fix: jwt decoding method (#203)

heroiclabs · Oct 30, 2024 · 1760985 · 1760985
1 parent 571d483
commit 1760985
Show file tree

Hide file tree

Showing 15 changed files with 112 additions and 113 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this project are documented below.
 The format is based on [keep a changelog](http://keepachangelog.com/) and this project uses [semantic versioning](http://semver.org/).
 
 ### Unreleased
+### Fixed
+- Nakama: Fixed JWT decoding.
+- Satori: Fixed JWT decoding.
 
 ### [2.8.0]
 ### Added

diff --git a/packages/nakama-js/dist/nakama-js.cjs.js b/packages/nakama-js/dist/nakama-js.cjs.js
@@ -3206,18 +3206,10 @@ var Session = class {
     return this.refresh_expires_at - currenttime < 0;
   }
   update(token, refreshToken) {
-    const tokenParts = token.split(".");
-    if (tokenParts.length != 3) {
-      throw "jwt is not valid.";
-    }
-    const tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+    const tokenDecoded = this.decodeJWT(token);
     const tokenExpiresAt = Math.floor(parseInt(tokenDecoded["exp"]));
     if (refreshToken) {
-      const refreshTokenParts = refreshToken.split(".");
-      if (refreshTokenParts.length != 3) {
-        throw "refresh jwt is not valid.";
-      }
-      const refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+      const refreshTokenDecoded = this.decodeJWT(refreshToken);
       const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded["exp"]));
       this.refresh_expires_at = refreshTokenExpiresAt;
       this.refresh_token = refreshToken;
@@ -3228,6 +3220,14 @@ var Session = class {
     this.user_id = tokenDecoded["uid"];
     this.vars = tokenDecoded["vrs"];
   }
+  decodeJWT(token) {
+    const { 1: base64Raw } = token.split(".");
+    const _base64 = base64Raw.replace(/-/g, "+").replace(/_/g, "/");
+    const jsonPayload = decodeURIComponent(_atob(_base64).split("").map((c) => {
+      return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;
+    }).join(""));
+    return JSON.parse(jsonPayload);
+  }
   static restore(token, refreshToken) {
     return new Session(token, refreshToken, false);
   }

diff --git a/packages/nakama-js/dist/nakama-js.esm.mjs b/packages/nakama-js/dist/nakama-js.esm.mjs
@@ -3180,18 +3180,10 @@ var Session = class {
     return this.refresh_expires_at - currenttime < 0;
   }
   update(token, refreshToken) {
-    const tokenParts = token.split(".");
-    if (tokenParts.length != 3) {
-      throw "jwt is not valid.";
-    }
-    const tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+    const tokenDecoded = this.decodeJWT(token);
     const tokenExpiresAt = Math.floor(parseInt(tokenDecoded["exp"]));
     if (refreshToken) {
-      const refreshTokenParts = refreshToken.split(".");
-      if (refreshTokenParts.length != 3) {
-        throw "refresh jwt is not valid.";
-      }
-      const refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+      const refreshTokenDecoded = this.decodeJWT(refreshToken);
       const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded["exp"]));
       this.refresh_expires_at = refreshTokenExpiresAt;
       this.refresh_token = refreshToken;
@@ -3202,6 +3194,14 @@ var Session = class {
     this.user_id = tokenDecoded["uid"];
     this.vars = tokenDecoded["vrs"];
   }
+  decodeJWT(token) {
+    const { 1: base64Raw } = token.split(".");
+    const _base64 = base64Raw.replace(/-/g, "+").replace(/_/g, "/");
+    const jsonPayload = decodeURIComponent(_atob(_base64).split("").map((c) => {
+      return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;
+    }).join(""));
+    return JSON.parse(jsonPayload);
+  }
   static restore(token, refreshToken) {
     return new Session(token, refreshToken, false);
   }

