JWT token IP restriction

JhumanJ · Jan 9, 2024 · dd83528 · dd83528
1 parent 0809200
commit dd83528
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 1 deletion.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -2,6 +2,7 @@
 
 namespace App\Http;
 
+use App\Http\Middleware\AuthenticateJWT;
 use App\Http\Middleware\CustomDomainRestriction;
 use App\Http\Middleware\EmbeddableForms;
 use App\Http\Middleware\IsAdmin;
@@ -27,6 +28,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\SetLocale::class,
+        AuthenticateJWT::class,
         CustomDomainRestriction::class,
     ];
 

diff --git a/app/Http/Middleware/AuthenticateJWT.php b/app/Http/Middleware/AuthenticateJWT.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Tymon\JWTAuth\Exceptions\JWTException;
+
+class AuthenticateJWT
+{
+
+    /**
+     * Verifies the JWT token and validates the IP and User Agent
+     * Invalidates token otherwise
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        // Parse JWT Payload
+        try {
+            $payload = \JWTAuth::parseToken()->getPayload();
+        } catch (JWTException $e) {
+            return $next($request);
+        }
+
+        // Validate IP and User Agent
+        if ($payload) {
+            $error = null;
+            if (!\Hash::check($request->ip(), $payload->get('ip'))) {
+                $error = 'Origin IP is invalid';
+            }
+
+            if (!\Hash::check($request->userAgent(), $payload->get('ua'))) {
+                $error = 'Origin User Agent is invalid';
+            }
+
+            if ($error) {
+                auth()->invalidate();
+                return response()->json([
+                    'message' => $error
+                ], 403);
+            }
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -194,7 +194,10 @@ public function getJWTIdentifier()
      */
     public function getJWTCustomClaims()
     {
-        return [];
+        return [
+            'ip' => \Hash::make(request()->ip()),
+            'ua' => \Hash::make(request()->userAgent()),
+        ];
     }
 
     public function getIsRiskyAttribute()