From 8333a0be898a6202315e2a053ae67029fbb4b11e Mon Sep 17 00:00:00 2001
From: Miroslav Pejic <miroslav.pejic.85@gmail.com>
Date: Sat, 23 Mar 2024 17:55:31 +0100
Subject: [PATCH] [mirotalksfu] - fix jwt

---
 app/src/Server.js | 40 ++++++++++++++++++++++++++++++----------
 package.json      |  6 +++---
 public/js/Room.js |  2 +-
 3 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/app/src/Server.js b/app/src/Server.js
index 01ab7a7d..1a2f7aac 100644
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -41,7 +41,7 @@ dependencies: {
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.4.0
+ * @version 1.4.1
  *
  */
 
@@ -349,7 +349,7 @@ function startServer() {
 
             if (token) {
                 try {
-                    const { username, password, presenter } = checkXSS(decryptPayload(token));
+                    const { username, password, presenter } = checkXSS(decodeToken(token));
                     peerUsername = username;
                     peerPassword = password;
                     isPeerValid = await isAuthPeer(username, password);
@@ -462,9 +462,7 @@ function startServer() {
                 authorized: authHost.isAuthorizedIP(ip),
                 authorizedIps: authHost.getAuthorizedIPs(),
             });
-            const token = jwt.sign({ username: username, password: password, presenter: true }, jwtCfg.JWT_KEY, {
-                expiresIn: jwtCfg.JWT_EXP,
-            });
+            const token = encodeToken({ username: username, password: password, presenter: true });
             return res.status(200).json({ message: token });
         }
 
@@ -472,9 +470,7 @@ function startServer() {
             log.debug('PEER LOGIN OK', { ip: ip, authorized: true });
             const isPresenter =
                 config.presenters && config.presenters.list && config.presenters.list.includes(username).toString();
-            const token = jwt.sign({ username: username, password: password, presenter: isPresenter }, jwtCfg.JWT_KEY, {
-                expiresIn: jwtCfg.JWT_EXP,
-            });
+            const token = encodeToken({ username: username, password: password, presenter: isPresenter });
             return res.status(200).json({ message: token });
         } else {
             return res.status(401).json({ message: 'unauthorized' });
@@ -893,7 +889,7 @@ function startServer() {
                 // Check JWT
                 if (peer_token) {
                     try {
-                        const { username, password, presenter } = checkXSS(decryptPayload(peer_token));
+                        const { username, password, presenter } = checkXSS(decodeToken(peer_token));
 
                         const isPeerValid = await isAuthPeer(username, password);
 
@@ -1912,7 +1908,31 @@ function startServer() {
         }
     }
 
-    function decryptPayload(jwtToken) {
+    function encodeToken(token) {
+        if (!token) return '';
+
+        const { username = 'username', password = 'password', presenter = false, expire } = token;
+
+        const expireValue = expire || jwtCfg.JWT_EXP;
+
+        // Constructing payload
+        const payload = {
+            username: String(username),
+            password: String(password),
+            presenter: String(presenter),
+        };
+
+        // Encrypt payload using AES encryption
+        const payloadString = JSON.stringify(payload);
+        const encryptedPayload = CryptoJS.AES.encrypt(payloadString, jwtCfg.JWT_KEY).toString();
+
+        // Constructing JWT token
+        const jwtToken = jwt.sign({ data: encryptedPayload }, jwtCfg.JWT_KEY, { expiresIn: expireValue });
+
+        return jwtToken;
+    }
+
+    function decodeToken(jwtToken) {
         if (!jwtToken) return null;
 
         // Verify and decode the JWT token
diff --git a/package.json b/package.json
index f5ec42c2..693c5ea1 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "mirotalksfu",
-    "version": "1.4.0",
+    "version": "1.4.1",
     "description": "WebRTC SFU browser-based video calls",
     "main": "Server.js",
     "scripts": {
@@ -38,8 +38,8 @@
     "author": "Miroslav Pejic",
     "license": "AGPL-3.0",
     "dependencies": {
-        "@sentry/integrations": "7.107.0",
-        "@sentry/node": "7.107.0",
+        "@sentry/integrations": "7.108.0",
+        "@sentry/node": "7.108.0",
         "axios": "^1.6.8",
         "body-parser": "1.20.2",
         "colors": "1.4.0",
diff --git a/public/js/Room.js b/public/js/Room.js
index 89686cea..d8b68cd2 100644
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.4.0
+ * @version 1.4.1
  *
  */