refactor(sara_token.js): drop sara header, use iss claim instead

web-tech-tw · Oct 13, 2024 · b8edcb8 · b8edcb8
1 parent 52ce924
commit b8edcb8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 17 deletions.
diff --git a/.env.sample b/.env.sample
@@ -40,7 +40,6 @@ MAIL_SMTP_PASSWORD="your_smtp_password"
 MAIL_SMTP_FROM='"sara.recv" <[email protected]>'
 
 # sara configs
-SARA_ISSUER="https://example.com"
 SARA_AUDIENCE_URL="https://example.org"
 SARA_SYSTEM_ADMIN_SECRET="your_system_admin_secret"
 SARA_SYSTEM_ADMIN_IP_ADDRESS="127.0.0.1"
diff --git a/src/utils/sara_token.js b/src/utils/sara_token.js
@@ -10,27 +10,24 @@ const {sign, verify} = require("jsonwebtoken");
 // Import usePublicKey and usePrivateKey
 const {usePublicKey, usePrivateKey} = require("../init/keypair");
 
+// Define Sara Token specs
+const issuerIdentity = "Sara Hoshikawa"; // The code of Sara v3
+
 // Define issueOptions
 const issueOptions = {
     algorithm: "ES256",
     expiresIn: "1d",
     notBefore: "500ms",
-    issuer: getMust("SARA_ISSUER"),
+    issuer: issuerIdentity,
     audience: getMust("SARA_AUDIENCE_URL"),
     noTimestamp: false,
     mutatePayload: false,
-    header: {
-        sara: {
-            version: 3,
-            type: "auth",
-        },
-    },
 };
 
 // Define validateOptions
 const validateOptions = {
     algorithms: ["ES256"],
-    issuer: getMust("SARA_ISSUER"),
+    issuer: issuerIdentity,
     audience: getMust("SARA_AUDIENCE_URL"),
     complete: true,
 };
@@ -62,17 +59,10 @@ function validate(token) {
     };
 
     try {
-        const {header, payload} = verify(
+        const {payload} = verify(
             token, publicKey, validateOptions,
         );
 
-        if (
-            header?.sara?.version !== 3 ||
-            header?.sara?.type !== "auth"
-        ) {
-            throw new Error("invalid sara token type");
-        }
-
         result.userId = payload.sub;
         result.payload = payload;
     } catch (e) {