diff --git a/src/core/lib/JWT.mjs b/src/core/lib/JWT.mjs new file mode 100644 index 00000000..2edd0110 --- /dev/null +++ b/src/core/lib/JWT.mjs @@ -0,0 +1,24 @@ +/** + * JWT resources + * + * @author mt3571 [mt3571@protonmail.com] + * @copyright Crown Copyright 2020 + * @license Apache-2.0 + */ + + +/** + * List of the JWT algorithms that can be used + */ +export const JWT_ALGORITHMS = [ + "HS256", + "HS384", + "HS512", + "RS256", + "RS384", + "RS512", + "ES256", + "ES384", + "ES512", + "None" +]; \ No newline at end of file diff --git a/src/core/operations/JWTSign.mjs b/src/core/operations/JWTSign.mjs index d62eb6f6..1d220cf8 100644 --- a/src/core/operations/JWTSign.mjs +++ b/src/core/operations/JWTSign.mjs @@ -8,6 +8,9 @@ import Operation from "../Operation.mjs"; import jwt from "jsonwebtoken"; import OperationError from "../errors/OperationError.mjs"; +import {JWT_ALGORITHMS} from "../lib/JWT.mjs"; + + /** * JWT Sign operation */ @@ -34,18 +37,7 @@ class JWTSign extends Operation { { name: "Signing algorithm", type: "option", - value: [ - "HS256", - "HS384", - "HS512", - "RS256", - "RS384", - "RS512", - "ES256", - "ES384", - "ES512", - "None" - ] + value: JWT_ALGORITHMS } ]; } diff --git a/src/core/operations/JWTVerify.mjs b/src/core/operations/JWTVerify.mjs index 996ac2e3..9ee90a4a 100644 --- a/src/core/operations/JWTVerify.mjs +++ b/src/core/operations/JWTVerify.mjs @@ -8,6 +8,9 @@ import Operation from "../Operation.mjs"; import jwt from "jsonwebtoken"; import OperationError from "../errors/OperationError.mjs"; + +import {JWT_ALGORITHMS} from "../lib/JWT.mjs"; + /** * JWT Verify operation */ @@ -43,12 +46,8 @@ class JWTVerify extends Operation { const [key] = args; try { - const verified = jwt.verify(input, key, { algorithms: [ - "HS256", - "HS384", - "HS512", - "none" - ]}); + const verified = jwt.verify(input, key, { algorithms: JWT_ALGORITHMS}); + if (Object.prototype.hasOwnProperty.call(verified, "name") && verified.name === "JsonWebTokenError") { throw new OperationError(verified.message);