feat(hono/jwk): Extended with allow_anon option & passing Context to callbacks

[Beyondo]

Adding two main useful features people have been asking for in the original PR + some slight changes.

New features:

• Allow anonymous requests by setting the new allow_anon option to true
  • feat(hono/jwk): JWK Auth Middleware #3826 (comment)
• Optional callback for the jwks_uri instead of only a hard-coded string
• Context is now included in all callbacks, so you can e.g pull information from c.env such as auth server
  • feat(hono/jwk): JWK Auth Middleware #3826 (comment)
• Callbacks now can be either async or sync

Example:

app.use(
  '/auth/*',
  jwk({
    jwks_uri: (c) => `https://${c.env.authServer}/.well-known/jwks.json`,
    allow_anon: true
  })
)

Note 1: This PR allows having a single endpoint for both authenticated and non-authenticated requests through allow_anon. The variable c.get("jwtPayload") can be used to differentiate authenticated requests from anonymous requests since hono requires requests to have exp and iat in the payload (in the verify stage) which means the payload would always be defined for authenticated requests and be reliably used as indicator.

Note 2: Setting allow_anon to true means requests without a token present (in either header/cookie) would be allowed to pass through the middleware successfully.

Tests: Added 3 extra tests + modified one test to cover jwks_uri being a function.

✓ src/middleware/jwk/index.test.ts (34)

This PR breaks no code at all except for Jwt.verifyFromJwks(...)—specifically removed callbacks support from it since they're redundant and can be called outside, and also since only the middleware can provide the Context variable to the callbacks.

[Beyondo]

Hmm, I don't think that Deno error is caused by my PR as I was so sure I pulled from the upstream, but I will attempt to fix it.

Edit: Turns out nope; I accidentally overridden the upstream change of that .buffer line de3db7d cause my editor kept an old downstream version when I saved and I of course didn't notice that as it was a small diff in the same file I was comitting 🤦 (all unit tests passing didn't help me notice either), but should be all good now for Deno and would be more careful next time!

[codecov]

Codecov Report

Attention: Patch coverage is 92.30769% with 1 line in your changes missing coverage. Please review.

Project coverage is 91.33%. Comparing base (a2ec848) to head (5a70d82).
Report is 52 commits behind head on next.

Files with missing lines	Patch %	Lines
src/utils/jwt/jwt.ts	83.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             next    #3961      +/-   ##
==========================================
+ Coverage   91.32%   91.33%   +0.01%     
==========================================
  Files         168      168              
  Lines       10688    10692       +4     
  Branches     3070     3059      -11     
==========================================
+ Hits         9761     9766       +5     
+ Misses        926      925       -1     
  Partials        1        1              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[flexchar]

Looks very promising, thank you a lot for your prompt contribution, wise person across the world! 👌

[yusukebe]

LGTM!

[yusukebe]

@Beyondo

Sorry for being late. It looks good! I'll merge this later into the next branch for the next minor version and release it. Thanks!