161 lines
3.9 KiB
JavaScript
161 lines
3.9 KiB
JavaScript
|
'use strict';
|
||
|
|
||
|
const jwt = require('jsonwebtoken');
|
||
|
|
||
|
//This object is meant only for testing and logging!
|
||
|
|
||
|
//!! Security Alert !!
|
||
|
//parameter validation is also very important for content within this token!!
|
||
|
//So do not trust the information blind! (especially e.g. uris)
|
||
|
|
||
|
function TokenInfo(encoded) {
|
||
|
var payload = {};
|
||
|
var header = {};
|
||
|
var errobj = undefined;
|
||
|
|
||
|
function decode() {
|
||
|
if (encoded) {
|
||
|
var token = jwt.decode(encoded, { complete: true });
|
||
|
if (!token) {
|
||
|
errobj = new jwt.JsonWebTokenError("jwt malformed");
|
||
|
errobj.statuscode = 401;
|
||
|
} else {
|
||
|
payload = token.payload;
|
||
|
header = token.header;
|
||
|
}
|
||
|
} else {
|
||
|
errobj = new jwt.JsonWebTokenError("jwt undefined");
|
||
|
errobj.statuscode = 400;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
this.reset = function (enc) {
|
||
|
errobj = undefined;
|
||
|
payload = {};
|
||
|
header = {};
|
||
|
encoded = enc;
|
||
|
decode();
|
||
|
}
|
||
|
|
||
|
this.isDecoded = function () {
|
||
|
return payload ? true : false;
|
||
|
}
|
||
|
|
||
|
this.isValid = function () {
|
||
|
return errobj ? false : true;
|
||
|
}
|
||
|
|
||
|
this.getErrorObject = function () {
|
||
|
return errobj;
|
||
|
}
|
||
|
|
||
|
this.getTokenValue = function () {
|
||
|
return encoded;
|
||
|
}
|
||
|
|
||
|
this.getHeader = function () {
|
||
|
return header;
|
||
|
}
|
||
|
|
||
|
//return the complete payload of the token
|
||
|
this.getPayload = function () {
|
||
|
return payload;
|
||
|
}
|
||
|
|
||
|
//Getter for public Claims (see https://tools.ietf.org/html/rfc7519#section-4)
|
||
|
this.getExpirationDate = function () {
|
||
|
return payload.exp ? new Date(payload.exp * 1000) : null;
|
||
|
}
|
||
|
|
||
|
this.getIssuedAt = function () {
|
||
|
return payload.iat ? new Date(payload.iat * 1000) : null;
|
||
|
}
|
||
|
|
||
|
this.getIssuer = function () {
|
||
|
let issuer = payload["ias_iss"] ? payload["ias_iss"] : payload.iss;
|
||
|
if (issuer && issuer.indexOf('http') !== 0) {
|
||
|
issuer = "https://" + issuer;
|
||
|
}
|
||
|
return issuer;
|
||
|
}
|
||
|
|
||
|
this.getCustomIssuer = function () {
|
||
|
return payload["ias_iss"] ? payload.iss : null;
|
||
|
}
|
||
|
|
||
|
this.getSubject = function () {
|
||
|
return payload.sub;
|
||
|
}
|
||
|
|
||
|
this.getAudiencesArray = function () {
|
||
|
if (!payload.aud) {
|
||
|
return null;
|
||
|
}
|
||
|
return Array.isArray(payload.aud) ? payload.aud : [payload.aud];
|
||
|
}
|
||
|
|
||
|
this.getUserId = function () {
|
||
|
if (this.isTokenIssuedByXSUAA()) {
|
||
|
return payload.user_uuid || payload.sub;
|
||
|
} else {
|
||
|
return payload.user_uuid;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
this.getZoneId = function () {
|
||
|
return this.getAppTID();
|
||
|
}
|
||
|
|
||
|
this.getAppTID = function() {
|
||
|
if (this.isTokenIssuedByXSUAA()) {
|
||
|
return payload.zid;
|
||
|
} else {
|
||
|
return payload.app_tid ? payload.app_tid : payload.zone_uuid;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
this.getClientId = function () {
|
||
|
var azp = payload.azp;
|
||
|
if (azp) {
|
||
|
return azp;
|
||
|
}
|
||
|
var aud = this.getAudiencesArray();
|
||
|
if (!aud || aud.length != 1) {
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
//make sure it's not an empty string
|
||
|
return aud[0] ? aud[0] : payload.cid;
|
||
|
}
|
||
|
|
||
|
this.getAzp = function() {
|
||
|
return payload.azp;
|
||
|
}
|
||
|
|
||
|
this.isTokenIssuedByXSUAA = function () {
|
||
|
return payload.ext_attr ? payload.ext_attr.enhancer === "XSUAA" : false;
|
||
|
}
|
||
|
|
||
|
this.verify = function (verificationKeySupplier, cb) {
|
||
|
return jwt.verify(encoded,
|
||
|
verificationKeySupplier,
|
||
|
{
|
||
|
algorithms: ['RS256'] //XSUAA currently only allow/generate RS256
|
||
|
},
|
||
|
function (err) {
|
||
|
errobj = err;
|
||
|
|
||
|
if (err) {
|
||
|
errobj.statuscode = 401;
|
||
|
}
|
||
|
|
||
|
return cb(err, this);
|
||
|
}.bind(this)
|
||
|
);
|
||
|
}
|
||
|
|
||
|
decode();
|
||
|
};
|
||
|
|
||
|
module.exports = TokenInfo;
|