root/keyfetch.js
1
0
Fork 0
mirror of https://github.com/therootcompany/keyfetch.js.git synced 2025-03-14 04:20:41 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: root:v2.1.1
Branches Tags
root:main
root:v2
root:v3.0.2
root:v2.1.1
root:v3.0.1
root:v3.0.0
root:v2.1.0
root:v2.0.0
root:v1.2.2
root:v1.3.0
root:v1.2.1
root:v1.2.0
root:v1.1.10
root:v1.1.9
root:v1.1.8
root:v1.1.6
root:v1.1.2
...
compare: root:main
Branches Tags
root:main
root:v2
root:v3.0.2
root:v2.1.1
root:v3.0.1
root:v3.0.0
root:v2.1.0
root:v2.0.0
root:v1.2.2
root:v1.3.0
root:v1.2.1
root:v1.2.0
root:v1.1.10
root:v1.1.9
root:v1.1.8
root:v1.1.6
root:v1.1.2

7 Commits
v2.1.1 ... main

Author SHA1 Message Date
AJ ONeal
a84e833571 3.0.2 2021-10-21 14:19:26 -06:00
AJ ONeal
076246e4d0 docs: sync error messages to docs 2021-10-21 14:19:23 -06:00
AJ ONeal
4c85fc4009 3.0.1 2021-10-21 13:37:30 -06:00
AJ ONeal
d5647ea905 docs: update errors list 2021-10-21 13:37:21 -06:00
AJ ONeal
2ea44e3a46 bugfix: properly stringify message and pass details 2021-10-21 13:37:12 -06:00
AJ ONeal
5ef53ecb23 3.0.0 2021-10-21 13:28:30 -06:00
AJ ONeal
604b42c7ef chore!: drop really, really old node support 2021-10-21 13:28:20 -06:00
4 changed files with 67 additions and 37 deletions
Show Stats Expand all files Collapse all files

41
README.md
View File

@ -276,32 +276,33 @@ For now you can limit the number of keys fetched by having a simple whitelist.
SemVer Compatibility: SemVer Compatibility:
- `code` & `status` will remain the same. - `code` & `status` will remain the same.
- The `message` property of an error is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be). - `message` is **NOT** included in the semver compatibility guarantee (we intend to make them more client-friendly), neither is `detail` at this time (but it will be once we decide on what it should be).
- `details` may be added to, but not subtracted from
For backwards compatibility with v1, the non-stringified `message` is the same as what it was in v1 (and the v2 message is `client_message`, which replaces `message` in v3). Don't rely on it. Rely on `code`.
| Hint | Code | Status | Message (truncated) | | Hint | Code | Status | Message (truncated) |
| ------------------- | --------------- | ------ | ------------------------------------------------ | | ----------------- | ------------- | ------ | ------------------------------------------------------ |
| (developer error) | DEVELOPER_ERROR | 500 | test... | | bad gateway | BAD_GATEWAY | 502 | The auth token could not be verified because our se... |
| (bad gateway) | BAD_GATEWAY | 502 | The token could not be verified because our s... | | insecure issuer | MALFORMED_JWT | 400 | The auth token could not be verified because our se... |
| (insecure issuer) | MALFORMED_JWT | 400 | 'test' is NOT secure. Set env 'KEYFETCH_ALLOW... | | parse error | MALFORMED_JWT | 400 | The auth token could not be verified because it is ... |
| (parse error) | MALFORMED_JWT | 400 | could not parse jwt: 'test'... | | no issuer | MALFORMED_JWT | 400 | The auth token could not be verified because it doe... |
| (no issuer) | MALFORMED_JWT | 400 | 'iss' is not defined... | | malformed exp | MALFORMED_JWT | 400 | The auth token could not be verified because it's e... |
| (malformed exp) | MALFORMED_JWT | 400 | token's 'exp' has passed or could not parsed:... | | expired | INVALID_JWT | 401 | The auth token is expired. To try again, go to the ... |
| (expired) | INVALID_JWT | 401 | token's 'exp' has passed or could not parsed:... | | inactive | INVALID_JWT | 401 | The auth token isn't valid yet. It's activation dat... |
| (inactive) | INVALID_JWT | 401 | token's 'nbf' has not been reached or could n... | | bad signature | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| (bad signature) | INVALID_JWT | 401 | token signature verification was unsuccessful... | | jwk not found old | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
| (jwk not found old) | INVALID_JWT | 401 | Retrieved a list of keys, but none of them ma... | | jwk not found | INVALID_JWT | 401 | The auth token did not pass verification because ou... |
| (jwk not found) | INVALID_JWT | 401 | No JWK found by kid or thumbprint 'test'... | | no jwkws uri | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| (no jwkws uri) | INVALID_JWT | 401 | Failed to retrieve openid configuration... | | unknown issuer | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| (unknown issuer) | INVALID_JWT | 401 | token was issued by an untrusted issuer: 'tes... | | failed claims | INVALID_JWT | 401 | The auth token did not pass verification because it... |
| (failed claims) | INVALID_JWT | 401 | token did not match on one or more authorizat... |
# Change Log # Change Log
Minor Breaking changes (with a major version bump): Minor Breaking changes (with a major version bump):
- v3.0.0 - reworked error messages (also available in v2.1.0 as `client_message`) - v3.0.0
- v2.0.0 - changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified - reworked error messages (also available in v2.1.0 as `client_message`)
- started using `let` and template strings (drops _really_ old node compat)
- v2.0.0
- changes from the default `issuers = ["*"]` to requiring that an issuer (or public jwk for verification) is specified
See other changes in [CHANGELOG.md](./CHANGELOG.md). See other changes in [CHANGELOG.md](./CHANGELOG.md).

