[mirotalksfu] - fix jwt
هذا الالتزام موجود في:
Miroslav Pejic
@@ -41,7 +41,7 @@ dependencies: {
|
||||
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||
* @version 1.3.96
|
||||
* @version 1.3.97
|
||||
*
|
||||
*/
|
||||
|
||||
@@ -339,7 +339,7 @@ function startServer() {
|
||||
|
||||
if (token) {
|
||||
try {
|
||||
const { username, password, presenter } = checkXSS(jwt.verify(token, jwtCfg.JWT_KEY));
|
||||
const { username, password, presenter } = checkXSS(decryptPayload(token));
|
||||
peerUsername = username;
|
||||
peerPassword = password;
|
||||
isPeerValid = await isAuthPeer(username, password);
|
||||
@@ -883,7 +883,7 @@ function startServer() {
|
||||
// Check JWT
|
||||
if (peer_token) {
|
||||
try {
|
||||
const { username, password, presenter } = checkXSS(jwt.verify(peer_token, jwtCfg.JWT_KEY));
|
||||
const { username, password, presenter } = checkXSS(decryptPayload(peer_token));
|
||||
|
||||
const isPeerValid = await isAuthPeer(username, password);
|
||||
|
||||
@@ -1901,6 +1901,24 @@ function startServer() {
|
||||
}
|
||||
}
|
||||
|
||||
function decryptPayload(jwtToken) {
|
||||
if (!jwtToken) return null;
|
||||
|
||||
// Verify and decode the JWT token
|
||||
const decodedToken = jwt.verify(jwtToken, jwtCfg.JWT_KEY);
|
||||
if (!decodedToken || !decodedToken.data) {
|
||||
throw new Error('Invalid token');
|
||||
}
|
||||
|
||||
// Decrypt the payload using AES decryption
|
||||
const decryptedPayload = CryptoJS.AES.decrypt(decodedToken.data, jwtCfg.JWT_KEY).toString(CryptoJS.enc.Utf8);
|
||||
|
||||
// Parse the decrypted payload as JSON
|
||||
const payload = JSON.parse(decryptedPayload);
|
||||
|
||||
return payload;
|
||||
}
|
||||
|
||||
function getActiveRooms() {
|
||||
const roomIds = Array.from(roomList.keys());
|
||||
const roomPeersArray = roomIds.map((roomId) => {
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
'use strict';
|
||||
|
||||
const jwt = require('jsonwebtoken');
|
||||
const CryptoJS = require('crypto-js');
|
||||
|
||||
const config = require('./config');
|
||||
const { v4: uuidV4 } = require('uuid');
|
||||
|
||||
@@ -96,13 +98,19 @@ module.exports = class ServerApi {
|
||||
|
||||
const expireValue = expire || JWT_EXP;
|
||||
|
||||
// Constructing payload
|
||||
const payload = {
|
||||
username: String(username),
|
||||
password: String(password),
|
||||
presenter: String(presenter),
|
||||
};
|
||||
|
||||
const jwtToken = jwt.sign(payload, JWT_KEY, { expiresIn: expireValue });
|
||||
// Encrypt payload using AES encryption
|
||||
const payloadString = JSON.stringify(payload);
|
||||
const encryptedPayload = CryptoJS.AES.encrypt(payloadString, JWT_KEY).toString();
|
||||
|
||||
// Constructing JWT token
|
||||
const jwtToken = jwt.sign({ data: encryptedPayload }, JWT_KEY, { expiresIn: expireValue });
|
||||
|
||||
return jwtToken;
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "mirotalksfu",
|
||||
"version": "1.3.96",
|
||||
"version": "1.3.97",
|
||||
"description": "WebRTC SFU browser-based video calls",
|
||||
"main": "Server.js",
|
||||
"scripts": {
|
||||
|
||||
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
|
||||
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
|
||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
|
||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||
* @version 1.3.96
|
||||
* @version 1.3.97
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم