diff --git a/npmextra.json b/npmextra.json index 315649c..92feb8f 100644 --- a/npmextra.json +++ b/npmextra.json @@ -5,17 +5,29 @@ "githost": "code.foss.global", "gitscope": "push.rocks", "gitrepo": "smartjwt", - "description": "a package for handling jwt", + "description": "A JavaScript package for creating and verifying JWTs with strong typing support.", "npmPackagename": "@push.rocks/smartjwt", "license": "MIT", - "projectDomain": "push.rocks" + "projectDomain": "push.rocks", + "keywords": [ + "jwt", + "jsonwebtoken", + "authentication", + "security", + "typescript", + "crypto", + "public key", + "private key", + "token validation", + "token creation" + ] } }, "npmci": { "npmGlobalTools": [], "npmAccessLevel": "public" }, - "tsdocs": { + "tsdoc": { "legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n" } } \ No newline at end of file diff --git a/package.json b/package.json index 48a909c..e1ec28a 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "@push.rocks/smartjwt", "version": "2.0.4", "private": false, - "description": "a package for handling jwt", + "description": "A JavaScript package for creating and verifying JWTs with strong typing support.", "main": "dist_ts/index.js", "typings": "dist_ts/index.d.ts", "author": "Lossless GmbH", @@ -39,5 +39,17 @@ "browserslist": [ "last 1 chrome versions" ], - "type": "module" -} + "type": "module", + "keywords": [ + "jwt", + "jsonwebtoken", + "authentication", + "security", + "typescript", + "crypto", + "public key", + "private key", + "token validation", + "token creation" + ] +} \ No newline at end of file diff --git a/readme.hints.md b/readme.hints.md new file mode 100644 index 0000000..0519ecb --- /dev/null +++ b/readme.hints.md @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/readme.md b/readme.md index cb2de16..841e7c8 100644 --- a/readme.md +++ b/readme.md @@ -1,39 +1,151 @@ # @push.rocks/smartjwt a package for handling jwt -## Availabililty and Links -* [npmjs.org (npm package)](https://www.npmjs.com/package/@push.rocks/smartjwt) -* [gitlab.com (source)](https://gitlab.com/push.rocks/smartjwt) -* [github.com (source mirror)](https://github.com/push.rocks/smartjwt) -* [docs (typedoc)](https://push.rocks.gitlab.io/smartjwt/) +## Install +To install @push.rocks/smartjwt, use npm or yarn as follows: -## Status for master +```bash +npm install @push.rocks/smartjwt --save +# or with yarn +yarn add @push.rocks/smartjwt +``` -Status Category | Status Badge --- | -- -GitLab Pipelines | [![pipeline status](https://gitlab.com/push.rocks/smartjwt/badges/master/pipeline.svg)](https://lossless.cloud) -GitLab Pipline Test Coverage | [![coverage report](https://gitlab.com/push.rocks/smartjwt/badges/master/coverage.svg)](https://lossless.cloud) -npm | [![npm downloads per month](https://badgen.net/npm/dy/@push.rocks/smartjwt)](https://lossless.cloud) -Snyk | [![Known Vulnerabilities](https://badgen.net/snyk/push.rocks/smartjwt)](https://lossless.cloud) -TypeScript Support | [![TypeScript](https://badgen.net/badge/TypeScript/>=%203.x/blue?icon=typescript)](https://lossless.cloud) -node Support | [![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/) -Code Style | [![Code Style](https://badgen.net/badge/style/prettier/purple)](https://lossless.cloud) -PackagePhobia (total standalone install weight) | [![PackagePhobia](https://badgen.net/packagephobia/install/@push.rocks/smartjwt)](https://lossless.cloud) -PackagePhobia (package size on registry) | [![PackagePhobia](https://badgen.net/packagephobia/publish/@push.rocks/smartjwt)](https://lossless.cloud) -BundlePhobia (total size when bundled) | [![BundlePhobia](https://badgen.net/bundlephobia/minzip/@push.rocks/smartjwt)](https://lossless.cloud) +Make sure you have Node.js installed on your machine. This library uses modern JavaScript features and requires Node.js version 10.x.x or higher. ## Usage -## Contribution +This section illustrates how to use the `@push.rocks/smartjwt` package to handle JSON Web Tokens (JWT) in your TypeScript projects with practical and comprehensive examples. Before diving into the scenarios, ensure you have the package installed and are comfortable with TypeScript and async/await syntax. -We are always happy for code contributions. If you are not the code contributing type that is ok. Still, maintaining Open Source repositories takes considerable time and thought. If you like the quality of what we do and our modules are useful to you we would appreciate a little monthly contribution: You can [contribute one time](https://lossless.link/contribute-onetime) or [contribute monthly](https://lossless.link/contribute). :) +### Initializing and Creating a New Key Pair -## Contribution +To utilize `smartjwt` for creating and verifying JWTs, you first need to instantiate `SmartJwt` class and generate or set a key pair (a private and a public key). Let's start by initializing and creating a new key pair: -We are always happy for code contributions. If