diff --git a/packages/nakama-js/dist/nakama-js.iife.js b/packages/nakama-js/dist/nakama-js.iife.js
@@ -3206,18 +3206,10 @@ var nakamajs = (() => {
       return this.refresh_expires_at - currenttime < 0;
     }
     update(token, refreshToken) {
-      const tokenParts = token.split(".");
-      if (tokenParts.length != 3) {
-        throw "jwt is not valid.";
-      }
-      const tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+      const tokenDecoded = this.decodeJWT(token);
       const tokenExpiresAt = Math.floor(parseInt(tokenDecoded["exp"]));
       if (refreshToken) {
-        const refreshTokenParts = refreshToken.split(".");
-        if (refreshTokenParts.length != 3) {
-          throw "refresh jwt is not valid.";
-        }
-        const refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+        const refreshTokenDecoded = this.decodeJWT(refreshToken);
         const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded["exp"]));
         this.refresh_expires_at = refreshTokenExpiresAt;
         this.refresh_token = refreshToken;
@@ -3228,6 +3220,14 @@ var nakamajs = (() => {
       this.user_id = tokenDecoded["uid"];
       this.vars = tokenDecoded["vrs"];
     }
+    decodeJWT(token) {
+      const { 1: base64Raw } = token.split(".");
+      const _base64 = base64Raw.replace(/-/g, "+").replace(/_/g, "/");
+      const jsonPayload = decodeURIComponent(_atob(_base64).split("").map((c) => {
+        return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;
+      }).join(""));
+      return JSON.parse(jsonPayload);
+    }
     static restore(token, refreshToken) {
       return new Session(token, refreshToken, false);
     }

diff --git a/packages/nakama-js/dist/nakama-js.umd.js b/packages/nakama-js/dist/nakama-js.umd.js
@@ -3907,20 +3907,12 @@
           return (this.refresh_expires_at - currenttime) < 0;
       };
       Session.prototype.update = function (token, refreshToken) {
-          var tokenParts = token.split('.');
-          if (tokenParts.length != 3) {
-              throw 'jwt is not valid.';
-          }
-          var tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+          var tokenDecoded = this.decodeJWT(token);
           var tokenExpiresAt = Math.floor(parseInt(tokenDecoded['exp']));
           /** clients that have just updated to the refresh tokens */
           /** client release will not have a cached refresh token */
           if (refreshToken) {
-              var refreshTokenParts = refreshToken.split('.');
-              if (refreshTokenParts.length != 3) {
-                  throw 'refresh jwt is not valid.';
-              }
-              var refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+              var refreshTokenDecoded = this.decodeJWT(refreshToken);
               var refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded['exp']));
               this.refresh_expires_at = refreshTokenExpiresAt;
               this.refresh_token = refreshToken;
@@ -3931,6 +3923,14 @@
           this.user_id = tokenDecoded['uid'];
           this.vars = tokenDecoded['vrs'];
       };
+      Session.prototype.decodeJWT = function (token) {
+          var base64Raw = token.split('.')[1];
+          var _base64 = base64Raw.replace(/-/g, '+').replace(/_/g, '/');
+          var jsonPayload = decodeURIComponent(_atob(_base64).split('').map(function (c) {
+              return "%".concat(("00".concat(c.charCodeAt(0).toString(16))).slice(-2));
+          }).join(''));
+          return JSON.parse(jsonPayload);
+      };
       Session.restore = function (token, refreshToken) {
           return new Session(token, refreshToken, false);
       };

diff --git a/packages/nakama-js/dist/session.d.ts b/packages/nakama-js/dist/session.d.ts
@@ -54,5 +54,6 @@ export declare class Session implements ISession {
     isexpired(currenttime: number): boolean;
     isrefreshexpired(currenttime: number): boolean;
     update(token: string, refreshToken: string): void;
+    decodeJWT(token: string): any;
     static restore(token: string, refreshToken: string): Session;
 }
diff --git a/packages/nakama-js/package.json b/packages/nakama-js/package.json
@@ -11,7 +11,7 @@
     "exports": {
         "./package.json": "./package.json",
         ".": {
-	    "types": "./dist/index.d.ts",
+            "types": "./dist/index.d.ts",
             "import": "./dist/nakama-js.esm.mjs",
             "require": "./dist/nakama-js.cjs.js"
         }
@@ -45,4 +45,4 @@
         "rollup": "^3.10.0",
         "tslib": "^2.4.1"
     }
-}
+}
diff --git a/packages/nakama-js/session.ts b/packages/nakama-js/session.ts
@@ -76,26 +76,13 @@ export class Session implements ISession {
   }
 
   update(token: string, refreshToken: string) {
-
-    const tokenParts = token.split('.');
-    if (tokenParts.length != 3) {
-      throw 'jwt is not valid.';
-    }
-
-    const tokenDecoded = JSON.parse(base64.atob(tokenParts[1]));
+    const tokenDecoded = this.decodeJWT(token);
     const tokenExpiresAt = Math.floor(parseInt(tokenDecoded['exp']));
 
