More accurate JWT token regex in JavaScript
I wanted to encrypt JWT tokens in logs and to do that, I've configured winston.js to centralize this feature. For instance, if someone wants to log a JS object or string, they just log it and if that string contains a token, it will automatically be encrypted.
I am using the regex below:
const JWT_TOKEN_REGEX = /[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*/g;
However, when I get the query string from request
my-panel?issueId=10060&type=left&xdm_e=https%3A%2F%2Ftanriverdi.furkan.net&xdm_c=channel-abc.plugin.xyz__abc-issue-content-panel-3543924933333691153&cp=&xdm_deprecated_addon_key_do_not_use=abc.plugin.xyz&lic=none&cv=1001.0.0-SNAPSHOT&jwt=eyJ0eXAiOiJKV1QiOiJIUzI1NiJ9.eyJzdWIiOiI2MjQ2OWI5MDRmZTAxZDAwNmJhNzVjNDMiLCJxc2giOiI3YWE1YWVjN2NhOTM4Yzc0NmRmMmJkNmY2MTJiOTU4MmY5MzkxNWI1MzQzYmM1YTk4IiwiaXNzIjoiMzJmMTg4OTMtNzhkNi0zZmJiLWI3NzgtNmQ2OWU3YTU3NWM5IiwiY29udGV4dCI6e30sImV4cCI6MTY2NjYwMjkxMywiaWF0IjoxNjY2NjAyMDEzfQ.CpI-BZfqOM7Rmidv8e2L8G-rENSELnfEP96w
, all strings with two dots get encrypted.
How can I parse only JWT token values? They don't always appear in query strings, and it does not have to start with jwt= or something like that.
I tried to customize the regex like
every capturing group must contain at least 1 uppercase letter, 1 lowercase letter and 1 digit.
I could not manage to successfully filter JWTs.
Any suggestions are much appreciated!
You can add to your rule that the first and second segment have to start with eyJ, because header and payload of a JWT are Base64URL encoded JSONs and start with {", which is eyJin Base64URL. In the following example I also removed the ? after the last ., so that it must have always 3 segments separated by .. The = is also not needed, because a JWT uses Base64URL encoding without padding:
const isJWT = (jwt) => {
return String(jwt)
.match(/eyJ[A-Za-z0-9-_]+\.eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_.+/]*/g);
};
const jwt = "eyJ0eXAiOiJKV1QiOiJIUzI1NiJ9.eyJzdWIiOiI2MjQ2OWI5MDRmZTAxZDAwNmJhNzVjNDMiLCJxc2giOiI3YWE1YWVjN2NhOTM4Yzc0NmRmMmJkNmY2MTJiOTU4MmY5MzkxNWI1MzQzYmM1YTk4IiwiaXNzIjoiMzJmMTg4OTMtNzhkNi0zZmJiLWI3NzgtNmQ2OWU3YTU3NWM5IiwiY29udGV4dCI6e30sImV4cCI6MTY2NjYwMjkxMywiaWF0IjoxNjY2NjAyMDEzfQ.CpI-BZfqOM7Rmidv8e2L8G-rENSELnfEP96w"
if (isJWT(jwt)) console.log("it's a JWT!");
- Clear clipboard to prohibit unauthorised copying, insert message?
- Supplying a reason for AbortController?
- Can you render a html file into a container?
- Using performance.mark() with Chrome dev tools performance tab
- How to save javascript array as redis list
- Find out whether Chrome console is open
- How to wait for requests and validate responses using playwright?
- Show Bootstrap Alert on Button Click via Javascript / jQuery
- How to post a file from a form with Axios
- Why doesn't Javascript handle divide by zero error in a try catch
- how can I add menu button in telegram bot
- Debounce in ReactJS
- Javascript question mark operator, multiple question marks
- Could not find a declaration file for module '@hookform/resolvers/zod'
- Stripe CLI trigger subscription failed event for a specifc customer
- Steps to send a https request to a rest service in Node js
- react jest confirming snapshot change
- Getting a list of all countries to using npm countries-list
- How do you limit the number of options selected in an HTML <select> element?
- Different sorting
- add an event listener on an element I've created in javascript
- Web Component not rendering when loaded from UNPKG CDN?
- Uncaught TypeError: Failed to resolve module specifier "react-router-dom". Relative references must start with either "/", "./", or "../"
- Javascript Date - set just the date, ignoring time?
- Form validate() method is not working with Vue 3 and Vuetify 3
- Running V8 Javascript Engine Standalone
- PHP - Extract frame during Video upload
- Can a PWA app be published to app store and play store
- How to check if a caught exception was thrown because of triggering an AbortController?
- Apollo Client: retrieving the results from a query with errors