introduce first state of offline validation

felixheck · felixheck · commit b3f6ce3478d8 · 2017-08-03T22:59:12.000+02:00
diff --git a/src/index.js b/src/index.js
@@ -1,4 +1,5 @@
 const axios = require('axios')
+const jwt = require('jsonwebtoken')
 const cache = require('./cache')
 const token = require('./token')
 const { error, fakeReply, verify } = require('./utils')
@@ -12,6 +13,40 @@ const pkg = require('../package.json')
  */
 let options
 
+/**
+ * @function
+ * @private
+ *
+ * Validate the token offline with help of
+ * the related public key. Resolve if the
+ * verification succeeded.
+ *
+ * @param {string} token The token to be validated
+ * @returns {Promise} The error-handled promise
+ */
+function validateOffline (token) {
+  return new Promise((resolve, reject) => {
+    jwt.verify(token, options.publicKey, options.verifyOpts, (err, decoded) => {
+      if (err) {
+        reject(err)
+      }
+
+      resolve(decoded)
+    })
+  })
+}
+
+/**
+ * @function
+ * @private
+ *
+ * Validate the token online with help of
+ * the related Keycloak server. Resolve if
+ * the request succeeded and token is valid.
+ *
+ * @param {string} token The token to be validated
+ * @returns {Promise} The error-handled promise
+ */
 function validateOnline (token) {
   return axios.post(`${options.realmUrl}/protocol/openid-connect/token/introspect`, {
     token,
@@ -30,13 +65,17 @@ function validateOnline (token) {
  * @function
  * @public
  *
- * Validate a token with help of Keycloak.
+ * Validate a token either with the help of Keycloak
+ * or a related public key. Store the user data in
+ * cache if enabled.
  *
  * @param {string} token The token to be validated
  * @param {Function} reply The callback handler
  */
 function handleKeycloakValidation (tkn, reply) {
-  validateOnline(tkn.get()).then((res) => {
+  const validateFn = options.secret ? validateOnline : validateOffline
+
+  validateFn(tkn.get()).then(() => {
     const { expiresIn, credentials } = tkn.getData(options.userInfo)
     const userData = { credentials }
 
diff --git a/src/utils.js b/src/utils.js
@@ -10,12 +10,15 @@ const joi = require('joi')
 const scheme = joi.object({
   realmUrl: joi.string().uri().required(),
   clientId: joi.string().min(1).required(),
-  secret: joi.string().min(1).required(),
+  secret: joi.string().min(1),
   cache: joi.alternatives().try(joi.object({
     segment: joi.string().default('keycloakJwt')
   }), joi.boolean()).default(false),
   userInfo: joi.array().items(joi.string().min(1))
-}).required()
+})
+.xor('secret', 'publicKey')
+.without('secret', 'verifyOpts')
+.required()
 
 /**
  * @function
