Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
io.on("connection", async function(socket) {
const cookies = cookiestring2object(socket.handshake.headers.cookie);
const token = cookies.jwt;
let user;
try {
user = await JWT.verifyAsync(token, jwtSecret, opts);
} catch (e) {
// ignore random connections or invalid JWTs
console.error(e);
return;
}
const vehicleOrgs = {};
if (user.isAdmin !== true) {
const allVehicles = await getVehicles(user.orgid);
allVehicles.forEach(function(item) {
vehicleOrgs[item.id] = item.orgid;
});
}
const listeners = {};
for (let table of tables) {
.then( _session => {
if ( _session !== null ) {
// Checking session
user.session.secret = _session.secret || null;
user.session.iv = _session.iv || null;
user.session.guid = _session.guid || null;
user.session.revoked = _session.revoked || false;
if (user.session.secret === null || user.session.iv === null) {
return callback(false);
}
// Check refresh token
return JWT.verifyAsync(user.session.refreshToken, config.server.auth.secret)
.then( decoded => {
const encryptedObject = {
key: user.session.secret,
iv: user.session.iv,
data: decoded
};
return decrypt(encryptedObject, null, data => {
try {
JSON.parse(data);
} catch (e) {
console.error('ERROR parsing decrypted object: ', e);
return callback(false);
}
const token = JSON.parse(data);
const decryptedToken = {
userId: token.id,
export async function getUserByToken(token) {
let userId;
let hasFullAccess = false;
try {
// It can be an old JWT token...
const decrypted = await jwt.verifyAsync(token, config.secret);
userId = decrypted.userId; // eslint-disable-line prefer-destructuring
hasFullAccess = true;
} catch (e) {
// ...or it can be a new DB-stored access token with limited permissions
userId = await dbAdapter.getUserIdByAccessToken(token);
}
if (!userId) {
return null;
}
const user = await dbAdapter.getUserById(userId);
user.hasFullAccess = hasFullAccess;
return user;
}
export async function tokenFromJWT(
jwtToken,
{ // Extract from ctx data
headers = {},
remoteIP = '0.0.0.0',
route = '',
},
) {
authDebug('got JWT token', jwtToken);
let decoded = null;
try {
decoded = await jwt.verifyAsync(jwtToken, config.secret);
} catch (e) {
authDebug(`invalid JWT: ${e.message}`);
throw new NotAuthorizedException(`invalid token: bad JWT`);
}
// Session token v0 (legacy)
if (!decoded.type && decoded.userId) {
const token = new SessionTokenV0(decoded.userId);
const user = await dbAdapter.getUserById(token.userId);
if (!user || !user.isActive) {
authDebug(`user ${token.userId} is not exists or is not active`);
throw new NotAuthorizedException(`user ${token.userId} is not exists or is not active`);
}
authDebug(`authenticated as ${user.username} with ${token.constructor.name} token`);
it('should make a valid JWT', async () => {
const jToken = token.tokenString();
const decoded = await jwt.verifyAsync(jToken, config.secret);
expect(decoded, 'to satisfy', {
type: AppTokenV1.TYPE,
userId: luna.id,
});
expect(decoded.userId, 'to be', luna.id);
});