Add options for jwks-rsa to enable cache and rate limiting

.travis.yml

@@ -1,7 +1,7 @@
 language: node_js
 node_js:
+  - '10'
   - '8'
-  - '7'
   - '6'
 before_install:
   - npm install -g yarn@1.3.2

index.js

@@ -4,7 +4,8 @@ const jwks     = require('jwks-rsa')
 const jwt      = require('jsonwebtoken')
 
 const {
-  applyTo: thrush, composeP, curryN, dissoc, partialRight, prop, replace
+  applyTo: thrush, compose, composeP, curryN, omit, merge,
+  partialRight, prop, replace
 } = require('ramda')
 
 const { promisify, rename, tapP } = require('@articulate/funky')
@@ -14,11 +15,11 @@ const wellKnown = '/.well-known/openid-configuration'
 const bindFunction = client =>
   promisify(client.getSigningKey, client)
 
-const buildClient = url =>
+const buildClient = (jwksOpts, url) =>
   gimme({ url })
     .then(prop('body'))
     .then(rename('jwks_uri', 'jwksUri'))
-    .then(jwks)
+    .then(compose(jwks, merge(jwksOpts)))
     .then(bindFunction)
 
 const chooseKey = key =>
@@ -29,15 +30,19 @@ const decode = partialRight(jwt.decode, [{ complete: true }])
 const enforce = token =>
   token || Promise.reject(Boom.unauthorized('null token not allowed'))
 
-const stripBearer = 
+const stripBearer =
   replace(/^Bearer /i, '')
 
 const unauthorized = err =>
-  Promise.reject(Boom.wrap(err, 401))
+  Promise.reject(Boom.unauthorized(err))
 
-const factory = opts => {
+const jwksOptsDefaults = { jwks: { cache: true, rateLimit: true } }
+
+const factory = options => {
   const clients    = {}
-  const verifyOpts = dissoc('issWhitelist', opts)
+  const opts = merge(options, jwksOptsDefaults)
+  const verifyOpts = omit([ 'issWhitelist', 'jwks' ], opts)
+  const jwksOpts   = prop('jwks', opts)
 
   const cacheClient = iss => client =>
     clients[iss] = client
@@ -49,7 +54,7 @@ const factory = opts => {
   const getSigningKey = ({ header: { kid }, payload: { iss } }) =>
     clients[iss]
       ? clients[iss](kid)
-      : buildClient(iss.replace(/\/$/, '') + wellKnown)
+      : buildClient(jwksOpts, iss.replace(/\/$/, '') + wellKnown)
         .then(cacheClient(iss))
         .then(thrush(kid))
 

package.json

@@ -25,18 +25,18 @@
   "dependencies": {
     "@articulate/funky": "^1.2.0",
     "@articulate/gimme": "^1.0.0",
-    "boom": "5.2.0",
+    "boom": "7.3.x",
     "jsonwebtoken": "^8.1.1",
     "jwks-rsa": "^1.2.1",
     "ramda": "^0.25.0"
   },
   "devDependencies": {
     "chai": "^4.1.2",
     "coveralls": "^3.0.0",
-    "eslint": "^4.16.0",
+    "eslint": "5.13.x",
     "mocha": "^5.0.0",
-    "nock": "^9.1.6",
-    "nyc": "^11.4.1",
+    "nock": "10.x.x",
+    "nyc": "13.x.x",
     "prop-factory": "^1.0.0"
   }
 }

test/index.js

@@ -62,7 +62,7 @@ describe('authentic', () => {
       expect(res().sub).to.equal('00udjyjssbt2S1QVr0h7')
     )
   })
-  
+
   describe('with a valid jwt that starts with bearer', () => {
     beforeEach(() =>
       authentic(lowerBearerToken).then(res)