Update parseBearerToken function to handle undefined authorization and improve error messaging; update tests accordingly

Author: LCluber

CHANGELOG.md

@@ -1,3 +1,7 @@
+# 0.3.1 (jul 18th 2025)
+
+- Improve parseBearerToken() function to handle undefined authorization properly in typescript
+
 # 0.3.0 (jul 17th 2025)
 
 - Add parseBearerToken() function to extract access token from authorization header

README.md

@@ -359,9 +359,10 @@ function verify( token: string,
  * This function validates that the authorization header follows the correct Bearer token format
  * ("Bearer <token>") and extracts the token portion for further processing.
  * 
- * @param {string} authorization - The Authorization header value from an HTTP request
+ * @param {string | undefined} authorization - The Authorization header value from an HTTP request
  * @returns {string} The extracted JWT token as a string
- * @throws {Error} Will throw an error if the authorization header is empty or not in the format 'Bearer <token>'
+ * @throws {Error} Will throw an error if the authorization parameter is undefined
+ * @throws {Error} Will throw an error if the format is invalid
  * 
  * @example
  * ```typescript
@@ -375,19 +376,20 @@ function verify( token: string,
  * const token2 = parseBearerToken(headerWithSpaces);
  * // Returns: "token123"
  * 
- * // Invalid headers - these will throw errors
+ * // Invalid headers - these will throw specific errors
  * try {
- *   parseBearerToken("Basic dXNlcjpwYXNz"); // Throws Error
- *   parseBearerToken("Bearer"); // Throws Error
- *   parseBearerToken("Bearer "); // Throws Error
- *   parseBearerToken(""); // Throws Error
+ *   parseBearerToken(undefined); // Throws: "Authorization header is missing"
+ *   parseBearerToken(""); // Throws: "Authorization header must be in the format 'Bearer <token>'"
+ *   parseBearerToken("Basic dXNlcjpwYXNz"); // Throws: "Authorization header must be in the format 'Bearer <token>'"
+ *   parseBearerToken("Bearer"); // Throws: "Authorization header must be in the format 'Bearer <token>'"
+ *   parseBearerToken("Bearer "); // Throws: "Authorization header must be in the format 'Bearer <token>'"
  * } catch (error) {
- *   console.error('Invalid authorization header:', error.message);
+ *   console.error('Authorization error:', error.message);
  * }
  * ```
  * 
  */
-function parseBearerToken(authorization: string): string;
+function parseBearerToken(authorization: string | undefined): string;
 
 ```
 

dist/passken.d.ts

@@ -60,7 +60,7 @@ declare function randomPwd(opts?: Partial<Options>): string;
 declare function randomSecret(length?: number): string;
 declare function sign(iss: number | string, duration: number, type: Type, b64Keys: string[]): string;
 declare function verify(token: string, b64Keys: string[], ignoreExpiration?: boolean): Payload;
-declare function parseBearerToken(authorization: string): string;
+declare function parseBearerToken(authorization: string | undefined): string;
 
 export { 
   getSaltRounds,

dist/passken.js

@@ -228,8 +228,11 @@ function verify(token, b64Keys, ignoreExpiration = false) {
     return payload;
 }
 const BEARER_TOKEN_ERROR_MESSAGE = "Authorization header must be in the format 'Bearer <token>'";
+const MISSING_AUTHORIZATION_ERROR_MESSAGE = "Authorization header is missing";
 function parseBearerToken(authorization) {
-    if (!(authorization === null || authorization === void 0 ? void 0 : authorization.startsWith("Bearer ")))
+    if (!authorization)
+        throw new Error(MISSING_AUTHORIZATION_ERROR_MESSAGE);
+    if (!authorization.startsWith("Bearer "))
         throw new Error(BEARER_TOKEN_ERROR_MESSAGE);
     const parts = authorization.split(" ").filter(part => part.length > 0);
     if (parts.length < 2 || !parts[1])

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dwtechs/passken",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "Open source password and JWT management library for Node.js to create, encrypt and compare safely.",
   "keywords": [
     "passwords",

src/jwt.ts

@@ -154,9 +154,10 @@ function verify(token: string, b64Keys: string[], ignoreExpiration = false): Pay
  * This function validates that the authorization header follows the correct Bearer token format
  * ("Bearer <token>") and extracts the token portion for further processing.
  * 
- * @param {string} authorization - The Authorization header value from an HTTP request
+ * @param {string | undefined} authorization - The Authorization header value from an HTTP request
  * @returns {string} The extracted JWT token as a string
- * @throws {Error} Will throw an error if the authorization header is empty or not in the format 'Bearer <token>'
+ * @throws {Error} Will throw an error if the authorization parameter is undefined
+ * @throws {Error} Will throw an error if the format is invalid
  * 
