Skip to content

Commit

Permalink
updated jsvm $security.parse* token helpers to return the payload as …
Browse files Browse the repository at this point in the history
…plain object
  • Loading branch information
ganigeorgiev committed Dec 4, 2023
1 parent 5b2575b commit 865865f
Show file tree
Hide file tree
Showing 5 changed files with 7,283 additions and 7,198 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@
_This is arbitrary chosen and may change in the future depending on the users feedback and usage patterns._
_If you are experiencing OOM errors during large image thumb generations, especially in container environment, you can try defining the `GOMEMLIMIT=500MiB` env variable before starting the executable._

- Minor JSVM updates and fixes:
- updated `$security.parseUnverifiedJWT(token)` and `$security.parseJWT(token, key)` to return the payload result as plain object


## v0.20.0-rc3

Expand Down
8 changes: 6 additions & 2 deletions plugins/jsvm/binds.go
Original file line number Diff line number Diff line change
Expand Up @@ -501,8 +501,12 @@ func securityBinds(vm *goja.Runtime) {
obj.Set("pseudorandomStringWithAlphabet", security.PseudorandomStringWithAlphabet)

// jwt
obj.Set("parseUnverifiedJWT", security.ParseUnverifiedJWT)
obj.Set("parseJWT", security.ParseJWT)
obj.Set("parseUnverifiedJWT", func(token string) (map[string]any, error) {
return security.ParseUnverifiedJWT(token)
})
obj.Set("parseJWT", func(token string, verificationKey string) (map[string]any, error) {
return security.ParseJWT(token, verificationKey)
})
obj.Set("createJWT", security.NewJWT)

// encryption
Expand Down
58 changes: 38 additions & 20 deletions plugins/jsvm/binds_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -784,40 +784,58 @@ func TestSecurityJWTBinds(t *testing.T) {
app, _ := tests.NewTestApp()
defer app.Cleanup()

vm := goja.New()
baseBinds(vm)
securityBinds(vm)

sceneraios := []struct {
js string
expected string
name string
js string
}{
{
`$security.parseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.aXzC7q7z1lX_hxk5P0R368xEU7H1xRwnBQQcLAmG0EY")`,
`{"name":"John Doe","sub":"1234567890"}`,
"$security.parseUnverifiedJWT",
`
const result = $security.parseUnverifiedJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.aXzC7q7z1lX_hxk5P0R368xEU7H1xRwnBQQcLAmG0EY")
if (result.name != "John Doe") {
throw new Error("Expected result.name 'John Doe', got " + result.name)
}
if (result.sub != "1234567890") {
throw new Error("Expected result.sub '1234567890', got " + result.sub)
}
`,
},
{
`$security.parseJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.aXzC7q7z1lX_hxk5P0R368xEU7H1xRwnBQQcLAmG0EY", "test")`,
`{"name":"John Doe","sub":"1234567890"}`,
"$security.parseJWT",
`
const result = $security.parseJWT("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.aXzC7q7z1lX_hxk5P0R368xEU7H1xRwnBQQcLAmG0EY", "test")
if (result.name != "John Doe") {
throw new Error("Expected result.name 'John Doe', got " + result.name)
}
if (result.sub != "1234567890") {
throw new Error("Expected result.sub '1234567890', got " + result.sub)
}
`,
},
{
`$security.createJWT({"exp": 123}, "test", 0)`, // overwrite the exp claim for static token
`"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEyM30.7gbv7w672gApdBRASI6OniCtKwkKjhieSxsr6vxSrtw"`,
"$security.createJWT",
`
// overwrite the exp claim for static token
const result = $security.createJWT({"exp": 123}, "test", 0)
const expected = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjEyM30.7gbv7w672gApdBRASI6OniCtKwkKjhieSxsr6vxSrtw";
if (result != expected) {
throw new Error("Expected token \n" + expected + ", got \n" + result)
}
`,
},
}

for _, s := range sceneraios {
t.Run(s.js, func(t *testing.T) {
result, err := vm.RunString(s.js)
t.Run(s.name, func(t *testing.T) {
vm := goja.New()
baseBinds(vm)
securityBinds(vm)

_, err := vm.RunString(s.js)
if err != nil {
t.Fatalf("Failed to execute js script, got %v", err)
}

raw, _ := json.Marshal(result.Export())

if string(raw) != s.expected {
t.Fatalf("Expected \n%s, \ngot \n%s", s.expected, raw)
}
})
}
}
Expand Down
Loading

0 comments on commit 865865f

Please sign in to comment.