chore(release): v1.1.1

close #21

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## [1.1.1](https://github.com/Thream/socketio-jwt/compare/v1.1.0...v1.1.1) (2021-01-28)
+
+### Bug Fixes
+
+- **types:** decodedToken in secret callback ([c1a9213](https://github.com/Thream/socketio-jwt/commit/c1a9213a527e4c6188328221372e1f40191a790e)), closes [#21](https://github.com/Thream/socketio-jwt/issues/21)
+
+### Documentation
+
+- update server side usage with `jwks-rsa` : get the secret with `key.getPublicKey()` instead of `key.rsaPublicKey`
+
 ## [1.1.0](https://github.com/Thream/socketio-jwt/compare/v1.0.1...v1.1.0) (2021-01-07)
 
 ### Features

README.md

@@ -75,7 +75,7 @@ io.use(
   authorize({
     secret: async (decodedToken) => {
       const key = await client.getSigningKeyAsync(decodedToken.header.kid)
-      return key.rsaPublicKey
+      return key.getPublicKey()
     }
   })
 )

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thream/socketio-jwt",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Authenticate socket.io incoming connections with JWTs.",
   "license": "MIT",
   "main": "build/index.js",
@@ -89,21 +89,21 @@
     "@commitlint/cli": "11.0.0",
     "@commitlint/config-conventional": "11.0.0",
     "@release-it/conventional-changelog": "2.0.0",
-    "@types/express": "4.17.9",
+    "@types/express": "4.17.11",
     "@types/jest": "26.0.20",
     "@types/jsonwebtoken": "8.5.0",
-    "@types/node": "14.14.20",
+    "@types/node": "14.14.22",
     "@types/server-destroy": "1.0.1",
     "axios": "0.21.1",
     "express": "4.17.1",
-    "husky": "4.3.7",
+    "husky": "4.3.8",
     "jest": "26.6.3",
     "release-it": "14.2.2",
     "rimraf": "3.0.2",
     "server-destroy": "1.0.1",
     "snazzy": "9.0.0",
-    "socket.io": "3.0.5",
+    "socket.io": "3.1.0",
-    "socket.io-client": "3.0.5",
+    "socket.io-client": "3.1.0",
     "ts-jest": "26.4.4",
     "ts-standard": "10.0.0",
     "typescript": "4.1.3"

src/__test__/fixture/index.ts

@@ -31,7 +31,7 @@ export const fixtureStart = async (
   if (typeof options.secret === 'string') {
     keySecret = options.secret
   } else {
-    keySecret = await options.secret(() => {})
+    keySecret = await options.secret({ header: { alg: 'RS256' }, payload: '' })
   }
   app.post('/login', (_req, res) => {
     const profile = {

src/authorize.ts

@@ -21,7 +21,15 @@ type SocketIOMiddleware = (
   next: (err?: ExtendedError) => void
 ) => void
 
-type SecretCallback = (decodedToken: null | { [key: string]: any } | string) => Promise<string>
+interface CompleteDecodedToken {
+  header: {
+    alg: Algorithm
+    [key: string]: any
+  }
+  payload: any
+}
+
+type SecretCallback = (decodedToken: CompleteDecodedToken) => Promise<string>
 
 export interface AuthorizeOptions {
   secret: string | SecretCallback
@@ -58,8 +66,8 @@ export const authorize = (options: AuthorizeOptions): SocketIOMiddleware => {
     if (typeof secret === 'string') {
       keySecret = secret
     } else {
-      decodedToken = jwt.decode(encodedToken, { complete: true })
+      const completeDecodedToken = jwt.decode(encodedToken, { complete: true })
-      keySecret = await secret(decodedToken)
+      keySecret = await secret(completeDecodedToken as CompleteDecodedToken)
     }
     try {
       decodedToken = jwt.verify(encodedToken, keySecret, { algorithms })