move token to fp

Author: felixheck

src/index.js

@@ -23,11 +23,11 @@ let store
  * public key or online with help of the Keycloak server and
  * JWKS. Resolve if the verification succeeded.
  *
- * @param {string} token The token to be validated
+ * @param {string} tkn The token to be validated
  * @returns {Promise} The error-handled promise
  */
-function validateSignedJwt (token) {
-  return manager.validateToken(new Token(token, options.clientId))
+function validateSignedJwt (tkn) {
+  return manager.validateToken(new Token(tkn, options.clientId))
 }
 
 /**
@@ -38,16 +38,16 @@ function validateSignedJwt (token) {
  * Keycloak server, the client identifier and its secret.
  * Resolve if the request succeeded and token is valid.
  *
- * @param {string} token The token to be validated
+ * @param {string} tkn The token to be validated
  * @returns {Promise} The error-handled promise
  */
-function validateSecret (token) {
-  return manager.validateAccessToken(token).then((res) => {
+function validateSecret (tkn) {
+  return manager.validateAccessToken(tkn).then((res) => {
     if (res === false) {
       throw Error(error.msg.invalid)
     }
 
-    return token
+    return tkn
   })
 }
 
@@ -65,11 +65,11 @@ function validateSecret (token) {
 function handleKeycloakValidation (tkn, reply) {
   const validateFn = options.secret ? validateSecret : validateSignedJwt
 
-  validateFn(tkn.get()).then(() => {
-    const { expiresIn, credentials } = tkn.getData(options.userInfo)
+  validateFn(tkn).then(() => {
+    const { expiresIn, credentials } = token.getData(tkn, options.userInfo)
     const userData = { credentials }
 
-    cache.set(store, tkn.get(), userData, expiresIn)
+    cache.set(store, tkn, userData, expiresIn)
     reply.continue(userData)
   }).catch((err) => {
     reply(error('unauthorized', err, error.msg.invalid))
@@ -88,14 +88,14 @@ function handleKeycloakValidation (tkn, reply) {
  * @param {Function} reply The callback handler
  */
 function validate (field, reply) {
-  const tkn = token(field)
+  const tkn = token.create(field)
   const done = fakeReply(reply)
 
   if (!tkn) {
     return done(error('unauthorized', error.msg.missing))
   }
 
-  cache.get(store, tkn.get(), (err, cached) => {
+  cache.get(store, tkn, (err, cached) => {
     const isCached = cached && !err
     isCached ? done.continue(cached) : handleKeycloakValidation(tkn, done)
   })

src/token.js

@@ -1,155 +1,125 @@
 const _ = require('lodash')
 
 /**
- * @constructor
- * @public
+ * @function
+ * @private
  *
- * Wrap JSON Web Token to enable additional features.
+ * Extract bearer token out of header.
+ * https://tools.ietf.org/html/rfc7519
  *
- * @param {string} field The bearer token field
- * @returns {token} The token wrapper
+ * @param {string} field The header field to be scanned
+ * @returns {string} The extracted header
  */
-function token (field) {
-  let tkn
-
-  /**
-   * @function
-   * @private
-   *
-   * Extract bearer token out of header.
-   * https://tools.ietf.org/html/rfc7519
-   *
-   * @param {string} header The header to be scanned
-   * @returns {string} The extracted header
-   */
-  function extractToken (header) {
-    return /^(?:bearer) ([a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?)$/i.exec(header)
-  }
-
-  /**
-   * @function
-   * @private
-   *
-   * Get scope out of token content.
-   * Exclude `account` roles and prefix realm roles
-   * with `realm:`. Roles of other resources are prefixed
-   * with their name.
-   *
-   * @param {Object} [realm] The realm access data
-   * @param {Object} [resource] The resource access data
-   * @returns {Array.<?string>} The list of roles
-   */
-  function getScope ({
-    realm_access: realm = { roles: [] },
-    resource_access: resource = {}
-  }) {
-    delete resource.account
-    const realmRoles = realm.roles.map(role => `realm:${role}`)
-
-    const appRoles = _.flatten(_.map(resource, 'roles'))
+function extractToken (field) {
+  return /^(?:bearer) ([a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?)$/i.exec(field)
+}
 
-    return [...realmRoles, ...appRoles]
-  }
+/**
+ * @function
+ * @private
+ *
+ * Get scope out of token content.
+ * Exclude `account` roles and prefix realm roles
+ * with `realm:`. Roles of other resources are prefixed
+ * with their name.
+ *
+ * @param {Object} [realm] The realm access data
+ * @param {Object} [resource] The resource access data
+ * @returns {Array.<?string>} The list of roles
+ */
+function getScope ({
+  realm_access: realm = { roles: [] },
+  resource_access: resource = {}
+}) {
+  delete resource.account
+  const realmRoles = realm.roles.map(role => `realm:${role}`)
 
