|
|
@@ -67,49 +67,59 @@ export function validateJwt(jwt: string) {
|
|
67
|
67
|
return errors;
|
|
68
|
68
|
}
|
|
69
|
69
|
|
|
70
|
|
- const { kid } = header;
|
|
|
70
|
+ const {
|
|
|
71
|
+ aud,
|
|
|
72
|
+ context,
|
|
|
73
|
+ exp,
|
|
|
74
|
+ iss,
|
|
|
75
|
+ nbf,
|
|
|
76
|
+ sub
|
|
|
77
|
+ } = payload;
|
|
71
|
78
|
|
|
72
|
|
- // if Key ID is missing, we return the error immediately without further validations.
|
|
73
|
|
- if (!kid) {
|
|
74
|
|
- errors.push('- Key ID(kid) missing');
|
|
|
79
|
+ // JaaS only
|
|
|
80
|
+ if (sub && sub.startsWith('vpaas-magic-cookie')) {
|
|
|
81
|
+ const { kid } = header;
|
|
75
|
82
|
|
|
76
|
|
- return errors;
|
|
77
|
|
- }
|
|
|
83
|
+ // if Key ID is missing, we return the error immediately without further validations.
|
|
|
84
|
+ if (!kid) {
|
|
|
85
|
+ errors.push('- Key ID(kid) missing');
|
|
78
|
86
|
|
|
79
|
|
- // JaaS only
|
|
80
|
|
- if (kid.startsWith('vpaas-magic-cookie')) {
|
|
81
|
|
- if (kid.substring(0, header.kid.indexOf('/')) !== payload.sub) {
|
|
|
87
|
+ return errors;
|
|
|
88
|
+ }
|
|
|
89
|
+
|
|
|
90
|
+ if (kid.substring(0, kid.indexOf('/')) !== sub) {
|
|
82
|
91
|
errors.push('- Key ID(kid) does not match sub');
|
|
83
|
92
|
}
|
|
84
|
|
- if (payload.aud !== 'jitsi') {
|
|
|
93
|
+
|
|
|
94
|
+ if (aud !== 'jitsi') {
|
|
85
|
95
|
errors.push('- invalid `aud` value. It should be `jitsi`');
|
|
86
|
96
|
}
|
|
87
|
97
|
|
|
88
|
|
- if (payload.iss !== 'chat') {
|
|
|
98
|
+ if (iss !== 'chat') {
|
|
89
|
99
|
errors.push('- invalid `iss` value. It should be `chat`');
|
|
90
|
100
|
}
|
|
91
|
101
|
|
|
92
|
|
- if (!payload.context?.features) {
|
|
|
102
|
+ if (!context?.features) {
|
|
93
|
103
|
errors.push('- `features` object is missing from the payload');
|
|
94
|
104
|
}
|
|
95
|
105
|
}
|
|
96
|
106
|
|
|
97
|
|
- if (!isValidUnixTimestamp(payload.nbf)) {
|
|
|
107
|
+ if (!isValidUnixTimestamp(nbf)) {
|
|
98
|
108
|
errors.push('- invalid `nbf` value');
|
|
99
|
|
- } else if (currentTimestamp < payload.nbf * 1000) {
|
|
|
109
|
+ } else if (currentTimestamp < nbf * 1000) {
|
|
100
|
110
|
errors.push('- `nbf` value is in the future');
|
|
101
|
111
|
}
|
|
102
|
112
|
|
|
103
|
|
- if (!isValidUnixTimestamp(payload.exp)) {
|
|
|
113
|
+ if (!isValidUnixTimestamp(exp)) {
|
|
104
|
114
|
errors.push('- invalid `exp` value');
|
|
105
|
|
- } else if (currentTimestamp > payload.exp * 1000) {
|
|
|
115
|
+ } else if (currentTimestamp > exp * 1000) {
|
|
106
|
116
|
errors.push('- token is expired');
|
|
107
|
117
|
}
|
|
108
|
118
|
|
|
109
|
|
- if (!payload.context) {
|
|
|
119
|
+ if (!context) {
|
|
110
|
120
|
errors.push('- `context` object is missing from the payload');
|
|
111
|
|
- } else if (payload.context.features) {
|
|
112
|
|
- const { features } = payload.context;
|
|
|
121
|
+ } else if (context.features) {
|
|
|
122
|
+ const { features } = context;
|
|
113
|
123
|
|
|
114
|
124
|
Object.keys(features).forEach(feature => {
|
|
115
|
125
|
if (MEET_FEATURES.includes(feature)) {
|
hmuresan
4 年前