you are not the code contributing type that is ok. Still, maintaining Open Source repositories takes considerable time and thought. If you like the quality of what we do and our modules are useful to you we would appreciate a little monthly contribution: You can [contribute one time](https://lossless.link/contribute-onetime) or [contribute monthly](https://lossless.link/contribute). :) +```typescript +import { SmartJwt } from '@push.rocks/smartjwt'; -For further information read the linked docs at the top of this readme. +async function setup() { + const smartJwt = new SmartJwt(); + await smartJwt.createNewKeyPair(); + console.log('Key pair created successfully'); +} +setup(); +``` -## Legal -> MIT licensed | **©** [Task Venture Capital GmbH](https://task.vc) -| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy) +### Creating a JWT + +Once you have your key pair ready, you can create JWTs by supplying a payload. The payload is the data you want to encode in your JWT. Here's an example of how to create a JWT: + +```typescript +interface MyPayload { + user_id: number; + username: string; +} + +async function createJwt() { + const smartJwt = new SmartJwt(); + await smartJwt.createNewKeyPair(); + const myPayload = { + user_id: 123, + username: 'example_username' + }; + const jwt = await smartJwt.createJWT(myPayload); + console.log(jwt); +} +createJwt(); +``` + +### Verifying a JWT and Extracting the Payload + +Verifying a JWT is crucial for authentication and authorization processes in applications. When you receive a JWT, you need to verify its integrity and authenticity before trusting the contained information. Here’s how to verify a JWT and extract its payload: + +```typescript +async function verifyJwt(jwt: string) { + const smartJwt = new SmartJwt(); + // In a real application, you should set the public key from a trusted source. + smartJwt.setPublicPemKeyForVerification(''); + + try { + const payload = await smartJwt.verifyJWTAndGetData(jwt); + console.log('JWT verified successfully:', payload); + } catch (error) { + console.error('Failed to verify JWT:', error); + } +} +``` + +### Handling Public and Private Keys + +In scenarios where you have existing keys or receive them from an external source, `smartjwt` allows setting the public and private keys directly instead of generating new ones. Here is an example: + +```typescript +async function setExistingKeys() { + const smartJwt = new SmartJwt(); + const privateKeyString = ''; + const publicKeyString = ''; + + smartJwt.setPrivateKeyFromPemString(privateKeyString); + smartJwt.setPublicKeyFromPemString(publicKeyString); +} +``` + +### Exporting and Importing Key Pairs + +You may need to store your key pairs securely or share them across different parts of your application or with other services securely. `smartjwt` offers a convenient way to export and import key pairs as JSON: + +```typescript +async function exportAndImportKeyPair() { + const smartJwt = new SmartJwt(); + await smartJwt.createNewKeyPair(); + const keyPairJson = smartJwt.getKeyPairAsJson(); + console.log('Exported Key Pair:', keyPairJson); + + const newSmartJwt = new SmartJwt(); + newSmartJwt.setKeyPairAsJson(keyPairJson); + console.log('Imported Key Pair Successfully'); +} +exportAndImportKeyPair(); +``` + +### Complete Scenario: Signing and Verifying a JWT + +Bringing it all together, here is a complete scenario where a JWT is created, signed, and later verified: + +```typescript +async function completeScenario() { + // Creating a new JWT + const smartJwt = new SmartJwt(); + await smartJwt.createNewKeyPair(); + const jwt = await smartJwt.createJWT({ user_id: 123, username: 'exampleuser' }); + console.log('Created JWT:', jwt); + + // Verifying the JWT in another instance or part of the application + const verifier = new SmartJwt(); + verifier.setPublicPemKeyForVerification(smartJwt.publicKey.toPemString()); + const verifiedPayload = await verifier.verifyJWTAndGetData(jwt); + console.log('Verified Payload:', verifiedPayload); +} +completeScenario(); +``` + +By following these examples, you can effectively handle JWT creation, signing, verification, and key management in your TypeScript projects using the `@push.rocks/smartjwt` package. Always ensure to manage your keys securely and avoid exposing sensitive information. + +For further information and advanced features, consult the project's documentation and source code. + +## License and Legal Information + +This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. + +**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. + +### Trademarks + +This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH. + +### Company Information + +Task Venture Capital GmbH +Registered at District court Bremen HRB 35230 HB, Germany + +For any legal inquiries or if you require further information, please contact us via email at hello@task.vc. + +By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.