replace jsonwebtoken for jose (#510)

twurple · May 23, 2023 · ef9e075 · ef9e075
1 parent fb85471
commit ef9e075
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 21 deletions.
diff --git a/packages/ebs-helper/package.json b/packages/ebs-helper/package.json
@@ -36,7 +36,7 @@
     "@d-fischer/shared-utils": "^3.6.1",
     "@twurple/api-call": "7.0.0-pre.0",
     "@twurple/common": "7.0.0-pre.0",
-    "jsonwebtoken": "^8.5.1",
+    "jose": "^4.14.4",
     "tslib": "^2.0.3"
   },
   "files": [
@@ -47,8 +47,5 @@
     "es",
     "!es/**/*.d.ts",
     "!es/**/*.d.ts.map"
-  ],
-  "devDependencies": {
-    "@types/jsonwebtoken": "^8.5.8"
-  }
+  ]
 }
diff --git a/packages/ebs-helper/src/classes/HelixExtensionSecretList.ts b/packages/ebs-helper/src/classes/HelixExtensionSecretList.ts
@@ -1,5 +1,5 @@
 import { DataObject, rawDataSymbol } from '@twurple/common';
-import { JsonWebTokenError, verify } from 'jsonwebtoken';
+import { errors, jwtVerify, base64url, type JWTPayload } from 'jose';
 import { type HelixExtensionSecretListData } from './HelixExtensionSecretList.external';
 
 export class HelixExtensionSecretList extends DataObject<HelixExtensionSecretListData> {
@@ -24,12 +24,15 @@ export class HelixExtensionSecretList extends DataObject<HelixExtensionSecretLis
 			.map(secret => secret.content);
 	}
 
-	verifyJwt(token: string): unknown {
+	async verifyJwt(token: string): Promise<JWTPayload> {
 		for (const secret of this.currentSecrets) {
 			try {
-				return verify(token, Buffer.from(secret, 'base64'));
+				const { payload } = await jwtVerify(token, base64url.decode(secret), {
+					algorithms: ['HS256']
+				});
+				return payload;
 			} catch (e) {
-				if (e instanceof JsonWebTokenError && e.message === 'invalid signature') {
+				if (e instanceof errors.JWSSignatureVerificationFailed) {
 					continue;
 				}
 				throw e;

diff --git a/packages/ebs-helper/src/helpers.ts b/packages/ebs-helper/src/helpers.ts
@@ -50,7 +50,7 @@ export interface EbsCallConfig extends BaseExternalJwtConfig {
  * @expandParams
  */
 export async function getExtension(config: EbsCallConfig, version?: string): Promise<HelixExtension | null> {
-	const jwt = createExternalJwt(config);
+	const jwt = await createExternalJwt(config);
 
 	const result = await callTwitchApi<HelixResponse<HelixExtensionData>>(
 		{
@@ -72,7 +72,7 @@ export async function getExtension(config: EbsCallConfig, version?: string): Pro
  * @expandParams
  */
 export async function getExtensionSecrets(config: EbsCallConfig): Promise<HelixExtensionSecretList> {
-	const jwt = createExternalJwt(config);
+	const jwt = await createExternalJwt(config);
 
 	const result = await callTwitchApi<HelixResponse<HelixExtensionSecretListData>>(
 		{
@@ -95,7 +95,7 @@ export async function getExtensionSecrets(config: EbsCallConfig): Promise<HelixE
  * @expandParams
  */
 export async function createExtensionSecret(config: EbsCallConfig, delay?: number): Promise<HelixExtensionSecretList> {
-	const jwt = createExternalJwt(config);
+	const jwt = await createExternalJwt(config);
 
 	const result = await callTwitchApi<HelixResponse<HelixExtensionSecretListData>>(
 		{
@@ -126,7 +126,7 @@ export async function setExtensionRequiredConfiguration(
 	version: string,
 	configVersion: string
 ): Promise<void> {
-	const jwt = createExternalJwt(config);
+	const jwt = await createExternalJwt(config);
 
 	await callTwitchApi(
 		{
@@ -145,7 +145,7 @@ async function getAnyConfigurationSegment(
 	segment: HelixExtensionConfigurationSegmentName,
 	broadcaster?: UserIdResolvable
 ): Promise<HelixExtensionConfigurationSegment | null> {
-	const jwt = createExternalJwt(config);
+	const jwt = await createExternalJwt(config);
 
 	const result = await callTwitchApi<HelixResponse<HelixExtensionConfigurationSegmentData>>(
 		{
@@ -210,7 +210,7 @@ async function setAnyConfigurationSegment(
 	content?: string,
 	version?: string
 ): Promise<void> {
-	const jwt = createExternalJwt(config);
+	const jwt = await createExternalJwt(config);
 
 	await callTwitchApi<HelixResponse<HelixExtensionConfigurationSegmentData>>(
 		{
@@ -294,7 +294,7 @@ export async function sendExtensionChatMessage(
 	extensionVersion: string,
 	text: string
 ): Promise<void> {
-	const jwt = createExternalJwt({ ...config, additionalData: createChatMessageJwtData(broadcaster) });
+	const jwt = await createExternalJwt({ ...config, additionalData: createChatMessageJwtData(broadcaster) });
 
 	await callTwitchApi(
 		{
@@ -315,7 +315,7 @@ async function sendAnyExtensionPubSubMessage(
 	message: string,
 	broadcaster: UserIdResolvable
 ): Promise<void> {
-	const jwt = createExternalJwt({
+	const jwt = await createExternalJwt({
 		...config,
 		additionalData: createPubSubMessageJwtData(broadcaster, targets)
 	});
@@ -340,7 +340,7 @@ async function sendAnyExtensionPubSubMessage(
  * @expandParams
  */
 export async function sendExtensionPubSubGlobalMessage(config: EbsCallConfig, message: string): Promise<void> {
-	const jwt = createExternalJwt({
+	const jwt = await createExternalJwt({
 		...config,
 		additionalData: createPubSubGlobalMessageJwtData()
 	});

diff --git a/packages/ebs-helper/src/jwt.ts b/packages/ebs-helper/src/jwt.ts
@@ -1,4 +1,4 @@
-import { sign } from 'jsonwebtoken';
+import { SignJWT, base64url } from 'jose';
 import { createExternalJwtData } from './jwt.external';
 
 /** @private */
@@ -37,9 +37,12 @@ export interface ExternalJwtConfig extends BaseExternalJwtConfig {
  *
  * @expandParams
  */
-export function createExternalJwt(config: ExternalJwtConfig): string {
+export async function createExternalJwt(config: ExternalJwtConfig): Promise<string> {
 	const ttl = config.ttl ?? 60;
 	const dataToSign = createExternalJwtData(config, ttl);
+	const jwt = await new SignJWT(dataToSign)
+		.setProtectedHeader({ alg: 'HS256' })
+		.sign(base64url.decode(config.secret));
 
-	return sign(dataToSign, Buffer.from(config.secret, 'base64'), { algorithm: 'HS256' });
+	return jwt;
 }