added custom token remote user

Author: Hitansh159

_apidoc.js

@@ -290,7 +290,7 @@
  * @apiError (Error 500) err Error in updating database
  *
  */
- 
+
 /**
  * @api {get} accreditation/list Get Accreditation List
  * @apiName GetAccreditation
@@ -307,4 +307,3 @@
  * @apiSuccess {Date} accreditation.dateofAccreditation Date on which accreditation was issued.
  * @apiSuccess {Date} accreditation.dateofExpiry Date till which accreditation is valid.
  */
-

app.js

@@ -10,19 +10,22 @@ import usersRouter from "#routes/users";
 import authRouter from "#routes/auth";
 import accreditationRouter from "#routes/accreditation";
 import infrastructureRouter from "#routes/infrastructure";
+import { identifyUser } from "#middleware/identifyUser";
 
 const app = express();
 const currDirName = dirname(fileURLToPath(import.meta.url));
 
+morgan.token("remote-user", (req) => req.user);
+app.use(identifyUser);
+app.use(cors());
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+app.use(cookieParser());
 app.use(morgan(
   ":remote-addr - :remote-user \":method :url HTTP/:http-version\" :status \":referrer\" \":user-agent\"",
   { stream: logger.stream },
 ));
 
-app.use(cors());
-app.use(express.json());
-app.use(express.urlencoded({ extended: false }));
-app.use(cookieParser());
 app.use(express.static(path.join(currDirName, "public")));
 
 app.use("/", indexRouter);

middleware/identifyUser.js

@@ -0,0 +1,29 @@
+import jwt from "jsonwebtoken";
+import util, { logger } from "#util";
+
+export async function identifyUser(req, res, next) {
+  const authHeader = req.headers.authorization;
+  const token = authHeader && authHeader.split(" ")[1];
+  if (token === undefined) {
+    req.user = "anonymous";
+    next();
+    return false;
+  }
+  try {
+    const payload = jwt.verify(token, process.env.TOKEN_SECRET);
+    const decryptedIP = util.decrypt(payload.ip);
+    if (decryptedIP !== req.ip) {
+      req.user = "unauthorized";
+      next();
+    }
+    req.user = JSON.stringify(payload.data.uid);
+    req.userData = payload.data;
+    next();
+    return true;
+  } catch (error) {
+    logger.error("Error while finding user ", error);
+    req.user = "unauthorized";
+    next();
+    return false;
+  }
+}

routes/auth.js

@@ -1,10 +1,9 @@
 import express from "express";
 import authController from "#controller/auth";
-import middleware from "#middleware/auth";
 
 const router = express.Router();
 router.post("/", authController.login);
-router.post("/validateUser", middleware.authenticateToken, authController.validateUser);
+router.post("/validateUser", authController.validateUser);
 router.post("/sendOTP", authController.sendOTP);
 router.post("/resetPassword", authController.resetPassword);