diff --git a/package-lock.json b/package-lock.json index 54a910c7..17eef04c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,9 +11,12 @@ "dependencies": { "@types/jsonwebtoken": "^9", "express-unless": "^2.1.3", - "jsonwebtoken": "^9.0.0" + "jsonwebtoken": "^9.0.0", + "lodash.set": "^4.3.2" }, "devDependencies": { + "@types/lodash": "^4.14.191", + "@types/lodash.set": "^4.3.7", "@types/mocha": "^9.1.0", "@typescript-eslint/eslint-plugin": "^5.15.0", "@typescript-eslint/parser": "^5.15.0", @@ -310,6 +313,21 @@ "@types/node": "*" } }, + "node_modules/@types/lodash": { + "version": "4.14.191", + "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.191.tgz", + "integrity": "sha512-BdZ5BCCvho3EIXw6wUCXHe7rS53AIDPLE+JzwgT+OsJk53oBfbSmZZ7CX4VaRoN78N+TJpFi9QPlfIVNmJYWxQ==", + "dev": true + }, + "node_modules/@types/lodash.set": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/@types/lodash.set/-/lodash.set-4.3.7.tgz", + "integrity": "sha512-bS5Wkg/nrT82YUfkNYPSccFrNZRL+irl7Yt4iM6OTSQ0VZJED2oUIVm15NkNtUAQ8SRhCe+axqERUV6MJgkeEg==", + "dev": true, + "dependencies": { + "@types/lodash": "*" + } + }, "node_modules/@types/minimist": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/@types/minimist/-/minimist-1.2.2.tgz", @@ -2642,6 +2660,11 @@ "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "node_modules/lodash.set": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz", + "integrity": "sha512-4hNPN5jlm/N/HLMCO43v8BXKq9Z7QdAGc/VGrRD61w8gN9g/6jF9A4L1pbUgBLCffi0w9VsXfTOij5x8iTyFvg==" + }, "node_modules/log-symbols": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", @@ -4746,6 +4769,21 @@ "@types/node": "*" } }, + "@types/lodash": { + "version": "4.14.191", + "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.191.tgz", + "integrity": "sha512-BdZ5BCCvho3EIXw6wUCXHe7rS53AIDPLE+JzwgT+OsJk53oBfbSmZZ7CX4VaRoN78N+TJpFi9QPlfIVNmJYWxQ==", + "dev": true + }, + "@types/lodash.set": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/@types/lodash.set/-/lodash.set-4.3.7.tgz", + "integrity": "sha512-bS5Wkg/nrT82YUfkNYPSccFrNZRL+irl7Yt4iM6OTSQ0VZJED2oUIVm15NkNtUAQ8SRhCe+axqERUV6MJgkeEg==", + "dev": true, + "requires": { + "@types/lodash": "*" + } + }, "@types/minimist": { "version": "1.2.2", "resolved": "https://registry.npmjs.org/@types/minimist/-/minimist-1.2.2.tgz", @@ -6523,6 +6561,11 @@ "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", "dev": true }, + "lodash.set": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/lodash.set/-/lodash.set-4.3.2.tgz", + "integrity": "sha512-4hNPN5jlm/N/HLMCO43v8BXKq9Z7QdAGc/VGrRD61w8gN9g/6jF9A4L1pbUgBLCffi0w9VsXfTOij5x8iTyFvg==" + }, "log-symbols": { "version": "4.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", diff --git a/package.json b/package.json index d6532c01..0618321a 100644 --- a/package.json +++ b/package.json @@ -35,9 +35,12 @@ "dependencies": { "@types/jsonwebtoken": "^9", "express-unless": "^2.1.3", - "jsonwebtoken": "^9.0.0" + "jsonwebtoken": "^9.0.0", + "lodash.set": "^4.3.2" }, "devDependencies": { + "@types/lodash": "^4.14.191", + "@types/lodash.set": "^4.3.7", "@types/mocha": "^9.1.0", "@typescript-eslint/eslint-plugin": "^5.15.0", "@typescript-eslint/parser": "^5.15.0", diff --git a/src/index.ts b/src/index.ts index 83677592..03f59d22 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,6 +1,8 @@ -import * as jwt from 'jsonwebtoken'; +import jwt from 'jsonwebtoken'; import * as express from 'express'; import { unless } from 'express-unless'; +import set from 'lodash.set'; + import { UnauthorizedError } from './errors/UnauthorizedError'; /** @@ -123,7 +125,7 @@ export const expressjwt = (options: Params) => { .map(header => header.trim().toLowerCase()) .includes('authorization'); if (hasAuthInAccessControl) { - return next(); + return setImmediate(next); } } @@ -185,10 +187,10 @@ export const expressjwt = (options: Params) => { } const request = req as Request; - request[requestProperty] = decodedToken.payload; - next(); + set(request, requestProperty, decodedToken.payload); + setImmediate(next); } catch (err) { - return next(err); + setImmediate(next, err); } }; diff --git a/test/jwt.test.ts b/test/jwt.test.ts index c2166812..177e4c2c 100644 --- a/test/jwt.test.ts +++ b/test/jwt.test.ts @@ -2,7 +2,7 @@ import * as jwt from 'jsonwebtoken'; import * as express from 'express'; import { expressjwt, UnauthorizedError, Request, GetVerificationKey } from '../src'; -import * as assert from 'assert'; +import assert from 'assert'; describe('failure tests', function () { @@ -289,6 +289,21 @@ describe('work tests', function () { }); }); + it('should work with custom and nested request property', function (done) { + const secret = 'shhhhhh'; + const token = jwt.sign({ foo: 'bar' }, secret); + const req = {} as Request; + const res = {} as express.Response; + const requestProperty = 'auth.payload'; + + req.headers = {}; + req.headers.authorization = 'Bearer ' + token; + expressjwt({ secret: secret, algorithms: ['HS256'], requestProperty })(req, res, function () { + assert.equal(req.auth.payload.foo, 'bar'); + done(); + }); + }); + it('should work if authorization header is valid with a buffer secret', function (done) { const secret = Buffer.from('AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'base64'); const token = jwt.sign({ foo: 'bar' }, secret); diff --git a/tsconfig.json b/tsconfig.json index dd76af26..b1747c08 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -3,9 +3,10 @@ "outDir": "./dist", "allowJs": true, "target": "es5", - "declaration": true + "declaration": true, + "esModuleInterop": true }, "include": [ "./src/**/*" ] -} \ No newline at end of file +}