Every line of 'jwt secret key' code snippets is scanned for vulnerabilities by our powerful machine learning engine that combs millions of open source libraries, ensuring your JavaScript code is secure.
63 getJwtSecret(): string { 64 return this.envConfig.JWT_SECRET; 65 }
102 get tokenSecret() { 103 return this._secret; 104 }
19 async function verifyAuthJWT(token, id, password) { 20 const SECRET_TOKEN = await getSecretToken(); 21 try { 22 let { userId, hashedPassword } = jwt.verify(token, String(SECRET_TOKEN[0])); 23 if (String(userId) === String(id) && hashedPassword == password) { 24 return true; 25 } 26 } catch (err) { 27 console.log("Token was updated"); 28 } 29 try { 30 let { userId, hashedPassword } = jwt.verify(token, String(SECRET_TOKEN[1])); 31 if (String(userId) === String(id) && hashedPassword == password) { 32 return true; 33 } 34 } catch (err) { 35 return false; 36 } 37 return false; 38 }
62 public get secret(): string { 63 return this._secret 64 }
494 export async function getSecretByToken(token) { 495 const jti = getJTIFromToken(token); 496 if (!jti) { 497 throw new Error("invalid token"); 498 } 499 const secret = await getSecretByJTI(jti); 500 if (!secret) { 501 throw new Error("jwt secret is not exists"); 502 } else { 503 return secret; 504 } 505 }
6 static generateToken(user: IUser, isMediaToken: boolean = false) { 7 const data: any = {_id: user._id.toString()}; 8 if (isMediaToken) { 9 // This isMediaToken property signifies that the token is only meant for media access, i.e. for images, videos, PDFs and so on. 10 // In the rest of the codebase (API back-end & App front-end) the special token with this property is called the mediaToken. 11 // It is explicitly NOT valid for any regular user operations, like viewing pages (that require the user to be logged-in). 12 // Thus, in combination with randomized unguessable filenames, URLs that have a mediaToken attached are technically sharable. 13 // Since the token will also expire eventually, any accidental leak of an URL with mediaToken should be contained automatically. 14 // (Unless the affected files are replicated and distributed by other means prior to the expiration of course.) 15 data.isMediaToken = true; 16 } 17 return sign( 18 data, 19 config.secret, 20 { 21 expiresIn: 10080 // in seconds 22 } 23 ); 24 }
54 public get token() { 55 return jwt.sign({ 56 id: this.id, 57 role: this.role 58 }, process.env.JWT_KEY); 59 }
124 private setToken(jwt: string) { 125 this.setItem('jwt', jwt) 126 }
61 async function decryptAuthJWT(token) { 62 const SECRET_TOKEN = await getSecretToken(); 63 try { 64 const { userId } = jwt.verify(token, String(SECRET_TOKEN[0])); 65 return userId; 66 } catch (err) { 67 if (SECRET_TOKEN.length > 1) { 68 try { 69 const SECRET_TOKEN = await getSecretToken(); 70 const { userId } = jwt.verify(token, String(SECRET_TOKEN[1])); 71 return userId; 72 } catch (err) { 73 return null; 74 } 75 } 76 return null; 77 } 78 }