mirror of
https://github.com/therootcompany/keyfetch.js.git
synced 2024-11-16 17:29:02 +00:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a84e833571 | |||
| 076246e4d0 | |||
| 4c85fc4009 | |||
| d5647ea905 | |||
| 2ea44e3a46 | |||
| 5ef53ecb23 | |||
| 604b42c7ef |
43
README.md
43
README.md
@ -276,32 +276,33 @@ For now you can limit the number of keys fetched by having a simple whitelist.
|
|||||||
SemVer Compatibility:
|
SemVer Compatibility:
|
||||||
|
|
||||||
- `code` & `status` will remain the same.
|
- `code` & `status` will remain the same.
|
||||||
- The `message` property of an error is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
|
- `message` is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
|
||||||
|
- `details` may be added to, but not subtracted from
|
||||||
|
|
||||||
For backwards compatibility with v1, the non-stringified `message` is the same as what it was in v1 (and the v2 message is `client_message`, which replaces `message` in v3). Don't rely on it. Rely on `code`.
|
| Hint | Code | Status | Message (truncated) |
|
||||||
|
| ----------------- | ------------- | ------ | ------------------------------------------------------ |
|
||||||
| Hint | Code | Status | Message (truncated) |
|
| bad gateway | BAD_GATEWAY | 502 | The auth token could not be verified because our se... |
|
||||||
| ------------------- | --------------- | ------ | ------------------------------------------------ |
|
| insecure issuer | MALFORMED_JWT | 400 | The auth token could not be verified because our se... |
|
||||||
| (developer error) | DEVELOPER_ERROR | 500 | test... |
|
| parse error | MALFORMED_JWT | 400 | The auth token could not be verified because it is ... |
|
||||||
| (bad gateway) | BAD_GATEWAY | 502 | The token could not be verified because our s... |
|
| no issuer | MALFORMED_JWT | 400 | The auth token could not be verified because it doe... |
|
||||||
| (insecure issuer) | MALFORMED_JWT | 400 | 'test' is NOT secure. Set env 'KEYFETCH_ALLOW... |
|
| malformed exp | MALFORMED_JWT | 400 | The auth token could not be verified because it's e... |
|
||||||
| (parse error) | MALFORMED_JWT | 400 | could not parse jwt: 'test'... |
|
| expired | INVALID_JWT | 401 | The auth token is expired. To try again, go to the ... |
|
||||||
| (no issuer) | MALFORMED_JWT | 400 | 'iss' is not defined... |
|
| inactive | INVALID_JWT | 401 | The auth token isn't valid yet. It's activation dat... |
|
||||||
| (malformed exp) | MALFORMED_JWT | 400 | token's 'exp' has passed or could not parsed:... |
|
| bad signature | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||||
| (expired) | INVALID_JWT | 401 | token's 'exp' has passed or could not parsed:... |
|
| jwk not found old | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
|
||||||
| (inactive) | INVALID_JWT | 401 | token's 'nbf' has not been reached or could n... |
|
| jwk not found | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
|
||||||
| (bad signature) | INVALID_JWT | 401 | token signature verification was unsuccessful... |
|
| no jwkws uri | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||||
| (jwk not found old) | INVALID_JWT | 401 | Retrieved a list of keys, but none of them ma... |
|
| unknown issuer | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||||
| (jwk not found) | INVALID_JWT | 401 | No JWK found by kid or thumbprint 'test'... |
|
| failed claims | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||||
| (no jwkws uri) | INVALID_JWT | 401 | Failed to retrieve openid configuration... |
|
|
||||||
| (unknown issuer) | INVALID_JWT | 401 | token was issued by an untrusted issuer: 'tes... |
|
|
||||||
| (failed claims) | INVALID_JWT | 401 | token did not match on one or more authorizat... |
|
|
||||||
|
|
||||||
# Change Log
|
# Change Log
|
||||||
|
|
||||||
Minor Breaking changes (with a major version bump):
|
Minor Breaking changes (with a major version bump):
|
||||||
|
|
||||||
- v3.0.0 - reworked error messages (also available in v2.1.0 as `client_message`)
|
- v3.0.0
|
||||||
- v2.0.0 - changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified
|
- reworked error messages (also available in v2.1.0 as `client_message`)
|
||||||
|
- started using `let` and template strings (drops _really_ old node compat)
|
||||||
|
- v2.0.0
|
||||||
|
- changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified
|
||||||
|
|
||||||
See other changes in [CHANGELOG.md](./CHANGELOG.md).