     /** clients that have just updated to the refresh tokens */
     /** client release will not have a cached refresh token */
     if (refreshToken) {
-
-        const refreshTokenParts = refreshToken.split('.');
-
-        if (refreshTokenParts.length != 3) {
-            throw 'refresh jwt is not valid.';
-        }
-
-        const refreshTokenDecoded = JSON.parse(base64.atob(refreshTokenParts[1]))
+        const refreshTokenDecoded = this.decodeJWT(refreshToken);
         const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded['exp']));
         this.refresh_expires_at = refreshTokenExpiresAt;
         this.refresh_token = refreshToken;
@@ -108,6 +95,16 @@ export class Session implements ISession {
     this.vars = tokenDecoded['vrs'];
   }
 
+  decodeJWT(token: string) {
+    const { 1: base64Raw } = token.split('.')
+    const _base64 = base64Raw.replace(/-/g, '+').replace(/_/g, '/')
+    const jsonPayload = decodeURIComponent(base64.atob(_base64).split('').map((c) => {
+      return `%${(`00${c.charCodeAt(0).toString(16)}`).slice(-2)}`
+    }).join(''))
+
+    return JSON.parse(jsonPayload)
+  }
+
   static restore(token: string, refreshToken: string): Session {
     return new Session(token, refreshToken, false);
   }

diff --git a/packages/satori-js/dist/satori-js.cjs.js b/packages/satori-js/dist/satori-js.cjs.js
@@ -1122,18 +1122,10 @@ var Session = class {
     return this.refresh_expires_at - currenttime < 0;
   }
   update(token, refreshToken) {
-    const tokenParts = token.split(".");
-    if (tokenParts.length != 3) {
-      throw "jwt is not valid.";
-    }
-    const tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+    const tokenDecoded = this.decodeJWT(token);
     const tokenExpiresAt = Math.floor(parseInt(tokenDecoded["exp"]));
     if (refreshToken) {
-      const refreshTokenParts = refreshToken.split(".");
-      if (refreshTokenParts.length != 3) {
-        throw "refresh jwt is not valid.";
-      }
-      const refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+      const refreshTokenDecoded = this.decodeJWT(refreshToken);
       const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded["exp"]));
       this.refresh_expires_at = refreshTokenExpiresAt;
       this.refresh_token = refreshToken;
@@ -1143,6 +1135,14 @@ var Session = class {
     this.user_id = tokenDecoded["uid"];
     this.vars = tokenDecoded["vrs"];
   }
+  decodeJWT(token) {
+    const { 1: base64Raw } = token.split(".");
+    const _base64 = base64Raw.replace(/-/g, "+").replace(/_/g, "/");
+    const jsonPayload = decodeURIComponent(_atob(_base64).split("").map((c) => {
+      return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;
+    }).join(""));
+    return JSON.parse(jsonPayload);
+  }
   static restore(token, refreshToken) {
     return new Session(token, refreshToken);
   }

diff --git a/packages/satori-js/dist/satori-js.esm.mjs b/packages/satori-js/dist/satori-js.esm.mjs
@@ -1098,18 +1098,10 @@ var Session = class {
     return this.refresh_expires_at - currenttime < 0;
   }
   update(token, refreshToken) {
-    const tokenParts = token.split(".");
-    if (tokenParts.length != 3) {
-      throw "jwt is not valid.";
-    }
-    const tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+    const tokenDecoded = this.decodeJWT(token);
     const tokenExpiresAt = Math.floor(parseInt(tokenDecoded["exp"]));
     if (refreshToken) {
-      const refreshTokenParts = refreshToken.split(".");
-      if (refreshTokenParts.length != 3) {
-        throw "refresh jwt is not valid.";
-      }
-      const refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+      const refreshTokenDecoded = this.decodeJWT(refreshToken);
       const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded["exp"]));
       this.refresh_expires_at = refreshTokenExpiresAt;
       this.refresh_token = refreshToken;
@@ -1119,6 +1111,14 @@ var Session = class {
     this.user_id = tokenDecoded["uid"];
     this.vars = tokenDecoded["vrs"];
   }
+  decodeJWT(token) {
+    const { 1: base64Raw } = token.split(".");
+    const _base64 = base64Raw.replace(/-/g, "+").replace(/_/g, "/");
+    const jsonPayload = decodeURIComponent(_atob(_base64).split("").map((c) => {
+      return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;
+    }).join(""));
+    return JSON.parse(jsonPayload);
+  }
   static restore(token, refreshToken) {
     return new Session(token, refreshToken);
   }

