feat: Allow private/public key to be override when signing/verifying

maitrungduc1410 · maitrungduc1410 · commit 903adaa6ba8a · 2020-09-09T11:44:03.000+08:00
This allows you to pass the `privateKey` property in the options of sign, signAsync and `publicKey` in the verify, verifyAsync. It does not override a secretOrKeyProvider though only the `privateKey` and `publicKey` passed into the JwtModule. Resolves [#302](#302)
diff --git a/README.md b/README.md
@@ -154,15 +154,15 @@ The `JwtService` uses [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken)
 
 #### jwtService.sign(payload: string | Object | Buffer, options?: JwtSignOptions): string
 
-The sign method is an implementation of jsonwebtoken `.sign()`. Differing from jsonwebtoken it also allows an additional `secret` property on `options` to override the secret passed in from the module. It only overrides the `secret`, `publicKey` or `privateKey` though not a `secretOrKeyProvider`.
+The sign method is an implementation of jsonwebtoken `.sign()`. Differing from jsonwebtoken it also allows an additional `secret, privateKey, publicKey` property on `options` to override the secret passed in from the module. It only overrides the `secret`, `publicKey` or `privateKey` though not a `secretOrKeyProvider`.
 
 #### jwtService.signAsync(payload: string | Object | Buffer, options?: JwtSignOptions): Promise\<string\>
 
 The asynchronous `.sign()` method.
 
 #### jwtService.verify\<T extends object = any>(token: string, options?: JwtVerifyOptions): T
 
-The verify method is an implementation of jsonwebtoken `.verify()`. Differing from jsonwebtoken it also allows an additional `secret` property on `options` to override the secret passed in from the module. It only overrides the `secret`, `publicKey` or `privateKey` though not a `secretOrKeyProvider`.
+The verify method is an implementation of jsonwebtoken `.verify()`. Differing from jsonwebtoken it also allows an additional `secret, privateKey, publicKey` property on `options` to override the secret passed in from the module. It only overrides the `secret`, `publicKey` or `privateKey` though not a `secretOrKeyProvider`.
 
 #### jwtService.verifyAsync\<T extends object = any>(token: string, options?: JwtVerifyOptions): Promise\<T\>
 
diff --git a/lib/interfaces/jwt-module-options.interface.ts b/lib/interfaces/jwt-module-options.interface.ts
@@ -36,8 +36,10 @@ export interface JwtModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {
 
 export interface JwtSignOptions extends jwt.SignOptions {
   secret?: string | Buffer;
+  privateKey?: string | Buffer;
 }
 
 export interface JwtVerifyOptions extends jwt.VerifyOptions {
   secret?: string | Buffer;
+  publicKey?: string | Buffer;
 }
diff --git a/lib/jwt.service.spec.ts b/lib/jwt.service.spec.ts
@@ -222,4 +222,39 @@ describe('JWT Service', () => {
       );
     });
   });
+
+  describe('should use private/public key from options', () => {
+    let jwtService: JwtService;
+
+    beforeAll(async () => {
+      jwtService = await setup({
+        ...config,
+        secretOrKeyProvider: undefined,
+        secret: undefined
+      });
+    });
+
+    let privateKey = 'customPrivateKey';
+    let publicKey = 'customPublicKey';
+
+    it('signing should use private key from options', async () => {
+      expect(await jwtService.sign('random', { privateKey })).toBe(privateKey);
+    });
+
+    it('signing (async) should use private key from options', async () => {
+      expect(jwtService.signAsync('random', { privateKey })).resolves.toBe(
+        privateKey
+      );
+    });
+
+    it('verifying should use public key from options', async () => {
+      expect(await jwtService.verify('random', { publicKey })).toBe(publicKey);
+    });
+
+    it('verifying (async) should use public key from options', async () => {
+      expect(jwtService.verifyAsync('random', { publicKey })).resolves.toBe(
+        publicKey
+      );
+    });
+  });
 });
diff --git a/lib/jwt.service.ts b/lib/jwt.service.ts
@@ -96,6 +96,11 @@ export class JwtService {
     key: 'verifyOptions' | 'signOptions'
   ): jwt.VerifyOptions | jwt.SignOptions {
     delete options.secret;
+    if (key === 'signOptions') {
+      delete (options as JwtSignOptions).privateKey;
+    } else {
+      delete (options as JwtVerifyOptions).publicKey;
+    }
     return options
       ? {
           ...(this.options[key] || {}),
@@ -112,7 +117,13 @@ export class JwtService {
   ): string | Buffer | jwt.Secret {
     let secret = this.options.secretOrKeyProvider
       ? this.options.secretOrKeyProvider(secretRequestType, token, options)
-      : options?.secret || this.options.secret || this.options[key];
+      : options?.secret ||
+        this.options.secret ||
+        (key === 'privateKey'
+          ? (options as JwtSignOptions)?.privateKey || this.options.privateKey
+          : (options as JwtVerifyOptions)?.publicKey ||
+            this.options.publicKey) ||
+        this.options[key];
 
     if (this.options.secretOrPrivateKey) {
       this.logger.warn(

Original file line number	Diff line number	Diff line change
`@@ -36,8 +36,10 @@ export interface JwtModuleAsyncOptions extends Pick<ModuleMetadata, 'imports'> {`
`36`	`36`
`37`	`37`	`export interface JwtSignOptions extends jwt.SignOptions {`
`38`	`38`	`secret?: string \| Buffer;`
	`39`	`+ privateKey?: string \| Buffer;`
`39`	`40`	`}`
`40`	`41`
`41`	`42`	`export interface JwtVerifyOptions extends jwt.VerifyOptions {`
`42`	`43`	`secret?: string \| Buffer;`
	`44`	`+ publicKey?: string \| Buffer;`
`43`	`45`	`}`