Improved key validation and added option to read form environment variable

README.md

@@ -40,9 +40,9 @@ This is a mock server implementation for Open ID Connect base authentication. Th
 - `certFile` -
   provide pat for Certificate file to be used for https server
 - `privateKey or -pvtk: ` -
-  This option can be used to provide private key string or private key file path for JWT token private key, in absence of this a key pair will be generated on server start 
+  This option can be used to provide private key string or private key file path or name of environment variable for JWT token private key, in absence of this a key pair will be generated on server start 
 - `publicKey or -pubk: ` -
-  This option can be used to provide public key string or private key file path for JWT token private key
+  This option can be used to provide public key string or public key file path or name of environment variable for JWT token public key, in absence of public key it will be picked from private key provided
 - `idField or id: (default: sub)`-
   This is where you can pass what will be id field for user, the value passed in login or key in users file will use this field
 - `connKey or conn: (default: connection)`-

package.json

@@ -1,6 +1,6 @@
 {
   "name": "mock-auth-server",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "description": "Mock for Open ID Connect base authentication server for testing",
   "repository": {
     "type": "git",

utils/jwtHelper.js

@@ -4,8 +4,8 @@ const pem2jwk = require('pem-jwk').pem2jwk
 const jwt = require('jsonwebtoken');
 
 const getJWTKeys = async (privateKey, publicKey) => {
-    let effectivePrivateKey = getPEMString(privateKey);
-    let effectivePublicKey = getPEMString(publicKey);
+    let effectivePrivateKey = privateKey ? getPEMString(privateKey) : null;
+    let effectivePublicKey = publicKey ? getPEMString(publicKey) : null;
 
     if (effectivePrivateKey === null) {
         const { privateKey, publicKey } = await getKeyPair();
@@ -20,16 +20,23 @@ const getJWTKeys = async (privateKey, publicKey) => {
 };
 
 const getPEMString = (key) => {
-    if (isValidPEM(key)) return key;
-    if (fs.existsSync(key)) {
-        const fileContent = fs.readFileSync(key, 'utf8');
-        if (isValidPEM(fileContent)) return fileContent;
+    if (!key || isValidPEM(key)) return key;
+
+    let effectiveKey = key;
+    if (process.env[key]) {
+        console.log(`Reading ${key} from environment variable`);
+        effectiveKey = process.env[key];
+    } else if (fs.existsSync(key)) {
+        console.log(`Reading ${key} as file content`);
+        effectiveKey = fs.readFileSync(key, 'utf8');
     }
+    if (key !== effectiveKey && isValidPEM(effectiveKey)) return effectiveKey;
+    console.error(`Invalid PEM string for ${key}`);
     return null;
 };
 
 function isValidPEM(pemString) {
-    const pemRegex = /^-----BEGIN [A-Z\s]+-----\r?\n[\/+=a-zA-Z0-9\r\n]*\r?\n-----END [A-Z\s]+-----\r?\n$/;
+    const pemRegex = /^-----BEGIN ([A-Z0-9 ]+)-----\r?\n([\s\S]+?)\r?\n-----END \1-----\r?\n?$/;
     return pemRegex.test(pemString);
 }