-
-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The User IP added to the JWT token's payload. In addition, the IP is … #33
The User IP added to the JWT token's payload. In addition, the IP is … #33
Conversation
…encrypted, so as it go back to user browser it will not be exposes.
if (decryptedIP !== req.ip) { | ||
res.status(403) | ||
res.send({err:"Unauthorized"}); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add user to details to request when IP matches
req.user= payload
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
I see that you make development branch to be base branch. |
# Conflicts: # controller/auth.js # util.js
@TejasNair9977 |
Thanks for Contributing |
@ Hitansh159
The User IP added to the JWT token's payload. In addition, the IP is encrypted, so as it go back to user browser it will not be exposes.
I change 3 files:
In Util - added encryption and decryption functions to encrypt/decrypt IP (can be use for other things then IP too).
And added the encryption function to generateToken function to create encrypted IP, and add the encrypted IP to JWT payload.
Fix typo from genrateToken() {} to gen(e)rateToken() {}.
In controllers/auth.js - add req.ip as generateToken argument.
In middleware/auth.js - I change the JWT verify to be inside try catch and added the logic of the IP decryption, and the compare it with the current req.ip of this req in order to approve that the req came from the token owner and from the same machine.