55
lib/errors.js
View File

@ -22,8 +22,9 @@
function create(old, msg, code, status, details) { function create(old, msg, code, status, details) {
/** @type AuthError */ /** @type AuthError */
//@ts-ignore //@ts-ignore
var err = new Error(old); let err = new Error(msg);
err.client_message = msg; err.message = msg;
err._old_message = old;
err.code = code; err.code = code;
err.status = status; err.status = status;
if (details) { if (details) {
@ -38,7 +39,7 @@ function create(old, msg, code, status, details) {
function toJSON() { function toJSON() {
/*jshint validthis:true*/ /*jshint validthis:true*/
return { return {
message: this.client_message, message: this.message,
status: this.status, status: this.status,
code: this.code, code: this.code,
details: this.details details: this.details
@ -71,11 +72,11 @@ module.exports = {
* @returns {AuthError} * @returns {AuthError}
*/ */
DEVELOPER_ERROR: function (old, msg, details) { DEVELOPER_ERROR: function (old, msg, details) {
return create(old, msg, E_DEVELOPER, 500, details); return create(old, msg || old, E_DEVELOPER, 500, details);
}, },
BAD_GATEWAY: function (err) { BAD_GATEWAY: function (err) {
var msg = var msg =
"The token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server."; "The auth token could not be verified because our server encountered a network error (or a bad gateway) when connecting to its issuing server.";
var details = []; var details = [];
if (err.message) { if (err.message) {
details.push("error.message = " + err.message); details.push("error.message = " + err.message);
@ -83,7 +84,7 @@ module.exports = {
if (err.response && err.response.statusCode) { if (err.response && err.response.statusCode) {
details.push("response.statusCode = " + err.response.statusCode); details.push("response.statusCode = " + err.response.statusCode);
} }
return create(msg, msg, E_BAD_GATEWAY, 502); return create(msg, msg, E_BAD_GATEWAY, 502, details);
}, },
// //
@ -102,7 +103,7 @@ module.exports = {
"DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)." "DEBUG: Set ENV 'KEYFETCH_ALLOW_INSECURE_HTTP=true' to allow insecure issuers (for testing)."
]; ];
var msg = var msg =
'The token could not be verified because our server could connect to its issuing server ("iss") securely.'; 'The auth token could not be verified because our server could connect to its issuing server ("iss") securely.';
return create(old, msg, E_MALFORMED, 400, details); return create(old, msg, E_MALFORMED, 400, details);
}, },
/** /**
@ -111,7 +112,7 @@ module.exports = {
*/ */
PARSE_ERROR: function (jwt) { PARSE_ERROR: function (jwt) {
var old = "could not parse jwt: '" + jwt + "'"; var old = "could not parse jwt: '" + jwt + "'";
var msg = "The auth token is malformed."; var msg = "The auth token could not be verified because it is malformed.";
var details = ["jwt = " + JSON.stringify(jwt)]; var details = ["jwt = " + JSON.stringify(jwt)];
return create(old, msg, E_MALFORMED, 400, details); return create(old, msg, E_MALFORMED, 400, details);
}, },
@ -121,7 +122,7 @@ module.exports = {
*/ */
NO_ISSUER: function (iss) { NO_ISSUER: function (iss) {
var old = "'iss' is not defined"; var old = "'iss' is not defined";
