vanpana
vanpana
PostsComments
CDCloudflare Developers
Created by vanpana on 1/17/2025 in #workers-help
Sharp JS
jSquash didn’t suit our needs, we’ll probably going to use Cloudinary to begin with
5 replies
CDCloudflare Developers
Created by vanpana on 1/17/2025 in #workers-help
Sharp JS
thanks for the reply I see they're mentioning jSquash, i'll maybe give that a try. Do you know if there's any potential drawbacks for the alternative? I would assume the time it takes to run is longer than sharp, but I'll be processing small-ish images anyway, so I wouldn't think it's going to be a big issue
5 replies
CDCloudflare Developers
Created by sanner on 9/2/2024 in #workers-help
knex+workers TypeError
Did you ever find a solution for this?
2 replies
CDCloudflare Developers
Created by vanpana on 12/24/2024 in #workers-help
"crypto" package inconsistencies
// ...
// rest of the middleware

// a custom fetcher is needed since `jsonwebtoken` uses http request underneath
const jwksClientConfig = {
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 10,
  jwksUri: `https://${auth.domain}/.well-known/jwks.json`, // this resolves to the same uri as the express service
  fetcher: async (jwksUri: string) => {
    return fetch(jwksUri).then((res) => res.json());
  },
};

const options: Params = {
  secret: jwksRsa.expressJwtSecret(jwksClientConfig) as GetVerificationKey,
  audience: auth.audience,
  issuer: auth.issuer,
  algorithms: auth.algorithms,
};

const getVerificationKey: GetVerificationKey =
  typeof options.secret === 'function'
    ? options.secret
    : async () => options.secret as jwt.Secret;

// ... other steps such as getting the token from the headers
const decodedToken = jwt.decode(token, { complete: true });
const key = await getVerificationKey(req, decodedToken as jwt.Jwt);
jwt.verify(token, key, options); // There's an error thrown here
// ...
// rest of the middleware

// a custom fetcher is needed since `jsonwebtoken` uses http request underneath
const jwksClientConfig = {
  cache: true,
  rateLimit: true,
  jwksRequestsPerMinute: 10,
  jwksUri: `https://${auth.domain}/.well-known/jwks.json`, // this resolves to the same uri as the express service
  fetcher: async (jwksUri: string) => {
    return fetch(jwksUri).then((res) => res.json());
  },
};

const options: Params = {
  secret: jwksRsa.expressJwtSecret(jwksClientConfig) as GetVerificationKey,
  audience: auth.audience,
  issuer: auth.issuer,
  algorithms: auth.algorithms,
};

const getVerificationKey: GetVerificationKey =
  typeof options.secret === 'function'
    ? options.secret
    : async () => options.secret as jwt.Secret;

// ... other steps such as getting the token from the headers
const decodedToken = jwt.decode(token, { complete: true });
const key = await getVerificationKey(req, decodedToken as jwt.Jwt);
jwt.verify(token, key, options); // There's an error thrown here
The error that is thrown is: 
TypeError: CryptoKey is not extractable
    at genericExport (.../node_modules/jose/dist/browser/runtime/asn1.js:12:15)
    at toSPKI (.../node_modules/jose/dist/browser/runtime/asn1.js:20:12)
TypeError: CryptoKey is not extractable
    at genericExport (.../node_modules/jose/dist/browser/runtime/asn1.js:12:15)
    at toSPKI (.../node_modules/jose/dist/browser/runtime/asn1.js:20:12)
but I believe the original issue comes even before exporting. The jwks-rsa tries to do const key = await jose.importJWK(jwk, resolveAlg(jwk)); and, internally, it gets to return crypto.subtle.importKey('jwk', { ...jwk }, ...rest); I have traced that the difference between the worker implementation and express implementation comes from here, since the data up to this point is completely the same. Am I doing something wrong or is it a difference in the crypto compatibility layer implementation?
4 replies