@@ -97,24 +97,19 @@ type StrictVerifyOptions = {
9797 aud ?: string | string [ ] | RegExp
9898}
9999
100- type StrictVerifyOptionsWithAlg = {
101- alg : SignatureAlgorithm
102- } & StrictVerifyOptions
103-
104100export const verify = async (
105101 token : string ,
106102 publicKey : SignatureKey ,
107103 algOrOptions ?: SignatureAlgorithm | VerifyOptionsWithAlg
108104) : Promise < JWTPayload > => {
109- const optsIn = typeof algOrOptions === 'string' ? { alg : algOrOptions } : algOrOptions || { }
110- const opts : StrictVerifyOptionsWithAlg = {
111- alg : optsIn . alg ?? 'HS256' ,
112- iss : optsIn . iss ,
113- nbf : optsIn . nbf ?? true ,
114- exp : optsIn . exp ?? true ,
115- iat : optsIn . iat ?? true ,
116- aud : optsIn . aud ,
117- }
105+ const {
106+ alg = 'HS256' ,
107+ iss,
108+ nbf = true ,
109+ exp = true ,
110+ iat = true ,
111+ aud,
112+ } = typeof algOrOptions === 'string' ? { alg : algOrOptions } : algOrOptions || { }
118113
119114 const tokenParts = token . split ( '.' )
120115 if ( tokenParts . length !== 3 ) {
@@ -126,58 +121,49 @@ export const verify = async (
126121 throw new JwtHeaderInvalid ( header )
127122 }
128123 const now = ( Date . now ( ) / 1000 ) | 0
129- if ( opts . nbf && payload . nbf && payload . nbf > now ) {
124+ if ( nbf && payload . nbf && payload . nbf > now ) {
130125 throw new JwtTokenNotBefore ( token )
131126 }
132- if ( opts . exp && payload . exp && payload . exp <= now ) {
127+ if ( exp && payload . exp && payload . exp <= now ) {
133128 throw new JwtTokenExpired ( token )
134129 }
135- if ( opts . iat && payload . iat && now < payload . iat ) {
130+ if ( iat && payload . iat && now < payload . iat ) {
136131 throw new JwtTokenIssuedAt ( now , payload . iat )
137132 }
138- if ( opts . iss ) {
133+ if ( iss ) {
139134 if ( ! payload . iss ) {
140- throw new JwtTokenIssuer ( opts . iss , null )
135+ throw new JwtTokenIssuer ( iss , null )
141136 }
142- if ( typeof opts . iss === 'string' && payload . iss !== opts . iss ) {
143- throw new JwtTokenIssuer ( opts . iss , payload . iss )
137+ if ( typeof iss === 'string' && payload . iss !== iss ) {
138+ throw new JwtTokenIssuer ( iss , payload . iss )
144139 }
145- if ( opts . iss instanceof RegExp && ! opts . iss . test ( payload . iss ) ) {
146- throw new JwtTokenIssuer ( opts . iss , payload . iss )
140+ if ( iss instanceof RegExp && ! iss . test ( payload . iss ) ) {
141+ throw new JwtTokenIssuer ( iss , payload . iss )
147142 }
148143 }
149144
150- if ( opts . aud ) {
145+ if ( aud ) {
151146 if ( ! payload . aud ) {
152147 throw new JwtPayloadRequiresAud ( payload )
153148 }
154- }
155149
156- if ( payload . aud ) {
157150 const audiences = Array . isArray ( payload . aud ) ? payload . aud : [ payload . aud ]
158- const matched = audiences . some ( ( aud ) : boolean => {
159- if ( opts . aud instanceof RegExp && opts . aud . test ( aud ) ) {
160- return true
161- } else if ( typeof opts . aud === 'string' ) {
162- if ( aud === opts . aud ) {
163- return true
164- }
165- } else if ( Array . isArray ( opts . aud ) ) {
166- if ( opts . aud . includes ( aud ) ) {
167- return true
168- }
169- }
170- return false
171- } )
172- if ( opts . aud && ! matched ) {
173- throw new JwtTokenAudience ( opts . aud , payload . aud )
151+ const matched = audiences . some ( ( payloadAud ) : boolean =>
152+ aud instanceof RegExp
153+ ? aud . test ( payloadAud )
154+ : typeof aud === 'string'
155+ ? payloadAud === aud
156+ : Array . isArray ( aud ) && aud . includes ( payloadAud )
157+ )
158+ if ( ! matched ) {
159+ throw new JwtTokenAudience ( aud , payload . aud )
174160 }
175161 }
176162
177163 const headerPayload = token . substring ( 0 , token . lastIndexOf ( '.' ) )
178164 const verified = await verifying (
179165 publicKey ,
180- opts . alg ,
166+ alg ,
181167 decodeBase64Url ( tokenParts [ 2 ] ) ,
182168 utf8Encoder . encode ( headerPayload )
183169 )
0 commit comments