  * @example
  * ```typescript
@@ -170,23 +171,28 @@ function verify(token: string, b64Keys: string[], ignoreExpiration = false): Pay
  * const token2 = parseBearerToken(headerWithSpaces);
  * // Returns: "token123"
  * 
- * // Invalid headers - these will throw errors
+ * // Invalid headers - these will throw specific errors
  * try {
- *   parseBearerToken("Basic dXNlcjpwYXNz"); // Throws Error
- *   parseBearerToken("Bearer"); // Throws Error
- *   parseBearerToken("Bearer "); // Throws Error
- *   parseBearerToken(""); // Throws Error
+ *   parseBearerToken(undefined); // Throws: "Authorization header is missing"
+ *   parseBearerToken(""); // Throws: "Authorization header must be in the format 'Bearer <token>'"
+ *   parseBearerToken("Basic dXNlcjpwYXNz"); // Throws: "Authorization header must be in the format 'Bearer <token>'"
+ *   parseBearerToken("Bearer"); // Throws: "Authorization header must be in the format 'Bearer <token>'"
+ *   parseBearerToken("Bearer "); // Throws: "Authorization header must be in the format 'Bearer <token>'"
  * } catch (error) {
- *   console.error('Invalid authorization header:', error.message);
+ *   console.error('Authorization error:', error.message);
  * }
  * ```
  * 
  */
 const BEARER_TOKEN_ERROR_MESSAGE = "Authorization header must be in the format 'Bearer <token>'";
+const MISSING_AUTHORIZATION_ERROR_MESSAGE = "Authorization header is missing";
 
-function parseBearerToken(authorization: string): string {
+function parseBearerToken(authorization: string | undefined): string {
 
-  if (!authorization?.startsWith("Bearer "))
+  if (!authorization)
+    throw new Error(MISSING_AUTHORIZATION_ERROR_MESSAGE);
+  
+  if (!authorization.startsWith("Bearer "))
     throw new Error(BEARER_TOKEN_ERROR_MESSAGE);
 
   // Split by spaces and filter out empty strings to handle multiple spaces
@@ -199,10 +205,15 @@ function parseBearerToken(authorization: string): string {
 
 }
 
-
-// Generate a random index based on the array length
+// Generate a random index based on an array length
 function randomPick(array: string[]): number {
 	return Math.floor(Math.random() * array.length);
 }
 
-export { sign, verify, parseBearerToken, BEARER_TOKEN_ERROR_MESSAGE };
+export { 
+  sign, 
+  verify,
+  parseBearerToken,
+  BEARER_TOKEN_ERROR_MESSAGE,
+  MISSING_AUTHORIZATION_ERROR_MESSAGE,
+};

src/passken.d.ts

@@ -34,7 +34,7 @@ declare function randomPwd(opts?: Partial<Options>): string;
 declare function randomSecret(length?: number): string;
 declare function sign(iss: number | string, duration: number, type: Type, b64Keys: string[]): string;
 declare function verify(token: string, b64Keys: string[], ignoreExpiration?: boolean): Payload;
-declare function parseBearerToken(authorization: string): string;
+declare function parseBearerToken(authorization: string | undefined): string;
 
 export { 
   getSaltRounds,

tests/parseBearerToken.test.js

@@ -1,4 +1,4 @@
-import { parseBearerToken, BEARER_TOKEN_ERROR_MESSAGE } from "../dist/passken.js";
+import { parseBearerToken, BEARER_TOKEN_ERROR_MESSAGE, MISSING_AUTHORIZATION_ERROR_MESSAGE } from "../dist/passken.js";
 
 describe("parseBearerToken", () => {
 
@@ -50,12 +50,27 @@ describe("parseBearerToken", () => {
     });
   });
 
-  describe("Invalid Bearer tokens - should throw errors", () => {
-    test("throws error for empty string", () => {
+  describe("Missing authorization header - should throw specific errors", () => {
+    test("throws specific error for undefined authorization", () => {
+      expect(() => {
+        parseBearerToken(undefined);
+      }).toThrow(MISSING_AUTHORIZATION_ERROR_MESSAGE);
+    });
+
+    test("throws specific error for null authorization", () => {
+      expect(() => {
+        parseBearerToken(null);
+      }).toThrow(MISSING_AUTHORIZATION_ERROR_MESSAGE);
+    });
+
+    test("throws specific error for empty authorization", () => {
       expect(() => {
         parseBearerToken("");
-      }).toThrow(BEARER_TOKEN_ERROR_MESSAGE);
+      }).toThrow(MISSING_AUTHORIZATION_ERROR_MESSAGE);
     });
+  });
+
+  describe("Invalid Bearer tokens - should throw format errors", () => {
 
     test("throws error for Bearer without token", () => {
       expect(() => {
@@ -105,18 +120,6 @@ describe("parseBearerToken", () => {
       }).toThrow(BEARER_TOKEN_ERROR_MESSAGE);
     });
 
-    test("throws error for null input", () => {
-      expect(() => {
-        parseBearerToken(null);
-      }).toThrow();
-    });
-
-    test("throws error for undefined input", () => {
-      expect(() => {
-        parseBearerToken(undefined);
-      }).toThrow();
-    });
-
     test("throws error for Bearer with tab character", () => {
       expect(() => {
         parseBearerToken("Bearer\tsometoken");
@@ -186,4 +189,5 @@ describe("parseBearerToken", () => {
       });
     });
   });
+
 });