diff --git a/packages/satori-js/dist/satori-js.iife.js b/packages/satori-js/dist/satori-js.iife.js
@@ -1122,18 +1122,10 @@ var satorijs = (() => {
       return this.refresh_expires_at - currenttime < 0;
     }
     update(token, refreshToken) {
-      const tokenParts = token.split(".");
-      if (tokenParts.length != 3) {
-        throw "jwt is not valid.";
-      }
-      const tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+      const tokenDecoded = this.decodeJWT(token);
       const tokenExpiresAt = Math.floor(parseInt(tokenDecoded["exp"]));
       if (refreshToken) {
-        const refreshTokenParts = refreshToken.split(".");
-        if (refreshTokenParts.length != 3) {
-          throw "refresh jwt is not valid.";
-        }
-        const refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+        const refreshTokenDecoded = this.decodeJWT(refreshToken);
         const refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded["exp"]));
         this.refresh_expires_at = refreshTokenExpiresAt;
         this.refresh_token = refreshToken;
@@ -1143,6 +1135,14 @@ var satorijs = (() => {
       this.user_id = tokenDecoded["uid"];
       this.vars = tokenDecoded["vrs"];
     }
+    decodeJWT(token) {
+      const { 1: base64Raw } = token.split(".");
+      const _base64 = base64Raw.replace(/-/g, "+").replace(/_/g, "/");
+      const jsonPayload = decodeURIComponent(_atob(_base64).split("").map((c) => {
+        return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;
+      }).join(""));
+      return JSON.parse(jsonPayload);
+    }
     static restore(token, refreshToken) {
       return new Session(token, refreshToken);
     }

diff --git a/packages/satori-js/dist/satori-js.umd.js b/packages/satori-js/dist/satori-js.umd.js
@@ -1451,20 +1451,12 @@
           return (this.refresh_expires_at - currenttime) < 0;
       };
       Session.prototype.update = function (token, refreshToken) {
-          var tokenParts = token.split('.');
-          if (tokenParts.length != 3) {
-              throw 'jwt is not valid.';
-          }
-          var tokenDecoded = JSON.parse(_atob(tokenParts[1]));
+          var tokenDecoded = this.decodeJWT(token);
           var tokenExpiresAt = Math.floor(parseInt(tokenDecoded['exp']));
           /** clients that have just updated to the refresh tokens */
           /** client release will not have a cached refresh token */
           if (refreshToken) {
-              var refreshTokenParts = refreshToken.split('.');
-              if (refreshTokenParts.length != 3) {
-                  throw 'refresh jwt is not valid.';
-              }
-              var refreshTokenDecoded = JSON.parse(_atob(refreshTokenParts[1]));
+              var refreshTokenDecoded = this.decodeJWT(refreshToken);
               var refreshTokenExpiresAt = Math.floor(parseInt(refreshTokenDecoded['exp']));
               this.refresh_expires_at = refreshTokenExpiresAt;
               this.refresh_token = refreshToken;
@@ -1474,6 +1466,14 @@
           this.user_id = tokenDecoded['uid'];
           this.vars = tokenDecoded['vrs'];
       };
+      Session.prototype.decodeJWT = function (token) {
+          var base64Raw = token.split('.')[1];
+          var _base64 = base64Raw.replace(/-/g, '+').replace(/_/g, '/');
+          var jsonPayload = decodeURIComponent(_atob(_base64).split('').map(function (c) {
+              return "%".concat(("00".concat(c.charCodeAt(0).toString(16))).slice(-2));
+          }).join(''));
+          return JSON.parse(jsonPayload);
+      };
       Session.restore = function (token, refreshToken) {
           return new Session(token, refreshToken);
       };

diff --git a/packages/satori-js/dist/session.d.ts b/packages/satori-js/dist/session.d.ts
@@ -48,5 +48,6 @@ export declare class Session implements ISession {
     isexpired(currenttime: number): boolean;
     isrefreshexpired(currenttime: number): boolean;
     update(token: string, refreshToken: string): void;
+    decodeJWT(token: string): any;
     static restore(token: string, refreshToken: string): Session;
 }
diff --git a/packages/satori-js/package.json b/packages/satori-js/package.json
@@ -48,4 +48,4 @@
         "js-base64": "^3.7.4",
         "whatwg-fetch": "^3.6.2"
     }
-}
+}