Skip to content

Commit

Permalink
deprecate ExpressJwtRequest in favor of Request with optional auth, c…
Browse files Browse the repository at this point in the history
…loses #284
  • Loading branch information
jfromaniello committed May 6, 2022
1 parent bc9cd6b commit de169de
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 27 deletions.
27 changes: 3 additions & 24 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -244,34 +244,13 @@ To get the full types of the parameters object install also `@types/jsonwebtoken
An `ExpressJwtRequest` type is provided which extends `express.Request` with the `auth` property.

```typescript
import { expressjwt, ExpressJwtRequest } from "express-jwt";
import { expressjwt, Request as JWTRequest } from "express-jwt";

app.get(
"/protected",
expressjwt({ secret: "shhhhhhared-secret", algorithms: ["HS256"] }),
function (req: ExpressJwtRequest, res: express.Response) {
if (!req.auth.admin) return res.sendStatus(401);
res.sendStatus(200);
}
);
```

If you use `credentialsRequired: false` then use `ExpressJwtRequestUnrequired`. This type defines `req.auth` as optional, example:

```typescript
import { expressjwt, ExpressJwtRequest } from "express-jwt";

app.get(
"/protected",
expressjwt({
secret: "shhhhhhared-secret",
algorithms: ["HS256"],
credentialsRequired: false,
}),
function (req: ExpressJwtRequestUnrequired, res: express.Response) {
if (!req.auth?.admin) {
return res.sendStatus(401);
}
function (req: JWTRequest, res: express.Response) {
if (!req.auth?.admin) return res.sendStatus(401);
res.sendStatus(200);
}
);
Expand Down
67 changes: 64 additions & 3 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,94 @@ import * as express from 'express';
import expressUnless from 'express-unless';
import { UnauthorizedError } from './errors/UnauthorizedError';

/**
* A function that defines how to retrieve the verification key given the express request and the JWT.
*/
export type GetVerificationKey = (req: express.Request, token: jwt.Jwt | undefined) => jwt.Secret | Promise<jwt.Secret>;

//deprecates key callback types for backward compatibility with v6
/**
* @deprecated use GetVerificationKey
*/
export type SecretCallback = GetVerificationKey;

/**
* @deprecated use GetVerificationKey
*/
export type SecretCallbackLong = GetVerificationKey;
//

/**
* A function to check if a token is revoked
*/
export type IsRevoked = (req: express.Request, token: jwt.Jwt | undefined) => boolean | Promise<boolean>;

/**
* A function to customize how a token is retrieved from the express request.
*/
export type TokenGetter = (req: express.Request) => string | Promise<string> | undefined;

type Params = {
/**
* The Key or a function to retrieve the key used to verify the JWT.
*/
secret: jwt.Secret | GetVerificationKey,

/**
* Defines how to retrieves the token from the request object.
*/
getToken?: TokenGetter,

/**
* Defines how to verify if a token is revoked.
*/
isRevoked?: IsRevoked,

/**
* If sets to true, continue to the next middleware when the
* request doesn't include a token without failing.
*
* @default true
*/
credentialsRequired?: boolean,

/**
* Allows to customize the name of the property in the request object
* where the decoded payload is set.
* @default 'auth'
*/
requestProperty?: string,

/**
* List of JWT algorithms allowed.
*/
algorithms: jwt.Algorithm[];
} & jwt.VerifyOptions;

export { UnauthorizedError } from './errors/UnauthorizedError';

/**
* @deprecated this breaks tsc when using strict: true
*/
export type ExpressJwtRequest<T = jwt.JwtPayload> =
express.Request & { auth: T }

/**
* @deprecated use Request<T>
*/
export type ExpressJwtRequestUnrequired<T = jwt.JwtPayload> =
express.Request & { auth?: T }

/**
* The Express Request including the "auth" property with the decoded JWT payload.
*/
export type Request<T = jwt.JwtPayload> =
express.Request & { auth?: T };

/**
* Returns an express middleware to verify JWTs.
*
* @param options {Params}
* @returns
*/
export const expressjwt = (options: Params) => {
if (!options?.secret) throw new RangeError('express-jwt: `secret` is a required option');
if (!options.algorithms) throw new RangeError('express-jwt: `algorithms` is a required option');
Expand Down Expand Up @@ -108,7 +169,7 @@ export const expressjwt = (options: Params) => {
throw new UnauthorizedError('revoked_token', { message: 'The token has been revoked.' });
}

const request = req as ExpressJwtRequest<jwt.JwtPayload | string>;
const request = req as Request<jwt.JwtPayload | string>;
request[requestProperty] = decodedToken.payload;
next();
} catch (err) {
Expand Down

0 comments on commit de169de

Please sign in to comment.