|
See other changes in [CHANGELOG.md](./CHANGELOG.md).
|
||||||
|
|||||||
@ -22,8 +22,9 @@
|
|||||||
function create(old, msg, code, status, details) {
|
function create(old, msg, code, status, details) {
|
||||||
/** @type AuthError */
|
/** @type AuthError */
|
||||||
//@ts-ignore
|
//@ts-ignore
|
||||||
var err = new Error(old);
|
let err = new Error(msg);
|
||||||
err.client_message = msg;
|
err.message = msg;
|
||||||
|
err._old_message = old;
|
||||||
err.code = code;
|
err.code = code;
|
||||||
err.status = status;
|
err.status = status;
|
||||||
if (details) {
|
if (details) {
|
||||||
@ -38,7 +39,7 @@ function create(old, msg, code, status, details) {
|
|||||||
function toJSON() {
|
function toJSON() {
|
||||||
/*jshint validthis:true*/
|
/*jshint validthis:true*/
|
||||||
return {
|
return {
|
||||||
message: this.client_message,
|
message: this.message,
|
||||||
status: this.status,
|
status: this.status,
|
||||||
code: this.code,
|
code: this.code,
|
||||||
details: this.details
|
details: this.details
|
||||||
@ -71,11 +72,11 @@ module.exports = {
|
|||||||
* @returns {AuthError}
|
* @returns {AuthError}
|
||||||
*/
|
*/
|
||||||
DEVELOPER_ERROR: function (old, msg, details) {
|
DEVELOPER_ERROR: function (old, msg, details) {
|
||||||
return create(old, msg, E_DEVELOPER, 500, details);
|
return create(old, msg || old, E_DEVELOPER, 500, details);
|
||||||
},
|
},
|
||||||
BAD_GATEWAY: function (err) {
|
BAD_GATEWAY: function (err) {
|
||||||
var msg =
|
var msg =
|
||||||
"The token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
|
"The auth token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
|
||||||
var details = [];
|
var details = [];
|
||||||
if (err.message) {
|
if (err.message) {
|
||||||
details.push("error.message = " + err.message);
|
details.push("error.message = " + err.message);
|
||||||
@ -83,7 +84,7 @@ module.exports = {
|
|||||||
if (err.response && err.response.statusCode) {
|
if (err.response && err.response.statusCode) {
|
||||||
details.push("response.statusCode = " + err.response.statusCode);
|
details.push("response.statusCode = " + err.response.statusCode);
|
||||||
}
|
}
|
||||||
return create(msg, msg, E_BAD_GATEWAY, 502);
|
return create(msg, msg, E_BAD_GATEWAY, 502, details);
|
||||||
},
|
},
|
||||||
|
|
||||||
//
|
//
|
||||||
@ -102,7 +103,7 @@ module.exports = {
|
|||||||
"DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)."
|
"DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)."
|
||||||
];
|
];
|
||||||
var msg =
|
var msg =
|
||||||
'The token could not be verified because our server could connect to its issuing server ("iss") securely.';
|
'The auth token could not be verified because our server could connect to its issuing server ("iss") securely.';
|
||||||
return create(old, msg, E_MALFORMED, 400, details);
|
return create(old, msg, E_MALFORMED, 400, details);
|
||||||
},
|
},
|
||||||
/**
|
/**
|
||||||
@ -111,7 +112,7 @@ module.exports = {
|
|||||||
*/
|
*/
|
||||||
PARSE_ERROR: function (jwt) {
|
PARSE_ERROR: function (jwt) {
|
||||||
var old = "could not parse jwt: '" + jwt + "'";
|
var old = "could not parse jwt: '" + jwt + "'";
|
||||||
var msg = "The auth token is malformed.";
|
var msg = "The auth token could not be verified because it is malformed.";
|
||||||
var details = ["jwt = " + JSON.stringify(jwt)];
|
var details = ["jwt = " + JSON.stringify(jwt)];
|
||||||
return create(old, msg, E_MALFORMED, 400, details);
|
return create(old, msg, E_MALFORMED, 400, details);
|
||||||
},
|
},
|
||||||
@ -121,7 +122,7 @@ module.exports = {
|
|||||||
*/
|
*/
|
||||||
NO_ISSUER: function (iss) {
|
NO_ISSUER: function (iss) {
|
||||||
var old = "'iss' is not defined";
|
var old = "'iss' is not defined";
|
||||||
var msg = 'The token could not be verified because it doesn\'t specify an issuer ("iss").';
|
var msg = 'The auth token could not be verified because it doesn\'t specify an issuer ("iss").';
