Improve Types for Token's Content and make it available (#18)

neferin12 · web-flow · commit a7874e21a79b · 2023-08-09T22:59:36.000+02:00
* add TokenContent type and make token and content public
diff --git a/libs/Token.ts b/libs/Token.ts
@@ -1,28 +1,85 @@
 import { decode } from 'jsonwebtoken'
 
+export interface ITokenContent {
+    [key: string]: any,
+
+    /**
+     * Authorization server’s identifier
+     */
+    iss: string,
+
+    /**
+     * User’s identifier
+     */
+    sub: string,
+
+    /**
+     * Client’s identifier
+     */
+    aud: string | string[],
+
+    /**
+     * Expiration time of the ID token
+     */
+    exp: number,
+
+    /**
+     * Time at which JWT was issued
+     */
+    iat: number,
+
+    family_name?: string,
+    given_name?: string,
+    name?: string,
+    email?: string,
+    preferred_username?: string,
+    email_verified?: boolean,
+
+
+}
+
 export class Token {
-  private readonly token: string
-  private readonly content: any
-
-  constructor (token: string) {
-    this.token = token
-    this.content = decode(this.token)
-  }
-
-  isExpired (): boolean {
-    return (this.content.exp * 1000) <= Date.now()
-  }
-
-  hasApplicationRole (appName: string, roleName: string): boolean {
-    const appRoles = this.content.resource_access[appName]
-    if (appRoles == null) {
-      return false
+    public readonly token: string
+    public readonly content: ITokenContent
+
+    constructor(token: string) {
+        this.token = token
+        const jwtPayload = decode(this.token, {json: true});
+        if (
+            jwtPayload !== null &&
+            jwtPayload.iss !== undefined &&
+            jwtPayload.sub !== undefined &&
+            jwtPayload.aud !== undefined &&
+            jwtPayload.exp !== undefined &&
+            jwtPayload.iat !== undefined
+        ) {
+            this.content = {
+                ...jwtPayload,
+                iss: jwtPayload.iss,
+                sub: jwtPayload.sub,
+                aud: jwtPayload.aud,
+                exp: jwtPayload.exp,
+                iat: jwtPayload.iat,
+            }
+        } else {
+            throw new Error('Invalid token');
+        }
+    }
+
+    isExpired(): boolean {
+        return (this.content.exp * 1000) <= Date.now()
     }
 
-    return (appRoles.roles.indexOf(roleName) >= 0)
-  }
+    hasApplicationRole(appName: string, roleName: string): boolean {
+        const appRoles = this.content.resource_access[appName]
+        if (appRoles == null) {
+            return false
+        }
+
+        return (appRoles.roles.indexOf(roleName) >= 0)
+    }
 
-  hasRealmRole (roleName: string): boolean {
-    return (this.content.realm_access.roles.indexOf(roleName) >= 0)
-  }
+    hasRealmRole(roleName: string): boolean {
+        return (this.content.realm_access.roles.indexOf(roleName) >= 0)
+    }
 }
