Giters

auth0 / express-jwt

connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

JWT DECRYPT BEFORE EXPRESS JWT

LostName1 opened this issue · comments

commented

I have my jwt token encrypted so that the users cant access the data on it but I cant manage to decrypt it before express jwt without exposing to the user. My middleware code is the next:

import { expressjwt } from 'express-jwt';
import util from 'util';
import getConfig from 'next/config';

const { serverRuntimeConfig } = getConfig();

export { jwtMiddleware };

function jwtMiddleware(req, res) {
    const middleware = expressjwt({ secret: serverRuntimeConfig.secret, algorithms: ['HS256'] }).unless({
        path: [
            // public routes that don't require authentication
            '/api/users'
        ]
    });

    return util.promisify(middleware)(req, res);
}

The function I need to use to decrypt is this one:

function decrypt(encryptedText, key) {
    const decipher = crypto.createDecipher('aes-256-cbc', key);
    let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
    decrypted += decipher.final('utf8');
    return decrypted;
}

Any help is welcome