Implement JWT

test/jwt.test.ts

@@ -0,0 +1,117 @@
+import {beforeAll, describe, expect, setSystemTime, test} from 'bun:test'
+import {JWTcontext} from '../src/jwt'
+
+
+let c!: JWTcontext;
+
+beforeAll(async () => {
+    c = await JWTcontext.new_random()
+})
+
+test('Base case', async () => {
+    let payload = {
+        yeet: "yaat",
+        lol: "yes"
+    }
+
+    const jwt = await c.sign(payload, true, "2 days", "pascal", "server")
+    const verified = await c.verify(jwt, "pascal", "server")
+    expect(verified).toEqual(payload)
+})
+
+describe("Audience verification", () => {
+    const cases : [string|string[]|undefined, string|string[]|undefined, boolean][] = [
+        // undefined at verify means we don't enforce that field
+        [undefined, undefined, true],
+        ["value", undefined, true],
+        [["value", "other"], undefined, true],
+
+        [undefined, "value", false],
+        [undefined, ["value", "other"], false],
+
+        ["value", "value", true],
+        ["value", ["value", "other"], true],
+        ["value", "yeet", false],
+        ["value", ["yeet", "other"], false],
+
+        [["value", "other"], "value", true],
+        [["value", "other"], ["value", "yeet"], true],
+        [["value", "other"], ["value", "other"], true],
+        [["yeet", "other"], "value", false],
+        [["value", "other"], ["yeet", "yaat"], false],
+    ]
+
+    for (const [at_sign, at_verify, result] of cases) {
+        test(`${at_sign} and ${at_verify} ${result ? 'should' : "shouldn't"} work`, async () => {
+            const message = "Yeet"
+
+            const jwt = await c.sign(message, false, undefined, at_sign)
+            const res = await c.verify<string>(jwt, at_verify)
+            if (result) {
+                expect(res).toBe(message)
+            } else {
+                expect(res).toBeNull()
+            }
+        })
+    }
+})
+describe("Issuer verification", () => {
+    const cases: [string|undefined, string|string[]|undefined, boolean][] = [
+        // undefined at verify means don't enforce the field
+        [undefined, undefined, true],
+        ["value", undefined, true],
+
+        [undefined, "value", false],
+        [undefined, ["value", "other"], false],
+
+        ["value", "value", true],
+        ["value", ["value", "other"], true],
+        ["value", "yeet", false],
+        ["value", ["yeet", "other"], false],
+    ]
+
+    for (const [at_sign, at_verify, result] of cases) {
+        test(`${at_sign} and ${at_verify} ${result ? 'should' : "shouldn't"} work`, async () => {
+            const message = "Yaat"
+
+            const jwt = await c.sign(message, false, undefined, undefined, at_sign)
+            const res = await c.verify<string>(jwt, undefined, at_verify)
+            if (result) {
+                expect(res).toBe(message)
+            } else {
+                expect(res).toBeNull()
+            }
+        })
+    }
+})
+test("Expired JWT is rejected", async () => {
+    const message = "yeet"
+
+    const jwt = await c.sign(message, false, "5min")
+
+    const today = new Date()
+    today.setDate(today.getDate() + 1)
+    setSystemTime(today)
+
+    const res = await c.verify<string>(jwt)
+    expect(res).toBeNull()
+})
+test("Wrong key won't decrypt", async () => {
+    const c2 = await JWTcontext.new_random()
+
+    const message = "yeet"
+    const jwt = await c.sign(message)
+    const res = await c2.verify<string>(jwt)
+
+    expect(res).toBeNull()
+})
+test("tampered JWT are rejected", async () => {
+    const message = "yeet"
+    let jwt = await c.sign(message)
+
+    if (jwt[0] === "a") jwt = "b" + jwt.substring(1)
+    else jwt = "a" + jwt.substring(1)
+
+    const res = await c.verify<string>(jwt)
+    expect(res).toBeNull()
+})