Skip to content

Commit

Permalink
wip encrypting jwt value
Browse files Browse the repository at this point in the history
  • Loading branch information
@timothycarambat
timothycarambat committed Aug 14, 2024
1 parent 2695956 commit 87526bf
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 11 deletions.
3 changes: 2 additions & 1 deletion server/endpoints/system.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ const {
generateRecoveryCodes,
} = require("../utils/PasswordRecovery");
const { SlashCommandPresets } = require("../models/slashCommandsPresets");
const { EncryptionManager } = require("../utils/EncryptionManager");

function systemEndpoints(app) {
if (!app) return;
Expand Down Expand Up @@ -236,7 +237,7 @@ function systemEndpoints(app) {
});
response.status(200).json({
valid: true,
token: makeJWT({ p: password }, "30d"),
token: makeJWT({ p: new EncryptionManager().encrypt(password) }, "30d"),
message: null,
});
}
Expand Down
22 changes: 12 additions & 10 deletions server/utils/middleware/validatedRequest.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
const { SystemSettings } = require("../../models/systemSettings");
const { User } = require("../../models/user");
const { EncryptionManager } = require("../EncryptionManager");
const { decodeJWT } = require("../http");
const EncryptionMgr = new EncryptionManager();

async function validatedRequest(request, response, next) {
const multiUserMode = await SystemSettings.isMultiUserMode();
Expand All @@ -10,14 +12,14 @@ async function validatedRequest(request, response, next) {

// When in development passthrough auth token for ease of development.
// Or if the user simply did not set an Auth token or JWT Secret
if (
process.env.NODE_ENV === "development" ||
!process.env.AUTH_TOKEN ||
!process.env.JWT_SECRET
) {
next();
return;
}
// if (
// process.env.NODE_ENV === "development" ||
// !process.env.AUTH_TOKEN ||
// !process.env.JWT_SECRET
// ) {
// next();
// return;
// }

if (!process.env.AUTH_TOKEN) {
response.status(401).json({
Expand All @@ -39,14 +41,14 @@ async function validatedRequest(request, response, next) {
const bcrypt = require("bcrypt");
const { p } = decodeJWT(token);

if (p === null) {
if (p === null || !/\w{32}:\w{32}/.test(p)) {
response.status(401).json({
error: "Token expired or failed validation.",
});
return;
}

if (!bcrypt.compareSync(p, bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {
if (!bcrypt.compareSync(EncryptionMgr.decrypt(p), bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {
response.status(401).json({
error: "Invalid auth credentials.",
});
Expand Down

0 comments on commit 87526bf

Please sign in to comment.