mirror of
https://github.com/github/codeql.git
synced 2026-02-19 08:23:45 +01:00
33 lines
934 B
JavaScript
33 lines
934 B
JavaScript
const express = require('express')
|
|
const app = express()
|
|
const jose = require('jose')
|
|
const port = 3000
|
|
|
|
function getSecret() {
|
|
return "A Safe generated random key"
|
|
}
|
|
|
|
app.get('/jose1', (req, res) => {
|
|
const UserToken = req.headers.authorization;
|
|
// no signature verification
|
|
jose.decodeJwt(UserToken) // NOT OK
|
|
})
|
|
|
|
|
|
app.get('/jose2', async (req, res) => {
|
|
const UserToken = req.headers.authorization;
|
|
// with signature verification
|
|
await jose.jwtVerify(UserToken, new TextEncoder().encode(getSecret())) // OK
|
|
})
|
|
|
|
app.get('/jose3', async (req, res) => {
|
|
const UserToken = req.headers.authorization;
|
|
// first without signature verification then with signature verification for same UserToken
|
|
jose.decodeJwt(UserToken) // OK
|
|
await jose.jwtVerify(UserToken, new TextEncoder().encode(getSecret())) // OK
|
|
})
|
|
|
|
app.listen(port, () => {
|
|
console.log(`Example app listening on port ${port}`)
|
|
})
|