Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: saved user IP and added a check to verify it #1162

Closed
wants to merge 2 commits into from
Closed

feat: saved user IP and added a check to verify it #1162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8a72ad1
feat: saved user IP and added a check to verify it
ItsFlash10 Sep 8, 2024
938fad0
moved the ip check to the user route
ItsFlash10 Sep 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions prisma/migrations/20240907181905_add_ip/migration.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
-- AlterTable
ALTER TABLE "User" ADD COLUMN "ip" TEXT;
2 changes: 1 addition & 1 deletion prisma/schema.prisma
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ model User {
upiIds UpiId[] @relation("UserUpiIds")
solanaAddresses SolanaAddress[] @relation("UserSolanaAddresses")
githubUser GitHubLink? @relation("UserGithub")
ip String?
}

model GitHubLink {
Expand Down Expand Up @@ -343,4 +344,3 @@ enum MigrationStatus {
MIGRATED
MIGRATION_ERROR
}

9 changes: 8 additions & 1 deletion src/app/api/user/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,21 @@ import db from '@/db';
export async function GET(req: NextRequest) {
const url = new URL(req.url);
const token = url.searchParams.get('token');
if (!token) {
const ip = url.searchParams.get('ip');

if (!token || !ip) {
return NextResponse.redirect(new URL('/invalidsession', req.url));
}
const user = await db.user.findFirst({
where: {
token,
},
});

if (!user || user.ip !== ip) {
return NextResponse.redirect(new URL('/invalidsession', req.url));
}

return NextResponse.json({
user,
});
Expand Down
10 changes: 9 additions & 1 deletion src/lib/auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,11 @@ export const authOptions = {
username: { label: 'email', type: 'text', placeholder: '' },
password: { label: 'password', type: 'password', placeholder: '' },
},
async authorize(credentials: any) {

async authorize(credentials: any, req: any) {
const userIp =
req.headers['x-forwarded-for'] || req.socket.remoteAddress;

try {
if (process.env.LOCAL_CMS_PROVIDER) {
return {
Expand Down Expand Up @@ -152,6 +156,7 @@ export const authOptions = {
},
data: {
token: jwt,
ip: userIp,
},
});

Expand All @@ -160,6 +165,7 @@ export const authOptions = {
name: userDb.name,
email: credentials.username,
token: jwt,
ip: userIp,
};
}
console.log('not in db');
Expand Down Expand Up @@ -191,6 +197,7 @@ export const authOptions = {
email: credentials.username,
token: jwt,
password: hashedPassword,
ip: userIp,
},
});
} catch (e) {
Expand All @@ -202,6 +209,7 @@ export const authOptions = {
name: user.data.name,
email: credentials.username,
token: jwt,
ip: userIp,
};
}

Expand Down
7 changes: 6 additions & 1 deletion src/middleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,16 @@ export const config = {
export default withAuth(async (req) => {
if (process.env.LOCAL_CMS_PROVIDER) return;
const token = req.nextauth.token;
const userIp =
req.headers.get('x-forwarded-for') ||
req.ip ||
req.headers.get('x-real-ip');

if (!token) {
return NextResponse.redirect(new URL('/invalidsession', req.url));
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this endpoint itself, send the ip and do the check there
Dont do it saparately below

Or

move all the logic for token check here as well

Dont have two saparate places for doing the check

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hkirat done

const user = await fetch(
`${process.env.NEXT_PUBLIC_BASE_URL_LOCAL}/api/user?token=${token.jwtToken}`,
`${process.env.NEXT_PUBLIC_BASE_URL_LOCAL}/api/user?token=${token.jwtToken}?ip=${userIp}`,
);

const json = await user.json();
Expand Down
Loading