|
|
var Joi = require('joi');var timespan = require('./lib/timespan');var xtend = require('xtend');var jws = require('jws');var cb = require('cb');
var sign_options_schema = Joi.object().keys({ expiresIn: [Joi.number().integer(), Joi.string()], notBefore: [Joi.number().integer(), Joi.string()], audience: [Joi.string(), Joi.array()], algorithm: Joi.string().valid('RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'none'), header: Joi.object(), encoding: Joi.string(), issuer: Joi.string(), subject: Joi.string(), jwtid: Joi.string(), noTimestamp: Joi.boolean()});
var registered_claims_schema = Joi.object().keys({ iat: Joi.number(), exp: Joi.number(), nbf: Joi.number()}).unknown();
var options_to_payload = { 'audience': 'aud', 'issuer': 'iss', 'subject': 'sub', 'jwtid': 'jti'};
var options_for_objects = [ 'expiresIn', 'notBefore', 'noTimestamp', 'audience', 'issuer', 'subject', 'jwtid',];
module.exports = function (payload, secretOrPrivateKey, options, callback) { options = options || {};
var isObjectPayload = typeof payload === 'object' && !Buffer.isBuffer(payload);
var header = xtend({ alg: options.algorithm || 'HS256', typ: isObjectPayload ? 'JWT' : undefined }, options.header);
function failure(err) { if (callback) { return callback(err); } throw err; }
if (typeof payload === 'undefined') { return failure(new Error('payload is required')); } else if (isObjectPayload) { var payload_validation_result = registered_claims_schema.validate(payload);
if (payload_validation_result.error) { return failure(payload_validation_result.error); }
payload = xtend(payload); } else { var invalid_options = options_for_objects.filter(function (opt) { return typeof options[opt] !== 'undefined'; });
if (invalid_options.length > 0) { return failure(new Error('invalid ' + invalid_options.join(',') + ' option for ' + (typeof payload ) + ' payload')); } }
if (typeof payload.exp !== 'undefined' && typeof options.expiresIn !== 'undefined') { return failure(new Error('Bad "options.expiresIn" option the payload already has an "exp" property.')); }
if (typeof payload.nbf !== 'undefined' && typeof options.notBefore !== 'undefined') { return failure(new Error('Bad "options.notBefore" option the payload already has an "nbf" property.')); }
var validation_result = sign_options_schema.validate(options);
if (validation_result.error) { return failure(validation_result.error); }
var timestamp = payload.iat || Math.floor(Date.now() / 1000);
if (!options.noTimestamp) { payload.iat = timestamp; } else { delete payload.iat; }
if (typeof options.notBefore !== 'undefined') { payload.nbf = timespan(options.notBefore); if (typeof payload.nbf === 'undefined') { return failure(new Error('"notBefore" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60')); } }
if (typeof options.expiresIn !== 'undefined' && typeof payload === 'object') { payload.exp = timespan(options.expiresIn, timestamp); if (typeof payload.exp === 'undefined') { return failure(new Error('"expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60')); } }
Object.keys(options_to_payload).forEach(function (key) { var claim = options_to_payload[key]; if (typeof options[key] !== 'undefined') { if (typeof payload[claim] !== 'undefined') { return failure(new Error('Bad "options.' + key + '" option. The payload already has an "' + claim + '" property.')); } payload[claim] = options[key]; } });
var encoding = options.encoding || 'utf8';
if (typeof callback === 'function') { callback = callback && cb(callback).once();
jws.createSign({ header: header, privateKey: secretOrPrivateKey, payload: payload, encoding: encoding }).once('error', callback) .once('done', function (signature) { callback(null, signature); }); } else { return jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding}); }};
|