|
||||||
var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
|
var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
|
||||||
return create(old, msg, E_MALFORMED, 400, details);
|
return create(old, msg, E_MALFORMED, 400, details);
|
||||||
},
|
},
|
||||||
@ -225,17 +226,45 @@ var Errors = module.exports;
|
|||||||
|
|
||||||
// for README
|
// for README
|
||||||
if (require.main === module) {
|
if (require.main === module) {
|
||||||
console.info("| Hint | Code | Status | Message (truncated) |");
|
let maxWidth = 54;
|
||||||
console.info("| ---- | ---- | ------ | ------------------- |");
|
let header = ["Hint", "Code", "Status", "Message (truncated)"];
|
||||||
|
let widths = header.map(function (v) {
|
||||||
|
return Math.min(maxWidth, String(v).length);
|
||||||
|
});
|
||||||
|
let rows = [];
|
||||||
Object.keys(module.exports).forEach(function (k) {
|
Object.keys(module.exports).forEach(function (k) {
|
||||||
//@ts-ignore
|
//@ts-ignore
|
||||||
var E = module.exports[k];
|
var E = module.exports[k];
|
||||||
var e = E("test");
|
var e = E("test");
|
||||||
var code = e.code;
|
var code = e.code;
|
||||||
var msg = e.message.slice(0, 45);
|
var msg = e.message;
|
||||||
var hint = k.toLowerCase().replace(/_/g, " ");
|
var hint = k.toLowerCase().replace(/_/g, " ");
|
||||||
console.info(`| (${hint}) | ${code} | ${e.status} | ${msg}... |`);
|
widths[0] = Math.max(widths[0], String(hint).length);
|
||||||
|
widths[1] = Math.max(widths[1], String(code).length);
|
||||||
|
widths[2] = Math.max(widths[2], String(e.status).length);
|
||||||
|
widths[3] = Math.min(maxWidth, Math.max(widths[3], String(msg).length));
|
||||||
|
rows.push([hint, code, e.status, msg]);
|
||||||
});
|
});
|
||||||
|
rows.forEach(function (cols, i) {
|
||||||
|
let cells = cols.map(function (col, i) {
|
||||||
|
if (col.length > maxWidth) {
|
||||||
|
col = col.slice(0, maxWidth - 3);
|
||||||
|
col += "...";
|
||||||
|
}
|
||||||
|
return String(col).padEnd(widths[i], " ");
|
||||||
|
});
|
||||||
|
let out = `| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3].slice(0, widths[3])} |`;
|
||||||
|
//out = out.replace(/\| /g, " ").replace(/\|/g, "");
|
||||||
|
console.info(out);
|
||||||
|
if (i === 0) {
|
||||||
|
cells = cols.map(function (col, i) {
|
||||||
|
return "-".padEnd(widths[i], "-");
|
||||||
|
});
|
||||||
|
console.info(`| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3]} |`);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
console.log();
|
||||||
console.log(Errors.MALFORMED_EXP());
|
console.log(Errors.MALFORMED_EXP());
|
||||||
|
console.log();
|
||||||
console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2));
|
console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2));
|
||||||
}
|
}
|
||||||
|
|||||||
4
package-lock.json
generated
4
package-lock.json
generated
@ -1,12 +1,12 @@
|
|||||||
{
|
{
|
||||||
"name": "keyfetch",
|
"name": "keyfetch",
|
||||||
"version": "2.1.0",
|
"version": "3.0.2",
|
||||||
"lockfileVersion": 2,
|
"lockfileVersion": 2,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"packages": {
|
"packages": {
|
||||||
"": {
|
"": {
|
||||||
"name": "keyfetch",
|
"name": "keyfetch",
|
||||||
"version": "2.1.0",
|
"version": "3.0.2",
|
||||||
"license": "MPL-2.0",
|
"license": "MPL-2.0",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@root/request": "^1.8.0",
|
"@root/request": "^1.8.0",
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "keyfetch",
|
"name": "keyfetch",
|
||||||
"version": "2.1.0",
|
"version": "3.0.2",
|
||||||
"description": "Lightweight support for fetching JWKs.",
|
"description": "Lightweight support for fetching JWKs.",
|
||||||
"homepage": "https://git.rootprojects.org/root/keyfetch.js",
|
"homepage": "https://git.rootprojects.org/root/keyfetch.js",
|
||||||
"main": "keyfetch.js",
|
"main": "keyfetch.js",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user