-
-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Replacing jsonwebtoken with fast-jwt #184
Conversation
Updated verify and decode methods
Disabled tests with encoded private key because of compatibility issues
Co-authored-by: KaKa <climba03003@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Important note: fast-jwt DOES NOT support passphrase protected private keys yet! For this reason the test cases covering this scenario were (temporarily) commented out.
This needs to be fixed before landing
Opened an issue in |
@mcollina is there anything specific you would like me to review here? I am not familiar with this module. Cursorily, you have already covered what I would say: it needs 1:1 feature parity before it can be accepted. |
@mcollina @jsumners yes this is being worked on, feature parity will first need a change in fast-jwt to support password protected private keys, which are currently not supported. See nearform/fast-jwt#117. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. We wait for nearform/fast-jwt#117 before landing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM !
Some suggestions:
- We should take the opportunity offered by this PR to rework the file structure of the plugin and move
jwt.test-d.ts
totest/types/jwt.test-d.ts
, renametest/test.test.js
totest/jwt.test.js
and update the corresponding references inpackage.json
file. - Update to require at least
fastify >= 3.0.0
(currently it requiresfastify >= 3.0.0-alpha-1
) injwt.js
file module export. - We should add an explicit warning in the
README.md
stating that we migrated fromjsonwebtoken
tofast-jwt
and that it may break "exotic" implementations even though it is a 1:1 feature implementation.
NB: this PR superseeds and closes #166 too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM, a couple of inline comments (some may be outdated as it took me a while to review this and you may have addressed some of them already).
One main question: shall we write a short migration guide so users know what to change when upgrading?
@@ -1,5 +1,5 @@ | |||
import { DecoderOptions, KeyFetcher, SignerCallback, SignerOptions, VerifierCallback, VerifierOptions } from 'fast-jwt' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given the many changes in typings, let's make sure we are running typing checks in CI and that we have tests in place for typing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some changes suggestions to types. (mostly string time span related)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
You might want to run some benchmarks using wrk or autocannon. |
Added new types for Sign and Verify Options, updated typings test Co-authored-by: darkgl0w <31093081+darkgl0w@users.noreply.github.com>
I think we are good to go. After the workflow is approved and the tests are green - the PR can be merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a suggestion on the readme
Yes absolutely, I suggested the same. We should have a section in the readme or other sensible place and link it from the release notes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems good to me ^^
I have left a few nits
Co-authored-by: darkgl0w <31093081+darkgl0w@users.noreply.github.com>
Co-authored-by: darkgl0w <31093081+darkgl0w@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's way better with a separate file 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add a bit of a migration guide at the top of the README?
There are a few API changes here
There's an UPGRADING.md doc added in this PR |
Co-authored-by: darkgl0w <31093081+darkgl0w@users.noreply.github.com>
Folks, I think the PR is, finally, ready to be merged. If some small issues arise after the release, we will address them separately. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Can anyone with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No blocking for me. LGTM.
Neat! I assume that @lukeed will be happy to read that his package will be used in a this fastify-plugin. (Pinging him on purpose ;) ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Nice! :) thanks for the ping |
Replacing the
jsonwebtoken
with more performantfast-jwt
library.Since options for
fast-jwt
are somewhat different, I will update the options exposed throughfastify-jwt
.Important note: This is a BREAKING CHANGE, so after this PR is approved and merged, a new major version of the plugin will be released.
Closes #174
Closes #166
Update 10-11-2021:
fast-jwt
has been updated to support password protected private keys, This PR includes those changes as well.Checklist
npm run test
andnpm run benchmark
and the Code of conduct