JWT DECRYPT BEFORE EXPRESS JWT #332
Description
I have my jwt token encrypted so that the users cant access the data on it but I cant manage to decrypt it before express jwt without exposing to the user. My middleware code is the next:
import { expressjwt } from 'express-jwt';
import util from 'util';
import getConfig from 'next/config';
const { serverRuntimeConfig } = getConfig();
export { jwtMiddleware };
function jwtMiddleware(req, res) {
const middleware = expressjwt({ secret: serverRuntimeConfig.secret, algorithms: ['HS256'] }).unless({
path: [
// public routes that don't require authentication
'/api/users'
]
});
return util.promisify(middleware)(req, res);
}
The function I need to use to decrypt is this one:
function decrypt(encryptedText, key) {
const decipher = crypto.createDecipher('aes-256-cbc', key);
let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
Any help is welcome