Fix JWT signature verification vulnerability (GHSA-223g-f5mq-gw33)

- Enable proper JWT signature verification in backend/routes/dashboard.py - Enable proper JWT signature verification in backend/main.py - Enable proper JWT signature verification in backend/activity_logger.py - Replace verify_signature=False with cryptographic verification using JWT_SECRET_KEY - Prevents JWT forgery attacks and account takeover
2026-05-26 11:25:49 +00:00 · 2026-05-07 16:57:42 +05:30
parent 2f9d94d29d
commit 05f081b205
3 changed files with 58 additions and 21 deletions
@@ -440,14 +440,18 @@ def write_request_audit_log(response):
            auth_header = request.headers.get("Authorization", "")
            if auth_header.startswith("Bearer "):
                token = auth_header.split(" ", 1)[1]
-                decoded = pyjwt.decode(
-                    token,
-                    options={"verify_signature": False},
-                    algorithms=["HS256", "RS256"],
-                )
-                auth_user_id = decoded.get("user_id") or decoded.get("sub") or decoded.get("uid")
-                auth_wallet_address = decoded.get("wallet_address")
-                auth_email = decoded.get("email")
+                jwt_secret = app.config.get('JWT_SECRET_KEY')
+                if jwt_secret:
+                    decoded = pyjwt.decode(
+                        token,
+                        jwt_secret,
+                        algorithms=["HS256", "RS256"],
+                    )
+                    auth_user_id = decoded.get("user_id") or decoded.get("sub") or decoded.get("uid")
+                    auth_wallet_address = decoded.get("wallet_address")
+                    auth_email = decoded.get("email")
+                else:
+                    auth_user_id = None
        except Exception:
            auth_user_id = None