Added type validation

x25 · Jul 17, 2014 · 510eabc · 510eabc
1 parent 36c3fb4
commit 510eabc
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 8 deletions.
diff --git a/example.lua b/example.lua
@@ -15,7 +15,7 @@ local function t2s(o)
 end
 
 -- 
-local JWT = require "luajwt"
+local jwt = require "luajwt"
 
 local key = "example_key"
 
@@ -26,11 +26,11 @@ local claim = {
 }
 
 local alg = "HS256" -- default alg
-local token, err = JWT.encode(claim, key, alg)
+local token, err = jwt.encode(claim, key, alg)
 
 print("Token:", token)
 
 local validate = true -- validate exp and nbf (default: true)
-local decoded, err = JWT.decode(token, key, validate)
+local decoded, err = jwt.decode(token, key, validate)
 
 print("Claim:", t2s(decoded) )
diff --git a/luajwt-1.3-1.rockspec → luajwt-1.3-2.rockspec b/luajwt-1.3-1.rockspec → luajwt-1.3-2.rockspec
@@ -1,5 +1,5 @@
 package = "luajwt"
-version = "1.3-1"
+version = "1.3-2"
 
 source = {
 	url = "git://github.com/x25/luajwt",
@@ -8,7 +8,7 @@ source = {
 
 description = {
 	summary = "JSON Web Tokens for Lua",
-	detailed = "Very fast and compatible with pyjwt, php-jwt and ruby-jwt",
+	detailed = "Very fast and compatible with pyjwt, php-jwt, ruby-jwt, node-jwt-simple and others",
 	homepage = "https://github.com/x25/luajwt",
 	license = "MIT <http://opensource.org/licenses/MIT>"
 }

diff --git a/luajwt.lua b/luajwt.lua
@@ -111,7 +111,23 @@ function M.decode(data, key, verify)
 
 	if verify then
 
-		if not header.alg or not alg_verify[header.alg] then
+		if not header.typ or header.typ ~= "JWT" then
+			return nil, "Invalid typ"
+		end
+
+		if not header.alg or type(header.alg) ~= "string" then
+			return nil, "Invalid alg"
+		end
+
+		if body.exp and type(body.exp) ~= "number" then
+			return nil, "exp must be number"
+		end
+
+		if body.nbf and type(body.nbf) ~= "number" then
+			return nil, "nbf must be number"
+		end
+
+		if not alg_verify[header.alg] then
 			return nil, "Algorithm not supported"
 		end
 
@@ -120,11 +136,11 @@ function M.decode(data, key, verify)
 		end
 
 		if body.exp and os.time() >= body.exp then
-			return nil, "Invalid exp"
+			return nil, "Not acceptable by exp"
 		end
 
 		if body.nbf and os.time() < body.nbf then
-			return nil, "Invalid nbf"
+			return nil, "Not acceptable by nbf"
 		end
 	end