jsonwebtoken#JwtPayload TypeScript Examples

The following examples show how to use jsonwebtoken#JwtPayload. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: asset.ts    From livepeer-com with MIT License 6 votes vote down vote up 
function parseUploadUrl(
  signedUploadUrl: string,
  jwtSecret: string,
  audience: string
) {
  let uploadUrl: string;
  try {
    const urlJwt = jwt.verify(signedUploadUrl, jwtSecret, {
      audience,
    }) as JwtPayload;
    uploadUrl = urlJwt.presignedUrl;
  } catch (err) {
    throw new ForbiddenError(`Invalid signed upload URL: ${err}`);
  }

  // get playbackId from s3 url
  const matches = uploadUrl.match(/\/directUpload\/([^/]+)\/source/);
  if (!matches || matches.length < 2) {
    throw new UnprocessableEntityError(
      `the provided url for the upload is not valid or not supported: ${uploadUrl}`
    );
  }
  const playbackId = matches[1];
  return { uploadUrl, playbackId };
}
Example #2
Source File: parseAuthHeader.ts    From bouncecode-cms with GNU General Public License v3.0 5 votes vote down vote up 
parseAuthHeader = async (authHeader = '') => {
  try {
    const token = authHeader.replace(/Bearer /i, '');
    const jwtObj = await jwt.verify(token, CERT_PUBLIC);
    if (jwtObj.sub === 'access_token') return jwtObj as JwtPayload;
  } catch (e) {}
  return null;
}
Example #3
Source File: jwt-token-handler.ts    From advanced-node with GNU General Public License v3.0 5 votes vote down vote up 
async validate ({ token }: TokenValidator.Input): Promise<TokenValidator.Output> {
    const payload = verify(token, this.secret) as JwtPayload
    return payload.key
  }
Example #4
Source File: auth.ts    From livepeer-com with MIT License 4 votes vote down vote up 
/**
 * Creates a middleware that parses and verifies the authentication method from
 * the request and populates the `express.Request` object.
 *
 * @remarks
 * The only auth method supported is the `Authorization` header. It can use:
 *  * the `Bearer` scheme with an API key (used by external applications);
 *  * the `JWT` scheme with a JWT token (used by the dashboard), or;
 *  * the `Basic` scheme with an `userId` as the username and an API key from
 *    that user as the `password` (used by `go-livepeer` that only supports a
 *    URL to specify some endpoints like the stream auth webhook).
 *
 * @remarks
 * It is supposed to be used as a global middleware that runs for every request
 * and should be used in conjunction with the `authorizer` middleware below.
 *
 * As such it allows requests without any authentication method to pass through.
 * If the specific API requires a user, it must add an {@link authorizer}
 * middleware which will fail if the request is not authenticated.
 */
function authenticator(): RequestHandler {
  return async (req, res, next) => {
    res.vary("Authorization");
    const authHeader = req.headers.authorization;
    const { authScheme, authToken, rawAuthScheme } =
      parseAuthHeader(authHeader);
    const basicUser = basicAuth.parse(authHeader);
    let user: User;
    let tokenObject: WithID<ApiToken>;
    let userId: string;

    if (!authScheme) {
      return next();
    } else if (["bearer", "basic"].includes(authScheme)) {
      const isBasic = authScheme === "basic";
      const tokenId = isBasic ? basicUser?.pass : authToken;
      if (!tokenId) {
        throw new UnauthorizedError(`no authorization token provided`);
      }
      tokenObject = await db.apiToken.get(tokenId);
      const matchesBasicUser = tokenObject?.userId === basicUser?.name;
      if (!tokenObject || (isBasic && !matchesBasicUser)) {
        throw new UnauthorizedError(`no token ${tokenId} found`);
      }

      userId = tokenObject.userId;
      // track last seen
      tracking.recordToken(db, tokenObject);
    } else if (authScheme === "jwt") {
      try {
        const verified = jwt.verify(authToken, req.config.jwtSecret, {
          audience: req.config.jwtAudience,
        }) as JwtPayload;
        userId = verified.sub;
        tracking.recordUser(db, userId);
      } catch (err) {
        throw new UnauthorizedError(err.message);
      }
    } else {
      throw new UnauthorizedError(
        `unsupported authorization header scheme: ${rawAuthScheme}`
      );
    }

    user = await db.user.get(userId);
    if (!user) {
      throw new UnauthorizedError(
        `no user found from authorization header: ${authHeader}`
      );
    }
    if (user.suspended) {
      throw new ForbiddenError(`user is suspended`);
    }

    req.user = user;
    // UI admins must have a JWT
    req.isUIAdmin = user.admin && authScheme === "jwt";
    req.token = tokenObject;
    return next();
  };
}