Skip to content

Commit 47edd53

Browse files
xenirioxenirio
authored
fix(jwt): support multi-algorithm of JWT verify (#176)
1 parent a501f59 commit 47edd53

File tree

2 files changed

+5
-3
lines changed

2 files changed

+5
-3
lines changed

src/utils/config.ts

+3-1
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ type StorageConfigType = {
1212
globalS3Endpoint?: string
1313
isMultitenant: boolean
1414
jwtSecret: string
15+
jwtAlgorithm: string,
1516
multitenantDatabaseUrl?: string
1617
postgrestURL: string
1718
postgrestURLSuffix?: string
@@ -69,6 +70,7 @@ export function getConfig(): StorageConfigType {
6970
globalS3Endpoint: getOptionalConfigFromEnv('GLOBAL_S3_ENDPOINT'),
7071
isMultitenant: getOptionalConfigFromEnv('IS_MULTITENANT') === 'true',
7172
jwtSecret: getOptionalIfMultitenantConfigFromEnv('PGRST_JWT_SECRET') || '',
73+
jwtAlgorithm: getOptionalConfigFromEnv('PGRST_JWT_ALGORITHM') || 'HS256',
7274
multitenantDatabaseUrl: getOptionalConfigFromEnv('MULTITENANT_DATABASE_URL'),
7375
postgrestURL: getOptionalIfMultitenantConfigFromEnv('POSTGREST_URL') || '',
7476
postgrestURLSuffix: getOptionalConfigFromEnv('POSTGREST_URL_SUFFIX'),
@@ -81,7 +83,7 @@ export function getConfig(): StorageConfigType {
8183
getOptionalConfigFromEnv('PROJECT_REF') ||
8284
getOptionalIfMultitenantConfigFromEnv('TENANT_ID') ||
8385
'',
84-
urlLengthLimit: Number(getOptionalConfigFromEnv('URL_LENGTH_LIMIT')) || 7_500,
86+
urlLengthLimit: Number(getOptionalConfigFromEnv('URL_LENGTH_LIMIT')) || 7_500,
8587
xForwardedHostRegExp: getOptionalConfigFromEnv('X_FORWARDED_HOST_REGEXP'),
8688
logLevel: getOptionalConfigFromEnv('LOG_LEVEL') || 'trace',
8789
logflareEnabled: getOptionalConfigFromEnv('LOGFLARE_ENABLED') === 'true',

src/utils/index.ts

+2-2
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ import {
66
getJwtSecret as getJwtSecretForTenant,
77
} from './tenant'
88

9-
const { isMultitenant, jwtSecret } = getConfig()
9+
const { isMultitenant, jwtSecret, jwtAlgorithm } = getConfig()
1010

1111
interface jwtInterface {
1212
sub: string
@@ -34,7 +34,7 @@ export function verifyJWT(
3434
secret: string
3535
): Promise<string | jwt.JwtPayload | undefined> {
3636
return new Promise((resolve, reject) => {
37-
jwt.verify(token, secret, (err, decoded) => {
37+
jwt.verify(token, secret, { algorithms: [jwtAlgorithm as jwt.Algorithm]}, (err, decoded) => {
3838
if (err) return reject(err)
3939
resolve(decoded)
4040
})

0 commit comments

Comments
 (0)