Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT DECRYPT BEFORE EXPRESS JWT #332

Open
LostName1 opened this issue Aug 26, 2023 · 0 comments
Open

JWT DECRYPT BEFORE EXPRESS JWT #332

LostName1 opened this issue Aug 26, 2023 · 0 comments

Comments

@LostName1
Copy link

LostName1 commented Aug 26, 2023

I have my jwt token encrypted so that the users cant access the data on it but I cant manage to decrypt it before express jwt without exposing to the user. My middleware code is the next:

import { expressjwt } from 'express-jwt';
import util from 'util';
import getConfig from 'next/config';

const { serverRuntimeConfig } = getConfig();

export { jwtMiddleware };

function jwtMiddleware(req, res) {
    const middleware = expressjwt({ secret: serverRuntimeConfig.secret, algorithms: ['HS256'] }).unless({
        path: [
            // public routes that don't require authentication
            '/api/users'
        ]
    });

    return util.promisify(middleware)(req, res);
}

The function I need to use to decrypt is this one:

function decrypt(encryptedText, key) {
    const decipher = crypto.createDecipher('aes-256-cbc', key);
    let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
    decrypted += decipher.final('utf8');
    return decrypted;
}

Any help is welcome

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant