1.0.9

.gitignore

@@ -8,9 +8,12 @@ pages/
 # installs
 node_modules/
 
-# caches and builds
+# caches
 .yarn/
 .cache/
+.rpt2_cache
+
+# builds
 dist/
 dist_web/
 dist_serve/

.gitlab-ci.yml

@@ -1,5 +1,5 @@
-# gitzone standard
-image: hosttoday/ht-docker-node:npmci
+# gitzone ci_default
+image: registry.gitlab.com/hosttoday/ht-docker-node:npmci
 
 cache:
   paths:
@@ -34,48 +34,11 @@ snyk:
   - docker
   - notpriv
 
-sast:
-  stage: security
-  image: registry.gitlab.com/hosttoday/ht-docker-dbase:npmci
-  variables:
-    DOCKER_DRIVER: overlay2
-  allow_failure: true
-  services:
-    - docker:stable-dind
-  script:
-    - npmci npm prepare
-    - npmci npm install
-    - npmci command npm run build
-    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-    - docker run
-        --env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
-        --volume "$PWD:/code"
-        --volume /var/run/docker.sock:/var/run/docker.sock
-        "registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
-  artifacts:
-    reports:
-      sast: gl-sast-report.json
-  tags:
-  - docker
-  - priv
-
 # ====================
 # test stage
 # ====================
 
-testLTS:
-  stage: test
-  script:
-  - npmci npm prepare
-  - npmci node install lts
-  - npmci npm install
-  - npmci npm test
-  coverage: /\d+.?\d+?\%\s*coverage/
-  tags:
-  - docker
-  - notpriv
-    
-testSTABLE:
+testStable:
   stage: test
   script:
   - npmci npm prepare
@@ -85,6 +48,18 @@ testSTABLE:
   coverage: /\d+.?\d+?\%\s*coverage/
   tags:
   - docker
+  - priv
+
+testBuild:
+  stage: test
+  script:
+  - npmci npm prepare
+  - npmci node install stable
+  - npmci npm install
+  - npmci command npm run build
+  coverage: /\d+.?\d+?\%\s*coverage/
+  tags:
+  - docker
   - notpriv
 
 release:
@@ -103,19 +78,12 @@ release:
 # ====================
 codequality:
   stage: metadata
-  image: docker:stable
   allow_failure: true
-  services:
-    - docker:stable-dind
   script:
-    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
-    - docker run
-        --env SOURCE_CODE="$PWD"
-        --volume "$PWD":/code
-        --volume /var/run/docker.sock:/var/run/docker.sock
-        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
-  artifacts:
-    paths: [codeclimate.json]
+    - npmci command npm install -g tslint typescript
+    - npmci npm prepare
+    - npmci npm install
+    - npmci command "tslint -c tslint.json ./ts/**/*.ts"
   tags:
   - docker
   - priv
@@ -131,13 +99,15 @@ trigger:
   - notpriv
 
 pages:
-  image: hosttoday/ht-docker-node:npmci
+  image: hosttoday/ht-docker-dbase:npmci
+  services:
+   - docker:stable-dind
   stage: metadata
   script:
-    - npmci command npm install -g typedoc typescript
+    - npmci command npm install -g @gitzone/tsdoc
     - npmci npm prepare
     - npmci npm install
-    - npmci command typedoc --module "commonjs" --target "ES2016" --out public/ ts/
+    - npmci command tsdoc
   tags:
     - docker
     - notpriv

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushrocks/smartjwt",
-  "version": "1.0.5",
+  "version": "1.0.9",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -139,9 +139,9 @@
       }
     },
     "@pushrocks/smartcrypto": {
-      "version": "1.0.5",
-      "resolved": "https://verdaccio.lossless.one/@pushrocks%2fsmartcrypto/-/smartcrypto-1.0.5.tgz",
-      "integrity": "sha512-GkvR/3LE5X4BI/SALmHP5m4cgN4O5AwBtNSMESGiGGnWD9/JN3FL17ZtA2oXe09uuskeoUeStPPCEGi1VWIs4Q==",
+      "version": "1.0.7",
+      "resolved": "https://verdaccio.lossless.one/@pushrocks%2fsmartcrypto/-/smartcrypto-1.0.7.tgz",
+      "integrity": "sha512-o82yK1AcZCSh4YKJAt2LD4qp2wPBC2UYBgloaNhwv6ixITiF1OtKkVMky6uMhlYzTc+YfGFocl1CC0uVlSAaTw==",
       "requires": {
         "@pushrocks/smartpromise": "^3.0.5",
         "@types/node-forge": "^0.8.6",
@@ -149,9 +149,9 @@
       },
       "dependencies": {
         "@pushrocks/smartpromise": {
-          "version": "3.0.5",
-          "resolved": "https://verdaccio.lossless.one/@pushrocks%2fsmartpromise/-/smartpromise-3.0.5.tgz",
-          "integrity": "sha512-9kHBWyDFjQ6cV1rseOfge02EH6huh/mrtqxlFoJoxnMaGWf5F8H3UEsskBBUGI6QKE1Bl8evr74AIKWwJ0r/bA=="
+          "version": "3.0.6",
+          "resolved": "https://verdaccio.lossless.one/@pushrocks%2fsmartpromise/-/smartpromise-3.0.6.tgz",
+          "integrity": "sha512-vlQlBGNVIjfClgnsfgQBU6GIKcskYSFzEcKLt18ngPzPEcjKklXcxaqzLXpnoxR+KBh30QPE8255ncYHXuPPOg=="
         }
       }
     },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushrocks/smartjwt",
-  "version": "1.0.5",
+  "version": "1.0.9",
   "private": false,
   "description": "a package for handling jwt",
   "main": "dist/index.js",
@@ -21,8 +21,19 @@
     "tslint-config-prettier": "^1.15.0"
   },
   "dependencies": {
-    "@pushrocks/smartcrypto": "^1.0.5",
+    "@pushrocks/smartcrypto": "^1.0.7",
     "@types/jsonwebtoken": "^8.3.4",
     "jsonwebtoken": "^8.5.1"
-  }
+  },
+  "files": [
+    "ts/*",
+    "ts_web/*",
+    "dist/*",
+    "dist_web/*",
+    "dist_ts_web/*",
+    "assets/*",
+    "cli.js",
+    "npmextra.json",
+    "readme.md"
+  ]
 }

readme.md

@@ -20,9 +20,7 @@ a package for handling jwt
 
 For further information read the linked docs at the top of this readme.
 
-This package is intended for being used serverside. There is a corresponding client package for browsers calls @pushrocks/webtoken
-
 > MIT licensed | **©** [Lossless GmbH](https://lossless.gmbh)
-| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html)
+| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy)
 
-[![repo-footer](https://pushrocks.gitlab.io/assets/repo-footer.svg)](https://maintainedby.lossless.com)
+[![repo-footer](https://lossless.gitlab.io/publicrelations/repofooter.svg)](https://maintainedby.lossless.com)

test/test.ts

@@ -2,6 +2,7 @@ import { expect, tap } from '@pushrocks/tapbundle';
 import * as smartjwt from '../ts/index';
 
 let smartjwtInstance: smartjwt.SmartJwt;
+let testJwt: string;
 
 tap.test('should create a valid instance', async () => {
   smartjwtInstance = new smartjwt.SmartJwt();
@@ -10,7 +11,31 @@ tap.test('should create a valid instance', async () => {
 });
 
 tap.test('should create a valid jwt', async () => {
+  await smartjwtInstance.createNewKeyPair();
+});
 
+tap.test('should create a new jwt', async () => {
+  testJwt = await smartjwtInstance.createJWT({ hi: 'there' });
+  console.log(testJwt);
+});
+
+tap.test('should verify a jwt', async () => {
+  const data = await smartjwtInstance.verifyJWTAndGetData(testJwt);
+  console.log(data);
+});
+
+tap.test('should not verify a wrong jwt', async () => {
+  const jwt2 = await smartjwtInstance.createJWT({ wow: 'soclear' });
+  const jwt2Array = jwt2.split('.');
+  const testJwtArray = testJwt.split('.');
+  const newJwt = `${testJwtArray[0]}.${jwt2Array[1]}.${testJwtArray[2]}`;
+  let error: Error;
+  try {
+    await smartjwtInstance.verifyJWTAndGetData(newJwt);
+  } catch (e) {
+    error = e;
+  }
+  expect(error).to.be.instanceOf(Error);
 });
 
 tap.start();

ts/smartjwt.classes.smartjwt.ts

@@ -1,28 +1,37 @@
 import * as plugins from './smartjwt.plugins';
 
+export interface ISmartJWTJSONKeypair {
+  privatePem: string;
+  publicPem: string;
+}
+
 /**
- * 
+ * A class to create and validate JWTs and their keys
  */
 export class SmartJwt {
   public smartcryptoInstance = new plugins.smartcrypto.Smartcrypto();
   public publicKey: plugins.smartcrypto.PublicKey;
   public privateKey: plugins.smartcrypto.PrivateKey;
 
-  constructor() {};
+  constructor() {}
 
   /**
    * creates a JWT
    */
   public async createJWT(payloadArg: any) {
-    return plugins.jsonwebtoken.sign(payloadArg, this.privateKey.toPemString());
+    return plugins.jsonwebtoken.sign(payloadArg, this.privateKey.toPemString(), {
+      algorithm: 'RS256'
+    });
   }
 
   /**
    * checks a JWT
    */
   public async verifyJWTAndGetData(jwtArg: string) {
-    return plugins.jsonwebtoken.verify(jwtArg, this.publicKey.toPemString());
-  };
+    return plugins.jsonwebtoken.verify(jwtArg, this.publicKey.toPemString(), {
+      algorithms: ['RS256']
+    });
+  }
 
   /**
    * sets a private key to create jwts with
@@ -38,6 +47,23 @@ export class SmartJwt {
     this.publicKey = publicKey;
   }
 
+  /**
+   * gets the currently set kaypair as json
+   */
+  public getKeyPairAsJson(): ISmartJWTJSONKeypair {
+    return {
+      privatePem: this.privateKey.toPemString(),
+      publicPem: this.publicKey.toPemString()
+    };
+  }
+
+  /**
+   * sets the currently set keypair as json
+   */
+  public setKeyPairAsJson(jsonKeyPair: ISmartJWTJSONKeypair) {
+    this.privateKey = plugins.smartcrypto.PrivateKey.fromPemString(jsonKeyPair.privatePem);
+    this.publicKey = plugins.smartcrypto.PublicKey.fromPemString(jsonKeyPair.publicPem);
+  }
 
   /**
    * creates a new keypair

ts/smartjwt.plugins.ts

@@ -1,12 +1,8 @@
 // @pushrocks scope
 import * as smartcrypto from '@pushrocks/smartcrypto';
 
-export {
-  smartcrypto
-};
+export { smartcrypto };
 
 // thirdparty scope
 import * as jsonwebtoken from 'jsonwebtoken';
-export {
-  jsonwebtoken
-};
+export { jsonwebtoken };