feat: Replacing jsonwebtoken with fast-jwt

[radomird]

Replacing the jsonwebtoken with more performant fast-jwt library.

Since options for fast-jwt are somewhat different, I will update the options exposed through fastify-jwt.

Important note: This is a BREAKING CHANGE, so after this PR is approved and merged, a new major version of the plugin will be released.

Closes #174
Closes #166

Update 10-11-2021: fast-jwt has been updated to support password protected private keys, This PR includes those changes as well.

Checklist

• run npm run test and npm run benchmark
• tests and/or benchmarks are included
• documentation is changed or added
• commit message and code follows the Developer's Certification of Origin
  and the Code of conduct

[mcollina]

lgtm

[mcollina]

Important note: fast-jwt DOES NOT support passphrase protected private keys yet! For this reason the test cases covering this scenario were (temporarily) commented out.

This needs to be fixed before landing

[radomird]

Opened an issue in fast-jwt about the passphrase protected private keys support.
nearform/fast-jwt#116

[jsumners]

@mcollina is there anything specific you would like me to review here? I am not familiar with this module. Cursorily, you have already covered what I would say: it needs 1:1 feature parity before it can be accepted.

[simoneb]

@mcollina @jsumners yes this is being worked on, feature parity will first need a change in fast-jwt to support password protected private keys, which are currently not supported. See nearform/fast-jwt#117.

[climba03003]

LGTM. We wait for nearform/fast-jwt#117 before landing.

[darkgl0w]

LGTM !

Some suggestions:

• We should take the opportunity offered by this PR to rework the file structure of the plugin and move jwt.test-d.ts to test/types/jwt.test-d.ts, rename test/test.test.js to test/jwt.test.js and update the corresponding references in package.json file.
• Update to require at least fastify >= 3.0.0 (currently it requires fastify >= 3.0.0-alpha-1) in jwt.js file module export.
• We should add an explicit warning in the README.md stating that we migrated from jsonwebtoken to fast-jwt and that it may break "exotic" implementations even though it is a 1:1 feature implementation.

NB: this PR superseeds and closes #166 too.

[simoneb]

Overall LGTM, a couple of inline comments (some may be outdated as it took me a while to review this and you may have addressed some of them already).

One main question: shall we write a short migration guide so users know what to change when upgrading?

[simoneb]

given the many changes in typings, let's make sure we are running typing checks in CI and that we have tests in place for typing

[darkgl0w]

Added some changes suggestions to types. (mostly string time span related)

[mcollina]

lgtm

[mcollina]

You might want to run some benchmarks using wrk or autocannon.

[radomird]

I think we are good to go. After the workflow is approved and the tests are green - the PR can be merged.

[Eomm]

LGTM, just a suggestion on the readme

[simoneb]

LGTM, just a suggestion on the readme

Yes absolutely, I suggested the same. We should have a section in the readme or other sensible place and link it from the release notes

[radomird]

@Eomm @simoneb & @darkgl0w I've updated the README with breaking changes and also all of the examples in the README have been updated to use the new option names.

[darkgl0w]

Seems good to me ^^
I have left a few nits

[darkgl0w]

That's way better with a separate file 👍

[mcollina]

Could you add a bit of a migration guide at the top of the README?

There are a few API changes here

[simoneb]

Could you add a bit of a migration guide at the top of the README?

There are a few API changes here

There's an UPGRADING.md doc added in this PR

[radomird]

Folks, I think the PR is, finally, ready to be merged. If some small issues arise after the release, we will address them separately.

[mcollina]

lgtm

[radomird]

Can anyone with write access merge the PR? I don't have sufficient access level to do this 😄
@mcollina

[climba03003]

No blocking for me. LGTM.

[Uzlopak]

Neat!

I assume that @lukeed will be happy to read that his package will be used in a this fastify-plugin. (Pinging him on purpose ;) )

[mcollina]

lgtm

[lukeed]

Nice! :) thanks for the ping