PSMRI · drtechie · May 21, 2025 · May 20, 2025 · coderabbitai · May 20, 2025
diff --git a/src/main/java/com/iemr/helpline104/utils/JwtUserIdValidationFilter.java b/src/main/java/com/iemr/helpline104/utils/JwtUserIdValidationFilter.java
@@ -67,32 +67,47 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
         }
 
         try {
-            // Retrieve JWT token from cookies
-            String jwtTokenFromCookie = getJwtTokenFromCookies(request);
-            logger.info("JWT token from cookie: " + jwtTokenFromCookie);
-
-            // Determine which token (cookie or header) to validate
-            String jwtToken = jwtTokenFromCookie != null ? jwtTokenFromCookie : jwtTokenFromHeader;
-            if (jwtToken == null) {
-                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "JWT token not found in cookies or headers");
-                return;
-            }
+        	String jwtFromCookie = getJwtTokenFromCookies(request);
+			String jwtFromHeader = request.getHeader("JwtToken");
+			String authHeader = request.getHeader("Authorization");
+
+			if (jwtFromCookie != null) {
+				logger.info("Validating JWT token from cookie");
+				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
+					filterChain.doFilter(servletRequest, servletResponse);
+					return;
+				}
+			}
+
+			if (jwtFromHeader != null) {
+				logger.info("Validating JWT token from header");
+				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
+					filterChain.doFilter(servletRequest, servletResponse);
+					return;
+				}
+			}
-        	String jwtFromCookie = getJwtTokenFromCookies(request);
-			String jwtFromHeader = request.getHeader("JwtToken");
-			String authHeader = request.getHeader("Authorization");
-
-			if (jwtFromCookie != null) {
-				logger.info("Validating JWT token from cookie");
-				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
-					filterChain.doFilter(servletRequest, servletResponse);
-					return;
-				}
-			}
-
-			if (jwtFromHeader != null) {
-				logger.info("Validating JWT token from header");
-				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
-					filterChain.doFilter(servletRequest, servletResponse);
-					return;
-				}
-			}
+        	String jwtFromCookie = getJwtTokenFromCookies(request);
+        	// Use a single, canonical header name through the whole filter
+        	final String JWT_HEADER = "Jwttoken";
+        	String jwtFromHeader = request.getHeader(JWT_HEADER);
+			String authHeader = request.getHeader("Authorization");
+
+			if (jwtFromCookie != null) {
+				logger.info("Validating JWT token from cookie");
+				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
+					filterChain.doFilter(servletRequest, servletResponse);
+					return;
+				}
+			}
+
+			if (jwtFromHeader != null) {
+				logger.info("Validating JWT token from header");
+				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
+					filterChain.doFilter(servletRequest, servletResponse);
+					return;
+				}
+			}
-        	String jwtFromCookie = getJwtTokenFromCookies(request);
-			String jwtFromHeader = request.getHeader("JwtToken");
-			String authHeader = request.getHeader("Authorization");
-
-			if (jwtFromCookie != null) {
-				logger.info("Validating JWT token from cookie");
-				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
-					filterChain.doFilter(servletRequest, servletResponse);
-					return;
-				}
-			}
-
-			if (jwtFromHeader != null) {
-				logger.info("Validating JWT token from header");
-				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
-					filterChain.doFilter(servletRequest, servletResponse);
-					return;
-				}
-			}
+        	String jwtFromCookie = getJwtTokenFromCookies(request);
+        	// Use a single, canonical header name through the whole filter
+        	final String JWT_HEADER = "Jwttoken";
+        	String jwtFromHeader = request.getHeader(JWT_HEADER);
+			String authHeader = request.getHeader("Authorization");
+
+			if (jwtFromCookie != null) {
+				logger.info("Validating JWT token from cookie");
+				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
+					filterChain.doFilter(servletRequest, servletResponse);
+					return;
+				}
+			}
+
+			if (jwtFromHeader != null) {
+				logger.info("Validating JWT token from header");
+				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
+					filterChain.doFilter(servletRequest, servletResponse);
+					return;
+				}
+			}
+			String userAgent = request.getHeader("User-Agent");
+			logger.info("User-Agent: " + userAgent);
+
+			if (userAgent != null && isMobileClient(userAgent) && authHeader != null) {
+				filterChain.doFilter(servletRequest, servletResponse);
+				return;
+			}
+
+			logger.warn("No valid authentication token found");
+			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");
 
-            // Validate JWT token and userId
-            boolean isValid = jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtToken);
-
-            if (isValid) {
-                // If token is valid, allow the request to proceed
-                filterChain.doFilter(servletRequest, servletResponse);
-            } else {
-                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid JWT token");
-            }
         } catch (Exception e) {
             logger.error("Authorization error: ", e);
             response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());
         }
     }
-
+    private boolean isMobileClient(String userAgent) {
+		if (userAgent == null)
+			return false;
+		userAgent = userAgent.toLowerCase();
+		return userAgent.contains("okhttp");
+	}
     private String getJwtTokenFromCookies(HttpServletRequest request) {
         Cookie[] cookies = request.getCookies();
         if (cookies != null) {