Merge pull request #1337 from nestjs/11.0.0

chore: laying the grounds for 11.0.0
nestjs · Jun 15, 2023 · a0466b6 · a0466b6
2 parents 0ee6f4a + 408b1cf
commit a0466b6
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 13 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,26 +3,26 @@ version: 2
 aliases:
   - &restore-cache
     restore_cache:
-        key: dependency-cache-{{ checksum "package.json" }}
+      key: dependency-cache-{{ checksum "package.json" }}
   - &install-deps
     run:
-        name: Install dependencies
-        command: npm ci
+      name: Install dependencies
+      command: npm ci
   - &build-packages
     run:
-        name: Build
-        command: npm run build
+      name: Build
+      command: npm run build
 
 jobs:
   build:
     working_directory: ~/nest
     docker:
-      - image: cimg/node:17.9
+      - image: cimg/node:20.2
     steps:
       - checkout
       - run:
-          name: Use NPM v8
-          command: npm install -g npm@^8
+          name: Update NPM version
+          command: sudo npm install -g npm@latest
       - restore_cache:
           key: dependency-cache-{{ checksum "package.json" }}
       - run:
@@ -34,11 +34,11 @@ jobs:
             - ./node_modules
       - run:
           name: Build
-          command: npm run build    
+          command: npm run build
   test:
     working_directory: ~/nest
     docker:
-      - image: cimg/node:17.9
+      - image: cimg/node:20.2
     steps:
       - checkout
       - *restore-cache
@@ -55,4 +55,3 @@ workflows:
       - test:
           requires:
             - build
-
diff --git a/lib/jwt.service.spec.ts b/lib/jwt.service.spec.ts
@@ -303,4 +303,79 @@ describe('JWT Service', () => {
       ).resolves.toBe(`verified_${testPayload}_by_customPublicKey`);
     });
   });
+
+  describe('should not use invalid sign options', () => {
+    let jwtService: JwtService;
+    let testPayloadStr: string = getRandomString();
+
+    beforeAll(async () => {
+      jwtService = await setup({ secretOrKeyProvider: undefined });
+    });
+
+    it('should not "sign" expect errors with a "payload" string and "secret"', () => {
+      // @ts-expect-no-error
+      expect(() => jwtService.sign(testPayloadStr, { secret: 'secret' }));
+    });
+
+    it('should not "signAsync" expect errors with a "payload" string and "privateKey"', () => {
+      // @ts-expect-no-error
+      expect(() =>
+        jwtService.signAsync(testPayloadStr, { privateKey: 'privateKey' })
+      );
+    });
+  });
+
+  describe('should use invalid sign options', () => {
+    const signOptions: jwt.SignOptions = {
+      expiresIn: '1d'
+    };
+
+    let jwtService: JwtService;
+    let testPayloadStr: string = getRandomString();
+    let testPayloadObj: object = {};
+
+    beforeAll(async () => {
+      jwtService = await setup({ signOptions, secretOrKeyProvider: undefined });
+    });
+
+    it('should "sign" expect errors with a "payload" string with "expiresIn"', () => {
+      expect(() =>
+        // @ts-expect-error
+        jwtService.sign(testPayloadStr, { expiresIn: 60 })
+      ).toThrowError(
+        'Payload as string is not allowed with the following sign options: expiresIn'
+      );
+    });
+
+    it('should "signAsync" expect errors with a "payload" string with "notBefore"', () => {
+      expect(() =>
+        // @ts-expect-error
+        jwtService.signAsync(testPayloadStr, { notBefore: 60 })
+      ).toThrowError(
+        'Payload as string is not allowed with the following sign options: expiresIn, notBefore'
+      );
+    });
+
+    it('should not "sign" expect errors with a "payload" object with "notBefore" ', () => {
+      // @ts-expect-no-error
+      expect(() => jwtService.sign(testPayloadObj, { notBefore: 60 }));
+    });
+
+    it('should not "signAsync" expect errors with a "payload" object with "notBefore" ', () => {
+      // @ts-expect-no-error
+      expect(() => jwtService.signAsync(testPayloadObj, { notBefore: 60 }));
+    });
+
+    it('should "sign" expect errors using "payload" string with already defined invalid sign options', () => {
+      expect(() => jwtService.sign(testPayloadStr)).toThrowError(
+        'Payload as string is not allowed with the following sign options: expiresIn'
+      );
+    });
+
+    it('should "signAsync" expect errors using "payload" string with already defined invalid sign options', () => {
+      expect(() => jwtService.signAsync(testPayloadStr)).toThrowError(
+        'Payload as string is not allowed with the following sign options: expiresIn'
+      );
+    });
+  });
 });
diff --git a/lib/jwt.service.ts b/lib/jwt.service.ts
@@ -18,6 +18,11 @@ export class JwtService {
     private readonly options: JwtModuleOptions = {}
   ) {}
 
+  sign(
+    payload: string,
+    options?: Omit<JwtSignOptions, keyof jwt.SignOptions>
+  ): string;
+  sign(payload: Buffer | object, options?: JwtSignOptions): string;
   sign(payload: string | Buffer | object, options?: JwtSignOptions): string {
     const signOptions = this.mergeJwtOptions(
       { ...options },
@@ -30,9 +35,29 @@ export class JwtService {
       JwtSecretRequestType.SIGN
     );
 
+    const allowedSignOptKeys = ['secret', 'privateKey'];
+    const signOptKeys = Object.keys(signOptions);
+    if (
+      typeof payload === 'string' &&
+      signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
+    ) {
+      throw new Error(
+        'Payload as string is not allowed with the following sign options: ' +
+          signOptKeys.join(', ')
+      );
+    }
+
     return jwt.sign(payload, secret, signOptions);
   }
 
+  signAsync(
+    payload: string,
+    options?: Omit<JwtSignOptions, keyof jwt.SignOptions>
+  ): Promise<string>;
+  signAsync(
+    payload: Buffer | object,
+    options?: JwtSignOptions
+  ): Promise<string>;
   signAsync(
     payload: string | Buffer | object,
     options?: JwtSignOptions
@@ -48,6 +73,18 @@ export class JwtService {
       JwtSecretRequestType.SIGN
     );
 
+    const allowedSignOptKeys = ['secret', 'privateKey'];
+    const signOptKeys = Object.keys(signOptions);
+    if (
+      typeof payload === 'string' &&
+      signOptKeys.some((k) => !allowedSignOptKeys.includes(k))
+    ) {
+      throw new Error(
+        'Payload as string is not allowed with the following sign options: ' +
+          signOptKeys.join(', ')
+      );
+    }
+
     return new Promise((resolve, reject) =>
       jwt.sign(payload, secret, signOptions, (err, encoded) =>
         err ? reject(err) : resolve(encoded)

diff --git a/package.json b/package.json
@@ -19,7 +19,7 @@
     "prepare": "husky install"
   },
   "peerDependencies": {
-    "@nestjs/common": "^8.0.0 || ^9.0.0"
+    "@nestjs/common": "^8.0.0 || ^9.0.0 || ^10.0.0"
   },
   "devDependencies": {
     "@commitlint/cli": "17.6.5",

diff --git a/tsconfig.json b/tsconfig.json
@@ -7,7 +7,7 @@
     "noLib": false,
     "emitDecoratorMetadata": true,
     "experimentalDecorators": true,
-    "target": "es6",
+    "target": "ES2021",
     "sourceMap": false,
     "outDir": "./dist",
     "rootDir": "./lib",