targets/node-jsonwebtoken/server.js · JWT Differential Fuzzer

46 lines · javascript

const http = require("http");
const jwt = require("jsonwebtoken");
 
const LIB_ID = "nodejwt";
const LIB_VERSION = require("jsonwebtoken/package.json").version;
 
function verdict(payload) {
  const { token, key, algs } = payload;
  try {
    const claims = jwt.verify(token, key, { algorithms: algs });
    return { valid: true, claims, error: null, lib: LIB_ID, version: LIB_VERSION };
  } catch (e) {
    return {
      valid: false,
      claims: null,
      error: `${e.name}: ${e.message}`,
      lib: LIB_ID,
      version: LIB_VERSION,
    };
  }
}
 
const server = http.createServer((req, res) => {
  if (req.method !== "POST" || req.url !== "/verify") {
    res.writeHead(404);
    return res.end();
  }
  let body = "";
  req.on("data", (c) => (body += c));
  req.on("end", () => {
    let payload;
    try {
      payload = JSON.parse(body);
    } catch {
      res.writeHead(400, { "Content-Type": "application/json" });
      return res.end(JSON.stringify({ error: "bad json" }));
    }
    const out = verdict(payload);
    res.writeHead(200, { "Content-Type": "application/json" });
    res.end(JSON.stringify(out));
  });
});
 
server.listen(7001, "0.0.0.0", () => {
  console.error(`[${LIB_ID} ${LIB_VERSION}] listening :7001`);
});

1	const http = require("http");
2	const jwt = require("jsonwebtoken");
3
4	const LIB_ID = "nodejwt";
5	const LIB_VERSION = require("jsonwebtoken/package.json").version;
6
7	function verdict(payload) {
8	const { token, key, algs } = payload;
9	try {
10	const claims = jwt.verify(token, key, { algorithms: algs });
11	return { valid: true, claims, error: null, lib: LIB_ID, version: LIB_VERSION };
12	} catch (e) {
13	return {
14	valid: false,
15	claims: null,
16	error: `${e.name}: ${e.message}`,
17	lib: LIB_ID,
18	version: LIB_VERSION,
19	};
20	}
21	}
22
23	const server = http.createServer((req, res) => {
24	if (req.method !== "POST" \|\| req.url !== "/verify") {
25	res.writeHead(404);
26	return res.end();
27	}
28	let body = "";
29	req.on("data", (c) => (body += c));
30	req.on("end", () => {
31	let payload;
32	try {
33	payload = JSON.parse(body);
34	} catch {
35	res.writeHead(400, { "Content-Type": "application/json" });
36	return res.end(JSON.stringify({ error: "bad json" }));
37	}
38	const out = verdict(payload);
39	res.writeHead(200, { "Content-Type": "application/json" });
40	res.end(JSON.stringify(out));
41	});
42	});
43
44	server.listen(7001, "0.0.0.0", () => {
45	console.error(`[${LIB_ID} ${LIB_VERSION}] listening :7001`);
46	});