JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1019
  • Score
    100M100P100Q116639F
  • License MIT

A middy JSON web token authorization middleware inspired by express-jwt.

Package Exports

  • middy-middleware-jwt-auth

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (middy-middleware-jwt-auth) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

middy-middleware-jwt-auth

npm version downloads open issues FOSSA Status debug build status codecov dependency status devDependency status Greenkeeper semantic release Gitter

A middy JSON web token authorization middleware inspired by express-jwt.

Installation

Download node at nodejs.org and install it, if you haven't already.

npm install middy-middleware-jwt-auth --save

Documentation

There is additional documentation.

Usage

import middy from 'middy'
import JWTAuthMiddleware, { EncryptionAlgorithms, IAuthorizedEvent } from 'middy-middleware-jwt-auth'
import { httpErrorHandler, httpHeaderNormalizer } from 'middy/middlewares'
import createHttpError from 'http-errors'

interface ITokenPayload {
  permissions: string[]
}

function isTokenPayload (token: any): token is ITokenPayload {
  return token != null &&
    Array.isArray(token.permissions) &&
    token.permissions.every((permission: any) => typeof permission === 'string')
}

// This is your AWS handler
const helloWorld = async (event: IAuthorizedEvent) => {
  // The middleware adds auth information if a valid token was added
  // If no auth was found, event.auth will remain undefined. You have to check
  // that it exists and that it has the expected form.
  if (!isTokenPayload(event.auth)) {
    throw createHttpError(401, 'No valid bearer token was set in the authorization header', {
      type: 'AuthenticationRequired'
    })
  }
  const auth: ITokenPayload = event.auth

  // Check for authorization
  if (auth.permissions.indexOf('helloWorld') === -1) {
    throw createHttpError(403, `User not authorized for helloWorld, only found permissions [${auth.permissions.join(', ')}]`, {
      type: 'NotAuthorized'
    })
  }

  return {
    body: JSON.stringify({ data: 'Hello world!' }),
    statusCode: 200
  }
}

// Let's "middyfy" our handler, then we will be able to attach middlewares to it
export const handler = middy(helloWorld)
  .use(httpHeaderNormalizer()) // Make sure authorization header is saved in lower case
  .use(httpErrorHandler()) // This middleware is needed do handle the errors thrown by the JWTAuthMiddleware
  .use(JWTAuthMiddleware({
    /** Algorithm to verify JSON web token signature */
    algorithm: EncryptionAlgorithms.HS256,
    /** A string or buffer containing either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA */
    secretOrPublicKey: 'secret'
  }))