Code | Status | Message (truncated) |");
-    let header = ["Hint", "Code", "Status", "Message (truncated)"];
+    console.info("| ---- | ---- | ------ | ------------------- |");
    let widths = header.map(function (v) {
        return Math.min(maxWidth, String(v).length);
    });
    let rows = [];
    Object.keys(module.exports).forEach(function (k) {
        //@ts-ignore
        var E = module.exports[k];
        var e = E("test");
        var code = e.code;
-        var msg = e.message;
+        var msg = e.message.slice(0, 45);
        var hint = k.toLowerCase().replace(/_/g, " ");
-        widths[0] = Math.max(widths[0], String(hint).length);
+        console.info(`| (${hint}) | ${code} | ${e.status} | ${msg}... |`);
        widths[1] = Math.max(widths[1], String(code).length);
        widths[2] = Math.max(widths[2], String(e.status).length);
        widths[3] = Math.min(maxWidth, Math.max(widths[3], String(msg).length));
        rows.push([hint, code, e.status, msg]);
    });
    rows.forEach(function (cols, i) {
        let cells = cols.map(function (col, i) {
            if (col.length > maxWidth) {
                col = col.slice(0, maxWidth - 3);
                col += "...";
            }
            return String(col).padEnd(widths[i], " ");
        });
        let out = `| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3].slice(0, widths[3])} |`;
        //out = out.replace(/\| /g, " ").replace(/\|/g, "");
        console.info(out);
        if (i === 0) {
            cells = cols.map(function (col, i) {
                return "-".padEnd(widths[i], "-");
            });
            console.info(`| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3]} |`);
        }
    });
    console.log();
    console.log(Errors.MALFORMED_EXP());
    console.log();
    console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2));
 }
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
    "name": "keyfetch",
-    "version": "3.0.2",
+    "version": "3.0.0",
    "lockfileVersion": 2,
    "requires": true,
    "packages": {
        "": {
            "name": "keyfetch",
-            "version": "3.0.2",
+            "version": "3.0.0",
            "license": "MPL-2.0",
            "dependencies": {
                "@root/request": "^1.8.0",
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
    "name": "keyfetch",
-    "version": "3.0.2",
+    "version": "3.0.0",
    "description": "Lightweight support for fetching JWKs.",
    "homepage": "https://git.rootprojects.org/root/keyfetch.js",
    "main": "keyfetch.js",