Updated: Secure localStorage with cryptojs

fhmiibrhimdev · fhmiibrhimdev · commit 0c872442008a · 2023-04-23T20:52:22.000+07:00
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
diff --git a/frontend/package.json b/frontend/package.json
@@ -10,6 +10,7 @@
     },
     "dependencies": {
         "axios": "^1.3.5",
+        "crypto-js": "^4.1.1",
         "lodash": "^4.17.21",
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
diff --git a/frontend/src/components/Footer.jsx b/frontend/src/components/Footer.jsx
@@ -8,7 +8,7 @@ export default function Footer() {
                 By
                 <a href="https://github.com/fhmiibrhimdev"> Fahmi Ibrahim</a>
             </div>
-            <div className="footer-right">0.1.7</div>
+            <div className="footer-right">0.1.8</div>
         </footer>
     );
 }
diff --git a/frontend/src/components/Navigation.jsx b/frontend/src/components/Navigation.jsx
@@ -42,18 +42,18 @@ export default function Navigation() {
                 handleClickOutsideDropdown
             );
         };
-    }, []);
+    }, [navigate]);
 
     const fetchData = async () => {
         axios.defaults.headers.common["Authorization"] = `Bearer ${token}`;
-        await axios.get(`${appConfig.baseURL}/user`).then((response) => {
+        await axios.get(`${appConfig.baseurlAPI}/user`).then((response) => {
             setUser(response.data);
         });
     };
 
     const logoutHandler = async () => {
         axios.defaults.headers.common["Authorization"] = `Bearer ${token}`;
-        await axios.post(`${appConfig.baseURL}/logout`).then(() => {
+        await axios.post(`${appConfig.baseurlAPI}/logout`).then(() => {
             localStorage.removeItem("token");
             navigate("/");
         });
diff --git a/frontend/src/config/appConfig.js b/frontend/src/config/appConfig.js
@@ -1,6 +1,6 @@
 const appConfig = {
     debounceTimeout: 750,
-    expirationTime: 60 * 60 * 1000,
+    expirationTime: 60 * 60 * 1000, // set 1 hours
     baseURL: "http://127.0.0.1:8000",
     baseurlAPI: "http://127.0.0.1:8000/api",
 };
diff --git a/frontend/src/pages/Auth/Session.js b/frontend/src/pages/Auth/Session.js
@@ -1,24 +1,43 @@
 import appConfig from "../../config/appConfig";
+import CryptoJS from "crypto-js";
 
 export function setTokenWithExpiration(key, token) {
     const now = new Date();
     const expirationTime = now.getTime() + appConfig.expirationTime;
-    const item = token + "|" + expirationTime;
+
+    const keyStr = "sangat-aman-12345";
+    const iv = CryptoJS.lib.WordArray.random(16);
+    const encryptedToken = CryptoJS.AES.encrypt(token, keyStr, {
+        iv: iv,
+    }).toString();
+
+    const item = encryptedToken + "|" + expirationTime + "|" + iv.toString();
     localStorage.setItem(key, item);
 }
 
 export function getTokenWithExpiration(key) {
     const item = localStorage.getItem(key);
+
     if (!item) {
         return null;
     }
-    const [token, expirationTime] = item.split("|");
-    const now = new Date();
-    if (now.getTime() > expirationTime) {
+
+    const parts = item.split("|");
+    const encryptedToken = parts[0];
+    const expirationTime = parts[1];
+    const iv = parts[2];
+
+    const keyStr = "sangat-aman-12345";
+    const decryptedToken = CryptoJS.AES.decrypt(encryptedToken, keyStr, {
+        iv: CryptoJS.enc.Hex.parse(iv),
+    }).toString(CryptoJS.enc.Utf8);
+
+    if (parseInt(expirationTime) < new Date().getTime()) {
         localStorage.removeItem(key);
         return null;
     }
-    return token;
+
+    return decryptedToken;
 }
 
 export function getTokenExpirationTime(key) {

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ export default function Footer() {`
`8`	`8`	`By`
`9`	`9`	`<a href="https://github.com/fhmiibrhimdev"> Fahmi Ibrahim</a>`
`10`	`10`	`</div>`
`11`		`- <div className="footer-right">0.1.7</div>`
	`11`	`+ <div className="footer-right">0.1.8</div>`
`12`	`12`	`</footer>`
`13`	`13`	`);`
`14`	`14`	`}`