92 lines
3.6 KiB
JavaScript
92 lines
3.6 KiB
JavaScript
"use strict";
|
|
// Copyright (c) Microsoft Corporation.
|
|
// Licensed under the MIT license.
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.TunnelPlanTokenProperties = void 0;
|
|
/**
|
|
* Supports parsing tunnel access token JWT properties to allow for some pre-validation
|
|
* and diagnostics.
|
|
*
|
|
* Applications generally should not attempt to interpret or rely on any token properties
|
|
* other than `expiration`, because the service may change or omit those claims in the future.
|
|
* Other claims are exposed here only for diagnostic purposes.
|
|
*/
|
|
class TunnelPlanTokenProperties {
|
|
constructor(clusterId, issuer, expiration, userEmail, tunnelPlanId, subscriptionId, scopes) {
|
|
this.clusterId = clusterId;
|
|
this.issuer = issuer;
|
|
this.expiration = expiration;
|
|
this.userEmail = userEmail;
|
|
this.tunnelPlanId = tunnelPlanId;
|
|
this.subscriptionId = subscriptionId;
|
|
this.scopes = scopes;
|
|
}
|
|
/**
|
|
* Checks if the tunnel access token expiration claim is in the past.
|
|
*
|
|
* (Does not throw if the token is an invalid format.)
|
|
*/
|
|
static validateTokenExpiration(token) {
|
|
const t = TunnelPlanTokenProperties.tryParse(token);
|
|
if (t === null || t === void 0 ? void 0 : t.expiration) {
|
|
if (t.expiration < new Date()) {
|
|
throw new Error('The access token is expired: ' + t);
|
|
}
|
|
}
|
|
}
|
|
/**
|
|
* Attempts to parse a tunnel access token (JWT). This does NOT validate the token
|
|
* signature or any claims.
|
|
*/
|
|
static tryParse(token) {
|
|
if (typeof token !== 'string')
|
|
throw new TypeError('Token string expected.');
|
|
// JWTs are encoded in 3 parts: header, body, and signature.
|
|
const tokenParts = token.split('.');
|
|
if (tokenParts.length !== 3) {
|
|
return null;
|
|
}
|
|
const tokenBodyJson = TunnelPlanTokenProperties.base64UrlDecode(tokenParts[1]);
|
|
if (!tokenBodyJson) {
|
|
return null;
|
|
}
|
|
try {
|
|
const tokenJson = JSON.parse(tokenBodyJson);
|
|
const clusterId = tokenJson.clusterId;
|
|
const subscriptionId = tokenJson.subscriptionId;
|
|
const tunnelPlanId = tokenJson.tunnelPlanId;
|
|
const userEmail = tokenJson.userEmail;
|
|
const scp = tokenJson.scp;
|
|
const iss = tokenJson.iss;
|
|
const exp = tokenJson.exp;
|
|
return new TunnelPlanTokenProperties(clusterId, iss, typeof exp === 'number' ? new Date(exp * 1000) : undefined, userEmail, tunnelPlanId, subscriptionId, scp === null || scp === void 0 ? void 0 : scp.split(' '));
|
|
}
|
|
catch (_a) {
|
|
return null;
|
|
}
|
|
}
|
|
/**
|
|
* Gets the tunnal access token trace string.
|
|
* 'none' if null or undefined, parsed token info if can be parsed, or 'token' if cannot be parsed.
|
|
*/
|
|
static getTokenTrace(token) {
|
|
var _a, _b;
|
|
return !token ? 'none' : (_b = (_a = TunnelPlanTokenProperties.tryParse(token)) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : 'token';
|
|
}
|
|
static base64UrlDecode(encodedString) {
|
|
// Convert from base64url encoding to base64 encoding: replace chars and add padding.
|
|
encodedString = encodedString.replace('-', '+');
|
|
while (encodedString.length % 4 !== 0) {
|
|
encodedString += '=';
|
|
}
|
|
try {
|
|
const result = atob(encodedString);
|
|
return result;
|
|
}
|
|
catch (_a) {
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
exports.TunnelPlanTokenProperties = TunnelPlanTokenProperties;
|
|
//# sourceMappingURL=tunnelPlanTokenProperties.js.map
|