-  /**
-   * @function
-   * @private
-   *
-   * Get expiration out of token content.
-   *
-   * @param {number} [exp] The `expiration` timestamp in seconds
-   * @param {number} [iat] The `issued at` timestamp in seconds
-   * @returns {number} The expiration delta in milliseconds
-   */
-  function getExpiration ({ exp = 60, iat = 0 }) {
-    return (exp - iat) * 1000
-  }
+  const appRoles = _.flatten(_.map(resource, 'roles'))
 
-  /**
-   * @function
-   * @private
-   *
-   * Get necessary user information out of token content.
-   *
-   * @param {Object} content The token its content
-   * @param {Array.<?string>} [fields] The necessary fields
-   * @returns {Object} The collection of requested user info
-   */
-  function getUserInfo (content, fields = []) {
-    return _.pick(content, ['sub', ...fields])
-  }
+  return [...realmRoles, ...appRoles]
+}
 
-  /**
-   * @function
-   * @public
-   *
-   * Extract content out of token.
-   * The content is the middle part.
-   *
-   * @returns {Object} The token its content
-   */
-  function getContent () {
-    return JSON.parse(Buffer.from(tkn.split('.')[1], 'base64').toString())
-  }
+/**
+ * @function
+ * @private
+ *
+ * Get expiration out of token content.
+ *
+ * @param {number} [exp] The `expiration` timestamp in seconds
+ * @param {number} [iat] The `issued at` timestamp in seconds
+ * @returns {number} The expiration delta in milliseconds
+ */
+function getExpiration ({ exp = 60, iat = 0 }) {
+  return (exp - iat) * 1000
+}
 
-  /**
-   * @function
-   * @public
-   *
-   * Get various data out of token content.
-   * Get the current scope of the user and
-   * when the token expires.
-   *
-   * @returns {Object} The extracted data
-   */
-  function getData (userInfoFields) {
-    const content = getContent()
+/**
+ * @function
+ * @private
+ *
+ * Get necessary user information out of token content.
+ *
+ * @param {Object} content The token its content
+ * @param {Array.<?string>} [fields] The necessary fields
+ * @returns {Object} The collection of requested user info
+ */
+function getUserInfo (content, fields = []) {
+  return _.pick(content, ['sub', ...fields])
+}
 
-    return {
-      expiresIn: getExpiration(content),
-      credentials: Object.assign({
-        scope: getScope(content)
-      }, getUserInfo(content, userInfoFields))
-    }
-  }
+/**
+ * @function
+ * @public
+ *
+ * Extract content out of token.
+ * The content is the middle part.
+ *
+ * @param {string} tkn The token to be checked
+ * @returns {Object} The token its content
+ */
+function getContent (tkn) {
+  return JSON.parse(Buffer.from(tkn.split('.')[1], 'base64').toString())
+}
 
-  /**
-   * @function
-   * @public
-   *
-   * Get the original token.
-   *
-   * @returns {string} The original token
-   */
-  function get () {
-    return tkn
+/**
+ * @function
+ * @public
+ *
+ * Get various data out of token content.
+ * Get the current scope of the user and
+ * when the token expires.
+ *
+* @param {string} tkn The token to be checked
+ * @returns {Object} The extracted data
+ */
+function getData (tkn, userInfoFields) {
+  const content = getContent(tkn)
+
+  return {
+    expiresIn: getExpiration(content),
+    credentials: Object.assign({
+      scope: getScope(content)
+    }, getUserInfo(content, userInfoFields))
   }
+}
 
-  /**
-   * @function
-   * @private
-   *
-   * Initialize token instance.
-   *
-   * @returns {Object|false} The token instance or `false` dependent on field
-   */
-  function init () {
-    const match = extractToken(field)
-
-    if (!match) {
-      return false
-    }
-
-    tkn = match[1]
-
-    return {
-      getContent,
-      getData,
-      get
-    }
-  }
+/**
+ * @function
+ * @public
+ *
+ * Get token out of header field.
+ *
+ * @param {string} field The header field to be scanned
+ * @returns {string|false} The token or `false` dependent on field
+ */
+function create (field) {
+  const match = extractToken(field)
 
-  return init()
+  return match ? match[1] : false
 }
 
-module.exports = token
+module.exports = {
+  create,
+  getContent,
+  getData
+}