'use strict'; // ////////////////////////////////////////////////////////////////////////////// // / DISCLAIMER // / // / Copyright 2015-2016 ArangoDB GmbH, Cologne, Germany // / // / Licensed under the Apache License, Version 2.0 (the "License") // / you may not use this file except in compliance with the License. // / You may obtain a copy of the License at // / // / http://www.apache.org/licenses/LICENSE-2.0 // / // / Unless required by applicable law or agreed to in writing, software // / distributed under the License is distributed on an "AS IS" BASIS, // / WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // / See the License for the specific language governing permissions and // / limitations under the License. // / // / Copyright holder is ArangoDB GmbH, Cologne, Germany // / // / @author Alan Plum // ////////////////////////////////////////////////////////////////////////////// const assert = require('assert'); const crypto = require('@arangodb/crypto'); module.exports = function jwtStorage (cfg) { if (typeof cfg === 'string') { cfg = {secret: cfg}; } if (!cfg) { cfg = {}; } assert(cfg.algorithm === 'none' || cfg.secret, `Must pass a JWT secret for "${cfg.algorithm}" algorithm`); assert(cfg.algorithm !== 'none' || !cfg.secret, 'Must NOT pass a JWT secret for "none" algorithm'); const algorithm = cfg.algorithm || 'HS512'; const ttl = (cfg.ttl || 60 * 60) * 1000; return { fromClient(sid) { const token = crypto.jwtDecode(cfg.secret, sid, cfg.verify === false); if (token.exp < Date.now()) { return null; } return { uid: token.uid, created: token.iat, data: token.payload }; }, forClient(session) { const token = { uid: session.uid, iat: session.created, payload: session.data, exp: Date.now() + ttl }; return crypto.jwtEncode(cfg.secret, token, algorithm); }, new() { return { uid: null, created: Date.now(), data: null }; } }; };