mirror of
https://github.com/therootcompany/keyfetch.js.git
synced 2025-03-12 19:41:10 +00:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a84e833571 | |||
| 076246e4d0 | |||
| 4c85fc4009 | |||
| d5647ea905 | |||
| 2ea44e3a46 | |||
| 5ef53ecb23 | |||
| 604b42c7ef |
43
README.md
43
README.md
@ -276,32 +276,33 @@ For now you can limit the number of keys fetched by having a simple whitelist.
|
||||
SemVer Compatibility:
|
||||
|
||||
- `code` & `status` will remain the same.
|
||||
- The `message` property of an error is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
|
||||
- `message` is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
|
||||
- `details` may be added to, but not subtracted from
|
||||
|
||||
For backwards compatibility with v1, the non-stringified `message` is the same as what it was in v1 (and the v2 message is `client_message`, which replaces `message` in v3). Don't rely on it. Rely on `code`.
|
||||
|
||||
| Hint | Code | Status | Message (truncated) |
|
||||
| ------------------- | --------------- | ------ | ------------------------------------------------ |
|
||||
| (developer error) | DEVELOPER_ERROR | 500 | test... |
|
||||
| (bad gateway) | BAD_GATEWAY | 502 | The token could not be verified because our s... |
|
||||
| (insecure issuer) | MALFORMED_JWT | 400 | 'test' is NOT secure. Set env 'KEYFETCH_ALLOW... |
|
||||
| (parse error) | MALFORMED_JWT | 400 | could not parse jwt: 'test'... |
|
||||
| (no issuer) | MALFORMED_JWT | 400 | 'iss' is not defined... |
|
||||
| (malformed exp) | MALFORMED_JWT | 400 | token's 'exp' has passed or could not parsed:... |
|
||||
| (expired) | INVALID_JWT | 401 | token's 'exp' has passed or could not parsed:... |
|
||||
| (inactive) | INVALID_JWT | 401 | token's 'nbf' has not been reached or could n... |
|
||||
| (bad signature) | INVALID_JWT | 401 | token signature verification was unsuccessful... |
|
||||
| (jwk not found old) | INVALID_JWT | 401 | Retrieved a list of keys, but none of them ma... |
|
||||
| (jwk not found) | INVALID_JWT | 401 | No JWK found by kid or thumbprint 'test'... |
|
||||
| (no jwkws uri) | INVALID_JWT | 401 | Failed to retrieve openid configuration... |
|
||||
| (unknown issuer) | INVALID_JWT | 401 | token was issued by an untrusted issuer: 'tes... |
|
||||
| (failed claims) | INVALID_JWT | 401 | token did not match on one or more authorizat... |
|
||||
| Hint | Code | Status | Message (truncated) |
|
||||
| ----------------- | ------------- | ------ | ------------------------------------------------------ |
|
||||
| bad gateway | BAD_GATEWAY | 502 | The auth token could not be verified because our se... |
|
||||
| insecure issuer | MALFORMED_JWT | 400 | The auth token could not be verified because our se... |
|
||||
| parse error | MALFORMED_JWT | 400 | The auth token could not be verified because it is ... |
|
||||
| no issuer | MALFORMED_JWT | 400 | The auth token could not be verified because it doe... |
|
||||
| malformed exp | MALFORMED_JWT | 400 | The auth token could not be verified because it's e... |
|
||||
| expired | INVALID_JWT | 401 | The auth token is expired. To try again, go to the ... |
|
||||
| inactive | INVALID_JWT | 401 | The auth token isn't valid yet. It's activation dat... |
|
||||
| bad signature | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||
| jwk not found old | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
|
||||
| jwk not found | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
|
||||
| no jwkws uri | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||
| unknown issuer | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||
| failed claims | INVALID_JWT | 401 | The auth token did not pass verification because it... |
|
||||
|
||||
# Change Log
|
||||
|
||||
Minor Breaking changes (with a major version bump):
|
||||
|
||||
- v3.0.0 - reworked error messages (also available in v2.1.0 as `client_message`)
|
||||
- v2.0.0 - changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified
|
||||
- v3.0.0
|
||||
- reworked error messages (also available in v2.1.0 as `client_message`)
|
||||
- started using `let` and template strings (drops _really_ old node compat)
|
||||
- v2.0.0
|
||||
- changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified
|
||||
|
||||
See other changes in [CHANGELOG.md](./CHANGELOG.md).
|
||||
|
||||
@ -22,8 +22,9 @@
|
||||
function create(old, msg, code, status, details) {
|
||||
/** @type AuthError */
|
||||
//@ts-ignore
|
||||
var err = new Error(old);
|
||||
err.client_message = msg;
|
||||
let err = new Error(msg);
|
||||
err.message = msg;
|
||||
err._old_message = old;
|
||||
err.code = code;
|
||||
err.status = status;
|
||||
if (details) {
|
||||
@ -38,7 +39,7 @@ function create(old, msg, code, status, details) {
|
||||
function toJSON() {
|
||||
/*jshint validthis:true*/
|
||||
return {
|
||||
message: this.client_message,
|
||||
message: this.message,
|
||||
status: this.status,
|
||||
code: this.code,
|
||||
details: this.details
|
||||
@ -71,11 +72,11 @@ module.exports = {
|
||||
* @returns {AuthError}
|
||||
*/
|
||||
DEVELOPER_ERROR: function (old, msg, details) {
|
||||
return create(old, msg, E_DEVELOPER, 500, details);
|
||||
return create(old, msg || old, E_DEVELOPER, 500, details);
|
||||
},
|
||||
BAD_GATEWAY: function (err) {
|
||||
var msg =
|
||||
"The token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
|
||||
"The auth token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
|
||||
var details = [];
|
||||
if (err.message) {
|
||||
details.push("error.message = " + err.message);
|
||||
@ -83,7 +84,7 @@ module.exports = {
|
||||
if (err.response && err.response.statusCode) {
|
||||
details.push("response.statusCode = " + err.response.statusCode);
|
||||
}
|
||||
return create(msg, msg, E_BAD_GATEWAY, 502);
|
||||
return create(msg, msg, E_BAD_GATEWAY, 502, details);
|
||||
},
|
||||
|
||||
//
|
||||
@ -102,7 +103,7 @@ module.exports = {
|
||||
"DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)."