var msg = 'The token could not be verified because it doesn\'t specify an issuer ("iss").'; var msg = 'The auth token could not be verified because it doesn\'t specify an issuer ("iss").';
var details = ["jwt.claims.iss = " + JSON.stringify(iss)]; var details = ["jwt.claims.iss = " + JSON.stringify(iss)];
return create(old, msg, E_MALFORMED, 400, details); return create(old, msg, E_MALFORMED, 400, details);
}, },
@ -225,17 +226,45 @@ var Errors = module.exports;
// for README // for README
if (require.main === module) { if (require.main === module) {
console.info("| Hint | Code | Status | Message (truncated) |"); let maxWidth = 54;
console.info("| ---- | ---- | ------ | ------------------- |"); let header = ["Hint", "Code", "Status", "Message (truncated)"];
let widths = header.map(function (v) {
return Math.min(maxWidth, String(v).length);
});
let rows = [];
Object.keys(module.exports).forEach(function (k) { Object.keys(module.exports).forEach(function (k) {
//@ts-ignore //@ts-ignore
var E = module.exports[k]; var E = module.exports[k];
var e = E("test"); var e = E("test");
var code = e.code; var code = e.code;
var msg = e.message.slice(0, 45); var msg = e.message;
var hint = k.toLowerCase().replace(/_/g, " "); var hint = k.toLowerCase().replace(/_/g, " ");
console.info(`| (${hint}) | ${code} | ${e.status} | ${msg}... |`); widths[0] = Math.max(widths[0], String(hint).length);
widths[1] = Math.max(widths[1], String(code).length);
widths[2] = Math.max(widths[2], String(e.status).length);
widths[3] = Math.min(maxWidth, Math.max(widths[3], String(msg).length));
rows.push([hint, code, e.status, msg]);
}); });
rows.forEach(function (cols, i) {
let cells = cols.map(function (col, i) {
if (col.length > maxWidth) {
col = col.slice(0, maxWidth - 3);
col += "...";
}
return String(col).padEnd(widths[i], " ");
});
let out = `| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3].slice(0, widths[3])} |`;
//out = out.replace(/\| /g, " ").replace(/\|/g, "");
console.info(out);
if (i === 0) {
cells = cols.map(function (col, i) {
return "-".padEnd(widths[i], "-");
});
console.info(`| ${cells[0]} | ${cells[1]} | ${cells[2]} | ${cells[3]} |`);
}
});
console.log();
console.log(Errors.MALFORMED_EXP()); console.log(Errors.MALFORMED_EXP());
console.log();
console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2)); console.log(JSON.stringify(Errors.MALFORMED_EXP(), null, 2));
} }

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{ {
"name": "keyfetch", "name": "keyfetch",
"version": "2.1.0", "version": "3.0.2",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "keyfetch", "name": "keyfetch",
"version": "2.1.0", "version": "3.0.2",
"license": "MPL-2.0", "license": "MPL-2.0",
"dependencies": { "dependencies": {
"@root/request": "^1.8.0", "@root/request": "^1.8.0",

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "keyfetch", "name": "keyfetch",
"version": "2.1.0", "version": "3.0.2",
"description": "Lightweight support for fetching JWKs.", "description": "Lightweight support for fetching JWKs.",
"homepage": "https://git.rootprojects.org/root/keyfetch.js", "homepage": "https://git.rootprojects.org/root/keyfetch.js",
"main": "keyfetch.js", "main": "keyfetch.js",