Slim Down

.travis.yml

@@ -1,8 +1,8 @@
 language: node_js
 node_js:
+  - '12'
   - '10'
   - '8'
-  - '6'
 before_install:
   - npm install -g yarn@1.3.2
 install:

index.js

@@ -1,64 +1,68 @@
-const Boom     = require('boom')
-const gimme    = require('@articulate/gimme')
-const jwks     = require('jwks-rsa')
-const jwt      = require('jsonwebtoken')
+const axios                 = require('axios')
+const Boom                  = require('boom')
+const jwks                  = require('jwks-rsa')
+const jwt                   = require('jsonwebtoken')
+const pick                  = require('lodash.pick')
+const { promisify }         = require('util')
 const { IssWhitelistError } = require('./lib/errors')
-
-const {
-  applyTo: thrush, compose, composeP, curryN, is, isNil, ifElse,
-  merge, mergeDeepRight, partialRight, pick, prop, replace, when
-} = require('ramda')
-
-const { promisify, reject, rename, tapP } = require('@articulate/funky')
+const { rename, tapP }      = require('./lib/helpers')
 
 const wellKnown = '/.well-known/openid-configuration'
 
 const bindFunction = client =>
-  promisify(client.getSigningKey, client)
+  promisify(client.getSigningKey.bind(client))
 
 const buildClient = (jwksOpts, url) =>
-  gimme({ url })
-    .then(prop('body'))
+  axios.get(url)
+    .then(res => res.data)
     .then(rename('jwks_uri', 'jwksUri'))
-    .then(compose(jwks, merge(jwksOpts)))
+    .then(obj => jwks(Object.assign({}, jwksOpts, obj)))
     .then(bindFunction)
 
 const chooseKey = key =>
   key.publicKey || key.rsaPublicKey
 
-const decode = partialRight(jwt.decode, [{ complete: true }])
+const decode = token =>
+  jwt.decode(token, { complete: true })
 
 const enforce = token =>
   token || unauthorized('null token not allowed')
 
 const forbidden = err =>
-  reject(Boom.forbidden(err))
+  Promise.reject(Boom.forbidden(err))
 
-const stripBearer =
-  replace(/^Bearer /i, '')
+const stripBearer = str =>
+  str.replace(/^Bearer /i, '')
 
-const throwIfNull =
-  when(isNil, () => reject('invalid token'))
+const throwIfNull = val =>
+  val == null ? Promise.reject('invalid token') : val
 
 const unauthorized = err =>
-  reject(Boom.unauthorized(err))
+  Promise.reject(Boom.unauthorized(err))
+
+const deny = val =>
+  (val instanceof IssWhitelistError) ? forbidden(val) : unauthorized(val)
 
-const deny =
-  ifElse(is(IssWhitelistError), forbidden, unauthorized)
+const verifyP =
+  promisify(jwt.verify)
 
 const jwksOptsDefaults = { jwks: { cache: true, rateLimit: true } }
 
 const factory = options => {
   const clients = {}
-  const opts = mergeDeepRight(jwksOptsDefaults, options)
+
+  const opts = Object.assign({}, jwksOptsDefaults, options, {
+    jwks: Object.assign({}, jwksOptsDefaults.jwks, options.jwks)
+  })
+
   const {
     verify: verifyOpts = {},
     jwks: jwksOpts
   } = opts
 
   const throwWithData = data => err => {
     if (Array.isArray(opts.claimsInError)) {
-      err.data = pick(opts.claimsInError, data.payload)
+      err.data = pick(data.payload, opts.claimsInError)
     }
 
     throw err
@@ -69,16 +73,17 @@ const factory = options => {
 
   const checkIss = token =>
     opts.issWhitelist.indexOf(token.payload.iss) > -1 ||
-    reject(new IssWhitelistError(`iss '${token.payload.iss}' not in issWhitelist`))
+    Promise.reject(new IssWhitelistError(`iss '${token.payload.iss}' not in issWhitelist`))
 
   const getSigningKey = ({ header: { kid }, payload: { iss } }) =>
     clients[iss]
       ? clients[iss](kid)
       : buildClient(jwksOpts, iss.replace(/\/$/, '') + wellKnown)
         .then(cacheClient(iss))
-        .then(thrush(kid))
+        .then(fn => fn(kid))
 
-  const jwtVerify = curryN(2, partialRight(promisify(jwt.verify), [ verifyOpts ]))
+  const jwtVerify = token => key =>
+    verifyP(token, key, verifyOpts)
 
   const verify = token => decoded =>
     getSigningKey(decoded)
@@ -94,7 +99,11 @@ const factory = options => {
       .then(verify(token))
       .catch(deny)
 
-  return composeP(authentic, stripBearer, tapP(enforce))
+  return token =>
+    Promise.resolve(token)
+      .then(tapP(enforce))
+      .then(stripBearer)
+      .then(authentic)
 }
 
 module.exports = factory

lib/helpers.js

@@ -0,0 +1,11 @@
+exports.rename = (prevKey, nextKey) => obj => {
+  const next = {}
+  for (const key in obj) {
+    if (key === prevKey) next[nextKey] = obj[prevKey]
+    else next[key] === obj[key]
+  }
+  return next
+}
+
+exports.tapP = fn => val =>
+  Promise.resolve(val).then(fn).then(() => val)

package.json

@@ -24,12 +24,11 @@
     "test:coverage": "nyc yarn test"
   },
   "dependencies": {
-    "@articulate/funky": "^1.2.0",
-    "@articulate/gimme": "^1.0.0",
+    "axios": "^0.20.0",
     "boom": "7.3.x",
     "jsonwebtoken": "^8.1.1",
-    "jwks-rsa": "^1.2.1",
-    "ramda": "^0.25.0"
+    "jwks-rsa": "^1.9.0",
+    "lodash.pick": "^4.4.0"
   },
   "devDependencies": {
     "chai": "^4.1.2",