Merge pull request #33 from dz-ai/jwt_binding_with_machine

Hitansh159 · web-flow · commit e41936f57f0d · 2023-06-11T23:49:35.000+05:30
The User IP added to the JWT token's payload. In addition, the IP is …
diff --git a/controller/auth.js b/controller/auth.js
@@ -1,4 +1,4 @@
-const { genrateToken, sendOTP } = require('../util');
+const { generateToken, sendOTP } = require('../util');
 const user = require('../models/user');
 
 otpStore = {}
@@ -13,7 +13,7 @@ exports.login = async function(req, res, next) {
 		"emailId":userValidated.emailId,
 		"type": userValidated.userType,
 		}
-		let token = genrateToken(userDetails);
+		let token = generateToken(userDetails, req.ip);
 		userDetails["token"] = token;
 		res.send({res:"welcome", user:userDetails})
 	}
@@ -36,7 +36,7 @@ exports.sendOTP = async function(req, res, next){
   	sendOTP(emailId, otp);
   	res.send({res:"otp sent to emailID"})
   }
-  else{  
+  else{
     res.send({err:"incorrect UID or emailId"})
   }
 }
diff --git a/middleware/auth.js b/middleware/auth.js
@@ -1,17 +1,25 @@
 const jwt = require('jsonwebtoken');
+const { decrypt } = require('../util')
 
 function authenticateToken(req, res, next) {
   const authHeader = req.headers['authorization'];
   const token = authHeader && authHeader.split(' ')[1];
   if (token == null) return res.sendStatus(401);
-  jwt.verify(token, process.env.TOKEN_SECRET, (err, user) => {
 
-    if (err) return res.sendStatus(403);
-
-    req.user = user;
+  try {
+    const payload = jwt.verify(token, process.env.TOKEN_SECRET);
+    const decryptedIP = decrypt(payload.ip);
+    if (decryptedIP !== req.ip) {
+      res.status(403)
+      res.send({err:"Unauthorized"});
+    }
 
+    req.user = payload.data;
     next();
-  })
+  } catch (error) {
+    res.status(403)
+    res.send({err:"Unauthorized"});
+  }
 }
 
 module.exports = authenticateToken;
diff --git a/util.js b/util.js
@@ -1,5 +1,6 @@
 const jwt = require("jsonwebtoken");
 const nodemailer = require("nodemailer");
+const crypto = require("crypto");
 require("dotenv").config()
 
 const transporter = nodemailer.createTransport({
@@ -11,9 +12,28 @@ const transporter = nodemailer.createTransport({
     },
   });
 
-exports.genrateToken = (data)=>{
-    return jwt.sign(data, process.env.TOKEN_SECRET);
-} 
+const key = crypto.randomBytes(32);
+const iv = crypto.randomBytes(16);
+const algorithm = 'aes-256-cbc';
+
+exports.generateToken = (data, IP)=>{
+    const encryptedIP = this.encrypt(IP);
+    return jwt.sign({data: data, ip: encryptedIP}, process.env.TOKEN_SECRET);
+}
+
+exports.encrypt = (IP) => {
+    const cipher = crypto.createCipheriv(algorithm, key, iv);
+    let encrypted = cipher.update(IP, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    return encrypted;
+}
+
+exports.decrypt = (IP) => {
+    const decipher = crypto.createDecipheriv(algorithm, key, iv);
+    let decrypted = decipher.update(IP, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
 
 exports.sendOTP = async (to, otp)=>{
 	let info = await transporter.sendMail({

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-const { genrateToken, sendOTP } = require('../util');`
	`1`	`+const { generateToken, sendOTP } = require('../util');`
`2`	`2`	`const user = require('../models/user');`
`3`	`3`
`4`	`4`	`otpStore = {}`
`@@ -13,7 +13,7 @@ exports.login = async function(req, res, next) {`
`13`	`13`	`"emailId":userValidated.emailId,`
`14`	`14`	`"type": userValidated.userType,`
`15`	`15`	`}`
`16`		`- let token = genrateToken(userDetails);`
	`16`	`+ let token = generateToken(userDetails, req.ip);`
`17`	`17`	`userDetails["token"] = token;`
`18`	`18`	`res.send({res:"welcome", user:userDetails})`
`19`	`19`	`}`
`@@ -36,7 +36,7 @@ exports.sendOTP = async function(req, res, next){`
`36`	`36`	`sendOTP(emailId, otp);`
`37`	`37`	`res.send({res:"otp sent to emailID"})`
`38`	`38`	`}`
`39`		`- else{`
	`39`	`+ else{`
`40`	`40`	`res.send({err:"incorrect UID or emailId"})`
`41`	`41`	`}`
`42`	`42`	`}`