Skip to content

Commit

Permalink
Adds a function to verify cron jobs auth token (#181)
Browse files Browse the repository at this point in the history
* feat: adds new function to verify cron jobs auth token

* chore: renames key names

* feat: adds null check
  • Loading branch information
Ajeyakrishna-k authored Jan 10, 2024
1 parent 1d253c5 commit 7d09d30
Show file tree
Hide file tree
Showing 2 changed files with 69 additions and 1 deletion.
22 changes: 22 additions & 0 deletions src/utils/verifyAuthToken.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,25 @@ export async function verifyAuthToken(authHeader: string, env: env) {
throw new Error(AUTHENTICATION_ERROR);
}
}

/**
*
* @param authHeader { string } : the auth header of request
* @param env { env }: the ctx (context) which contains the secrets put in as wrangler secrets.
*/
export async function verifyCronJobsToken(authHeader: string, env: env) {
if (!authHeader) {
throw new Error(INVALID_TOKEN_FORMAT);
}
const authHeaderParts = authHeader.split(" ");
if (authHeaderParts.length !== 2 || authHeaderParts[0] !== "Bearer") {
throw new Error(INVALID_TOKEN_FORMAT);
}
const authToken = authHeaderParts[1];
const isValid = await jwt.verify(authToken, env.CRON_JOBS_PUBLIC_KEY, {
algorithm: "RS256",
});
if (!isValid) {
throw new Error(AUTHENTICATION_ERROR);
}
}
48 changes: 47 additions & 1 deletion tests/unit/utils/verifyToken.test.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
import jwt from "@tsndr/cloudflare-worker-jwt";
import { verifyAuthToken } from "../../../src/utils/verifyAuthToken";
import {
verifyAuthToken,
verifyCronJobsToken,
} from "../../../src/utils/verifyAuthToken";
import {
AUTHENTICATION_ERROR,
INVALID_TOKEN_FORMAT,
Expand Down Expand Up @@ -45,3 +48,46 @@ describe("verifyAuthToken", () => {
);
});
});

describe("verifyCronJobsToken", () => {
const authToken = "validToken";
const mockEnv = { CRON_JOBS_PUBLIC_KEY: "publicKey" };

afterEach(() => {
jest.clearAllMocks();
});

it("should verify a valid token successfully", async () => {
jwt.verify = jest.fn().mockResolvedValue(true);
const authHeader = `Bearer ${authToken}`;
await expect(
verifyCronJobsToken(authHeader, mockEnv)
).resolves.not.toThrow();
expect(jwt.verify).toHaveBeenCalledWith(
authToken,
mockEnv.CRON_JOBS_PUBLIC_KEY,
{ algorithm: "RS256" }
);
});

it("should throw an error for an invalid token", async () => {
const authHeader = "Bearer invalidToken";
jwt.verify = jest.fn().mockResolvedValue(false);
await expect(verifyCronJobsToken(authHeader, mockEnv)).rejects.toThrow(
AUTHENTICATION_ERROR
);
});
it("should throw an error when Bearer is not passed", async () => {
const authHeader = "Beaer invalidToken";
await expect(verifyCronJobsToken(authHeader, mockEnv)).rejects.toThrow(
INVALID_TOKEN_FORMAT
);
});

it("should throw an error for a malformed auth header", async () => {
const malformedHeader = "invalidformat";
await expect(verifyCronJobsToken(malformedHeader, mockEnv)).rejects.toThrow(
INVALID_TOKEN_FORMAT
);
});
});

0 comments on commit 7d09d30

Please sign in to comment.