Sharing laravel 4 session with nodejs express

I am trying to get the laravel session id from the cookie on the header on nodejs.

I have tried so far:

function nodeDecrypt(data, key, iv) {
  var decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
  var chunks = []
  chunks.push(decipher.update(chunk.toString(),'hex','binary'))
  chunks.push(decipher.final('binary'))
  return chunks.join('')
}

var cookie = JSON.parse(new Buffer(req.cookies.gjsess, 'base64'));
var iv     = new Buffer(cookie.iv, 'base64');
var value  = new Buffer(cookie.value, 'base64');

var dec = nodeDecrypt(value, 'YourSecretKey!!!', iv);

But so far I keep getting Invalid IV length 32.

YourSecretKey!!! is the key found on the app.php of laravel 4.

Laravel encryption mech:

protected $cipher = 'rijndael-256';
protected $mode = 'cbc';
protected $block = 32;

...

$payload = $this->getJsonPayload($payload);
$value = base64_decode($payload['value']);
$iv = base64_decode($payload['iv']);
return unserialize($this->stripPadding($this->mcryptDecrypt($value, $iv)));

...

return mcrypt_decrypt($this->cipher, $this->key, $value, $this->mode, $iv);

...

$this->app->bindShared('encrypter', function($app)
{
  return new Encrypter($app['config']['app.key']);
});

other attempts

var cookie = JSON.parse(new Buffer(req.cookies.gjsess, 'base64'));
var iv     = new Buffer(cookie.iv, 'base64');
var value  = new Buffer(cookie.value, 'base64');

var MCrypt = require('mcrypt').MCrypt;
var desEcb = new MCrypt('rijndael-256', 'cbc');
desEcb.open('YourSecretKey!!!');
var plaintext = desEcb.decrypt(value, 'base64');

This does not give an error but still getting useless data.

标签： node.js laravel-4

2条回答

一纸荒年 Trace。

2楼-- · 2019-03-13 15:49

Extending the answer by @7sides, I have come up with the following. It's to get the session id from a laravel cookie specicially for laravel 5.1, since now it uses aes-256-cbc.

var app = require('express')();
var http = require('http').Server(app);
var io = require('socket.io')(http);
var cookieParser = require('socket.io-cookie-parser');
var PHPUnserialize = require('php-unserialize');
var Crypto = require('crypto');

io.use(cookieParser());

function getSessionIdFromLaravelCookie(req) {

    var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64'));

    var iv = new Buffer(cookie.iv, 'base64');
    var value = new Buffer(cookie.value, 'base64');

    var key = "--encryption-key--";

    var decipher = Crypto.createDecipheriv('aes-256-cbc', key, iv);
    decipher.setAutoPadding(false)
    var dec = Buffer.concat([decipher.update(value), decipher.final()]);

    var sessionId = PHPUnserialize.unserialize(dec);

    return sessionId;

}

0人赞添加讨论(0) 举报

叼着烟拽天下

3楼-- · 2019-03-13 15:55

Finally I got it too! Here's my solution. Works perfectly for me.

// requirements
var PHPUnserialize = require('php-unserialize'); // npm install php-unserialize
var MCrypt = require('mcrypt').MCrypt; // npm install mcrypt


// helper function

function ord( string ) {    // Return ASCII value of character
    // 
    // +   original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)

    return string.charCodeAt(0);
}


function getSessionIdFromLaravelCookie() {

    var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64'));
    var iv = new Buffer(cookie.iv, 'base64');
    var value = new Buffer(cookie.value, 'base64');
    var key = "_Encryption Key_";

    var rijCbc = new MCrypt('rijndael-256', 'cbc');
    rijCbc.open(key, iv); // it's very important to pass iv argument!

    var decrypted = rijCbc.decrypt(value).toString();


    var len = decrypted.length - 1;
    var pad = ord(decrypted.charAt(len));

    var sessionId = PHPUnserialize.unserialize(decrypted.substr(0, decrypted.length - pad));

    return sessionId;

}

0人赞添加讨论(0) 举报

Sharing laravel 4 session with nodejs express

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间