Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The User IP added to the JWT token's payload. In addition, the IP is … #33

Merged
merged 4 commits into from
Jun 11, 2023
Merged

The User IP added to the JWT token's payload. In addition, the IP is … #33

merged 4 commits into from
Jun 11, 2023

Conversation

dz-ai
Copy link
Contributor

@dz-ai dz-ai commented Apr 21, 2023
edited
Loading

@ Hitansh159
The User IP added to the JWT token's payload. In addition, the IP is encrypted, so as it go back to user browser it will not be exposes.

I change 3 files:
In Util - added encryption and decryption functions to encrypt/decrypt IP (can be use for other things then IP too).
And added the encryption function to generateToken function to create encrypted IP, and add the encrypted IP to JWT payload.
Fix typo from genrateToken() {} to gen(e)rateToken() {}.

In controllers/auth.js - add req.ip as generateToken argument.

In middleware/auth.js - I change the JWT verify to be inside try catch and added the logic of the IP decryption, and the compare it with the current req.ip of this req in order to approve that the req came from the token owner and from the same machine.

Hitansh159
Hitansh159 approved these changes Apr 21, 2023
View reviewed changes
middleware/auth.js
if (decryptedIP !== req.ip) {
res.status(403)
res.send({err:"Unauthorized"});
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add user to details to request when IP matches
req.user= payload

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@Hitansh159 Hitansh159 changed the base branch from main to development April 21, 2023 18:55
@dz-ai
Copy link
Contributor Author

dz-ai commented Apr 22, 2023
edited
Loading

I see that you make development branch to be base branch.
should I pull now changes from this branch? (in order to Resolve the conflict).

@dz-ai
Merge branch 'main' into jwt_binding_with_machine
ec6ac82 
# Conflicts:
#	controller/auth.js
#	util.js
@dz-ai
Copy link
Contributor Author

dz-ai commented Apr 27, 2023

@TejasNair9977
@Shivam-53
Conflict Resolve

@Hitansh159 Hitansh159 merged commit e41936f into tcet-opensource:development Jun 11, 2023
@Hitansh159
Copy link
Contributor

Thanks for Contributing
we had some blockers past some time. Blockers are removed so if you wish you can continue contributing to future issues.

@Hitansh159 Hitansh159 mentioned this pull request Jun 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hitansh159 Hitansh159 Hitansh159 approved these changes

@TejasNair9977 TejasNair9977 Awaiting requested review from TejasNair9977

@Shivam-53 Shivam-53 Awaiting requested review from Shivam-53

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dz-ai @Hitansh159