|
||||
];
|
||||
var msg =
|
||||
'The token could not be verified because our server could connect to its issuing server ("iss") securely.';
|
||||
'The auth token could not be verified because our server could connect to its issuing server ("iss") securely.';
|
||||
return create(old, msg, E_MALFORMED, 400, details);
|
||||
},
|
||||
/**
|
||||
@ -111,7 +112,7 @@ module.exports = {
|
||||
*/
|
||||
PARSE_ERROR: function (jwt) {
|
||||
var old = "could not parse jwt: '" + jwt + "'";
|
||||
var msg = "The auth token is malformed.";
|
||||
var msg = "The auth token could not be verified because it is malformed.";
|
||||
var details = ["jwt = " + JSON.stringify(jwt)];
|
||||
return create(old, msg, E_MALFORMED, 400, details);
|
||||
},
|
||||
@ -121,7 +122,7 @@ module.exports = {
|
||||
*/
|
||||
NO_ISSUER: function (iss) {
|
||||
var old = "'iss' is not defined";
|
||||
var msg = 'The token could not be verified because it doesn\'t specify an issuer ("iss").';
|
||||
var msg = 'The auth token could not be verified because it doesn\'t specify an issuer ("iss").';
|
||||
var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
|
||||
return create(old, msg, E_MALFORMED, 400, details);
|
||||
},
|
||||
@ -225,17 +226,45 @@ var Errors = module.exports;
|
||||
|
||||
// for README
|
||||
if (require.main === module) {
|
||||
console.info("| Hint | Code | Status | Message (truncated) |");
|
||||
console.info("| ---- | ---- | ------ | ------------------- |");
|
||||
let maxWidth = 54;
|
||||
let header = ["Hint", "Code", "Status", "Message (truncated)"];
|
||||
let widths = header.map(function (v) {
|
||||
return Math.min(maxWidth, String(v).length);
|
||||
});
|
||||
let rows = [];
|
||||
Object.keys(module.exports).forEach(function (k) {
|
||||
//@ts-ignore
|
||||
var E = module.exports[k];
|
||||
var e = E("test");
|
||||
var code = e.code;
|
||||
var msg = e.message.slice(0, 45);
|
||||
var msg = e.message;
|
||||
var hint = k.toLowerCase().replace(/_/g, " ");
|
||||
console.info(`| (${hint}) | ${code} | ${e.status} | ${msg}... |`);
|
||||
widths[0] = Math.max(widths[0], String(hint).length);
|
||||
widths[1] = Math.max(widths[1], String(code).length);
|
||||
widths[2] = Math.max(widths[2], String(e.status).length);
|
||||
widths[3] = Math.min(maxWidth, Math.max(widths[3], String(msg).length));
|
||||
rows.push([hint, code, e.status, msg]);
|
||||
});
|
||||
rows.forEach(function (cols, i) {
|
||||
let cells = cols.map(function (col, i) {
|
||||
if (col.length > maxWidth) {
|
||||
col = col.slice(0, maxWidth - 3);
|
||||
col += "...";
|
||||
}
|
||||
return String(col).padEnd(widths[i], " ");
|
||||
});
|
||||
let out = `| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3].slice(0, widths[3])} |`;
|
||||
//out = out.replace(/\| /g, " ").replace(/\|/g, "");
|
||||
console.info(out);
|
||||
if (i === 0) {
|
||||
cells = cols.map(function (col, i) {
|
||||
return "-".padEnd(widths[i], "-");
|
||||
});
|
||||
console.info(`| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3]} |`);
|
||||
}
|
||||
});
|
||||
console.log();
|
||||
console.log(Errors.MALFORMED_EXP());
|
||||
console.log();
|
||||
console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2));
|
||||
}
|
||||
|
||||
4
package-lock.json
generated
4
package-lock.json
generated
@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "keyfetch",
|
||||
"version": "2.1.0",
|
||||
"version": "3.0.2",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "keyfetch",
|
||||
"version": "2.1.0",
|
||||
"version": "3.0.2",
|
||||
"license": "MPL-2.0",
|
||||
"dependencies": {
|
||||
"@root/request": "^1.8.0",
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "keyfetch",
|
||||
"version": "2.1.0",
|
||||
"version": "3.0.2",
|
||||
"description": "Lightweight support for fetching JWKs.",
|
||||
"homepage": "https://git.rootprojects.org/root/keyfetch.js",
|
||||
"main": "keyfetch.js",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user