refactor: interface JWTData (#964)

src/controllers/AccountController.ts

@@ -14,6 +14,7 @@ import {
 } from '../errors/errors'
 import { tokenMatch } from '../helpers/token'
 import { uuid4 } from '../helpers/uuid'
+import { isJWTData, JWTData } from '../interfaces/JWTData'
 import { Network } from '../interfaces/Network'
 import { Account } from '../models/Account'
 import { processPassword, passwordMatches } from '../utils/Password'
@@ -84,9 +85,7 @@ export const AccountController = ({
 }: Arguments): AccountController => {
   const authorizeRequest = async (token: string) => {
     try {
-      const decoded = verify(token.replace('TEST_', ''), configuration.jwtSecret)
-      const { client_token, email } = decoded as any
-
+      const { client_token, email } = decodeJWT(token)
       const tokenData = await Vault.verifyToken(client_token)
       const account = await findByEmail(email)
       return { jwt: configuration.jwtSecret, tokenData, account }
@@ -273,6 +272,17 @@ export const AccountController = ({
     return sign({ email, client_token, network }, configuration.jwtSecret)
   }
 
+  const decodeJWT = (token: string): JWTData => {
+    const decoded: unknown = verify(token.replace('TEST_', ''), configuration.jwtSecret)
+
+    if (!isJWTData(decoded)) {
+      logger.error({ decoded }, 'Unrecognized JWT')
+      throw new Error(`Unrecognized JWT`)
+    }
+
+    return decoded
+  }
+
   const poeAddressChallenge = async (issuer: string) => {
     const { email } = await accountDao.findOne({ issuer })
     const poeAddressMessage = `Proof of POE ${email} ${new Date().toISOString()}`

src/interfaces/JWTData.ts

@@ -0,0 +1,11 @@
+import { Network } from './Network'
+
+export interface JWTData {
+  readonly iat: number
+  readonly client_token: string
+  readonly email: string
+  readonly network?: Network
+}
+
+export const isJWTData = (a: any): a is JWTData =>
+  typeof a === 'object' && typeof(a.client_token) === 'string' || typeof(a.email) === 'string'