Added decoding without validation

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2014 Anatoly
+Copyright (c) 2014
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

README.md

@@ -4,59 +4,65 @@ luajwt
 JSON Web Tokens for Lua
 
 ```bash
-# luarocks install --server=http://rocks.moonscript.org luajwt
+$ sudo luarocks install --server=http://rocks.moonscript.org luajwt
 ```
 
 ## Usage
 
 Basic usage:
 
 ```lua
-local luajwt = require "luajwt"
+local jwt = require "luajwt"
 
 local key = "example_key"
 
-local claim = {
+local payload = {
 	iss = "12345678",
-	nbf = 1405108000,
+	nbf = os.time(),
 	exp = os.time() + 3600,
 }
 
-local alg = "HS256" -- (default: HS256)
-local token, err = luajwt.encode(claim, key, alg)
+-- encode
+local alg = "HS256" -- (default)
+local token, err = jwt.encode(payload, key, alg)
 
--- Token: (linebreaks added for readability)
---[[ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIxMjM0NTY3OC
-IsIm5iZiI6MTQwNTEwODAwMCwiZXhwIjoxNDA1MTgxOTE2fQ._Gvr99eMoi0mWxI
-xWOIAexN7UXO06GbpnEgkxdQkeXQ ]]--
+-- token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIx(cutted)...
 
-local validate = true -- validate exp and nbf (default: true)
-local decoded, err = luajwt.decode(token, key, validate)
+-- decode and validate
+local validate = true -- validate signature, exp and nbf (default: true)
+local decoded, err = jwt.decode(token, key, validate)
+
+-- decoded: { ["iss"] = 12345678, ["nbf"] = 1405108000, ["exp"] = 1405181916 }
+
+-- only decode
+local unsafe, err = jwt.decode(token)
+
+-- unsafe:  { ["iss"] = 12345678, ["nbf"] = 1405108000, ["exp"] = 1405181916 }
 
--- Decoded: { ["iss"] = 12345678, ["nbf"] = 1405108000, ["exp"] = 1405181916 }
 ```
 
-An openresty/ngx_lua example:
+An openresty/nginx lua jwt auth example:
 
 ```
+# nginx.conf
 location /auth {
 	content_by_lua '
-		local luajwt = require "luajwt"
+		local jwt = require "luajwt"
 
 		local args = ngx.req.get_uri_args(1)
 
 		if not args.jwt then
-		        ngx.say("Undefined token")
-        		return
+
+			return ngx.say("Where is token?")
 		end
 
-		local key = "SECRET_PASSWORD"
+		local key = "SECRET"
 
-		local ok, err = luajwt.decode(args.jwt, key)
+		local ok, err = jwt.decode(args.jwt, key)
 
 		if not ok then
-		        ngx.say("Error: ", err)
-        		return
+
+			return ngx.say("Error: ", err)
 		end
 
 		ngx.say("Welcome!")
@@ -67,7 +73,7 @@ location /auth {
 Generate token and try:
 
 ```bash
-curl your.server/auth?jwt=TOKEN
+$ curl your.server/auth?jwt=TOKEN
 ```
 
 ## Algorithms

example.lua

@@ -15,24 +15,22 @@ local function t2s(o)
 end
 
 -- 
-local luajwt = require "luajwt"
+local JWT = require "luajwt"
 
 local key = "example_key"
 
 local claim = {
 	iss = "12345678",
-	nbf = 1405108000,
+	nbf = os.time(),
 	exp = os.time() + 3600,
 }
 
 local alg = "HS256" -- default alg
-local token, err = luajwt.encode(claim, key, alg)
+local token, err = JWT.encode(claim, key, alg)
 
-print("Token:")
-print(token, err, "\n")
+print("Token:", token)
 
 local validate = true -- validate exp and nbf (default: true)
-local decoded, err = luajwt.decode(token, key, validate)
+local decoded, err = JWT.decode(token, key, validate)
 
-print("Claim:")
-print(t2s(decoded), err)
+print("Claim:", t2s(decoded) )

luajwt-1.2-2.rockspec → luajwt-1.3-1.rockspec

@@ -1,9 +1,9 @@
 package = "luajwt"
-version = "1.2-2"
+version = "1.3-1"
 
 source = {
 	url = "git://github.com/x25/luajwt",
-	tag = "v1.2"
+	tag = "v1.3"
 }
 
 description = {

luajwt.lua

@@ -57,9 +57,9 @@ local function tokenize(str, div, len)
 	return result
 end
 
-local luajwt = {}
+local M = {}
 
-function luajwt.encode(data, key, alg)
+function M.encode(data, key, alg)
 	if type(data) ~= 'table' then return nil, "Argument #1 must be table" end
 	if type(key) ~= 'string' then return nil, "Argument #2 must be string" end
 
@@ -85,13 +85,10 @@ function luajwt.encode(data, key, alg)
 	return table.concat(segments, ".")
 end
 
-function luajwt.decode(data, key, verify)
+function M.decode(data, key, verify)
+	if key and verify == nil then verify = true end
 	if type(data) ~= 'string' then return nil, "Argument #1 must be string" end
-	if type(key) ~= 'string' then return nil, "Argument #2 must be string" end
-
-	if verify == nil then 
-		verify = true 
-	end
+	if verify and type(key) ~= 'string' then return nil, "Argument #2 must be string" end
 
 	local token = tokenize(data, '.', 3)
 
@@ -109,7 +106,7 @@ function luajwt.decode(data, key, verify)
 	end)	
 
 	if not ok then
-		return nil, "Invalid token data"
+		return nil, "Invalid json"
 	end
 
 	if verify then
@@ -123,15 +120,15 @@ function luajwt.decode(data, key, verify)
 		end
 
 		if body.exp and os.time() >= body.exp then
-			return nil, "Invalid exp value"
+			return nil, "Invalid exp"
 		end
 
 		if body.nbf and os.time() < body.nbf then
-			return nil, "Invalid nbf value"
+			return nil, "Invalid nbf"
 		end
 	end
 
 	return body
 end
 
-return luajwt
+return M