-
Notifications
You must be signed in to change notification settings - Fork 152
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
client: revise auth token functions. (#353)
Previously we had an `authToken` function exported from `electric-sql/auth` that: 1. was a mock/test function with mock data in it 2. used in the examples 3. importing the Jose library Plus in the examples, we had separate code copied around used to generate insecure tokens. The PR: 1. provides user-usable `secureAuthToken(claims, iss, key)` and `insecureAuthToken(claims)` functions 2. renames the authToken function to `mockSecureAuthToken` 3. updates the docs and examples accordingly -- examples *should* use the insecure function. The backend stack for the examples is configured in insecure mode and this is what it is for. 4. moves the secure functions to an optional import path, so that we remove the Jose JWT signing library from users' JS builds if they are not using it (generally they won't be -- tokens will come from the server side)
- Loading branch information
Showing
11 changed files
with
109 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
"electric-sql": patch | ||
"create-electric-app": patch | ||
--- | ||
|
||
Added auth.insecureAuthToken function and updated examples to use it. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
import { TokenClaims } from './index' | ||
|
||
export function insecureAuthToken(claims: TokenClaims): string { | ||
const header = { | ||
alg: 'none', | ||
} | ||
|
||
return `${encode(header)}.${encode(claims)}.` | ||
} | ||
|
||
function encode(data: object): string { | ||
const str = JSON.stringify(data) | ||
const encoded = base64(str) | ||
|
||
return encoded.replace(/\+/g, '-').replace(/\//, '_').replace(/=+$/, '') | ||
} | ||
|
||
function base64(s: string): string { | ||
const bytes = new TextEncoder().encode(s) | ||
|
||
const binArray = Array.from(bytes, (x) => String.fromCodePoint(x)) | ||
const binString = binArray.join('') | ||
|
||
return btoa(binString) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
import { SignJWT } from 'jose' | ||
|
||
import { TokenClaims } from '../index' | ||
|
||
export function secureAuthToken( | ||
claims: TokenClaims, | ||
iss: string, | ||
key: string, | ||
alg?: string, | ||
exp?: string | ||
): Promise<string> { | ||
const algorithm = alg ?? 'HS256' | ||
const expiration = exp ?? '2h' | ||
|
||
const nowInSecs = Math.floor(Date.now() / 1000) | ||
// Subtract 1 second to account for clock precision when validating the token | ||
const iat = nowInSecs - 1 | ||
|
||
const encodedKey = new TextEncoder().encode(key) | ||
|
||
return new SignJWT({ ...claims, type: 'access' }) | ||
.setIssuedAt(iat) | ||
.setProtectedHeader({ alg: algorithm }) | ||
.setExpirationTime(expiration) | ||
.setIssuer(iss) | ||
.sign(encodedKey) | ||
} | ||
|
||
export function mockSecureAuthToken( | ||
iss?: string, | ||
key?: string | ||
): Promise<string> { | ||
const mockIss = iss ?? 'dev.electric-sql.com' | ||
const mockKey = key ?? 'integration-tests-signing-key-example' | ||
|
||
return secureAuthToken({ user_id: 'test-user' }, mockIss, mockKey) | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
import test from 'ava' | ||
import { decodeJwt } from 'jose' | ||
|
||
import { insecureAuthToken } from '../../src/auth' | ||
|
||
test('insecureAuthToken generates expected token', async (t) => { | ||
const token = insecureAuthToken({ user_id: 'dummy-user' }) | ||
|
||
const claims = decodeJwt(token) | ||
t.deepEqual(claims, { user_id: 'dummy-user' }) | ||
}) | ||
|
||
test('insecureAuthToken supports non-latin characters', async (t) => { | ||
const token = insecureAuthToken({ user_id: '⚡' }) | ||
|
||
const claims = decodeJwt(token) | ||
t.deepEqual(claims, { user_id: '⚡' }) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters