Merge branch 'development' of https://github.com/tcet-opensource/erp-backend into HitanshTesting

Hitansh159 · Hitansh159 · commit cda71664223b · 2023-06-12T00:27:45.000+05:30
diff --git a/controller/auth.js b/controller/auth.js
@@ -13,7 +13,7 @@ async function login(req, res) {
       emailId: userValidated.emailId,
       type: userValidated.userType,
     };
-    const token = util.genrateToken(userDetails);
+    const token = util.generateToken(userDetails, req.ip);
     userDetails.token = token;
     res.json({ res: "welcome", user: userDetails });
   } catch (error) {
diff --git a/middleware/auth.js b/middleware/auth.js
@@ -1,16 +1,24 @@
 import jwt from "jsonwebtoken";
+import util, {logger} from "#util";
 
 async function authenticateToken(req, res, next) {
   const authHeader = req.headers.authorization;
   const token = authHeader && authHeader.split(" ")[1];
   if (token == null) return res.sendStatus(401);
-  const user = await jwt.verify(token, process.env.TOKEN_SECRET, (err, tokenData) => {
-    if (err) return res.sendStatus(403);
-    return tokenData;
-  });
-  req.user = user;
-  next();
-  return false;
+  try {
+    const payload = jwt.verify(token, process.env.TOKEN_SECRET);
+    const decryptedIP = util.decrypt(payload.ip);
+    if (decryptedIP !== req.ip) {
+      res.status(403)
+      res.send({err:"Unauthorized"});
+    }
+
+    req.user = payload.data;
+    next();
+  } catch (error) {
+    res.status(403)
+    res.send({err:"Unauthorized"});
+  }
 }
 
 export default { authenticateToken };
diff --git a/util.js b/util.js
@@ -1,7 +1,7 @@
 import jwt from "jsonwebtoken";
 import nodemailer from "nodemailer";
 import { logLevel } from "#constant";
-
+import crypto from "crypto"
 import "winston-daily-rotate-file";
 import winston from "winston";
 import dotenv from "dotenv";
@@ -21,7 +21,28 @@ const transporter = nodemailer.createTransport({
   },
 });
 
-const genrateToken = (data) => jwt.sign(data, process.env.TOKEN_SECRET);
+const key = crypto.randomBytes(32);
+const iv = crypto.randomBytes(16);
+const algorithm = 'aes-256-cbc';
+
+const encrypt = (IP) => {
+    const cipher = crypto.createCipheriv(algorithm, key, iv);
+    let encrypted = cipher.update(IP, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    return encrypted;
+}
+
+const decrypt = (IP) => {
+    const decipher = crypto.createDecipheriv(algorithm, key, iv);
+    let decrypted = decipher.update(IP, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
+
+const generateToken = (data, IP)=>{
+  const encryptedIP = encrypt(IP);
+  return jwt.sign({data: data, ip: encryptedIP}, process.env.TOKEN_SECRET);
+}
 
 const sendOTP = async (to, otp) => {
   await transporter.sendMail({
@@ -102,5 +123,5 @@ logger.stream = {
 };
 
 export default {
-  genrateToken, sendOTP, asyncPlaceholders, logger,
+  generateToken, encrypt, decrypt, sendOTP, asyncPlaceholders, logger
 };
