datasquirel/users/user-auth.js

144 lines
4.4 KiB
JavaScript
Raw Normal View History

2023-08-07 03:42:49 +00:00
// @ts-check
2023-05-06 11:14:09 +00:00
/**
* ==============================================================================
* Imports
* ==============================================================================
*/
2023-08-07 04:10:45 +00:00
const http = require("http");
2023-05-06 11:14:09 +00:00
const decrypt = require("../functions/decrypt");
2023-06-24 12:09:26 +00:00
const parseCookies = require("../utils/functions/parseCookies");
2023-05-06 11:14:09 +00:00
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
2023-05-23 14:06:59 +00:00
/**
2023-07-24 13:37:08 +00:00
* @typedef {object} AuthenticatedUserObject
2023-05-23 14:06:59 +00:00
* @property {boolean} success - Did the function run successfully?
2023-08-07 03:42:49 +00:00
* @property {import("../types/user.td").DATASQUIREL_LoggedInUser | null} payload - Payload
2023-08-07 04:10:45 +00:00
* @property {string | unknown} [msg] - Response Message
2023-05-23 14:06:59 +00:00
*/
2023-05-06 11:14:09 +00:00
/**
2023-07-24 13:37:08 +00:00
* Authenticate User from request
2023-05-06 11:14:09 +00:00
* ==============================================================================
2023-07-24 13:37:08 +00:00
* @description This Function takes in a request object and returns a user object
* with the user's data
*
2023-05-23 11:16:10 +00:00
* @param {Object} params - Arg
2023-08-07 04:10:45 +00:00
* @param {http.IncomingMessage} params.request - Http request object
2023-05-23 11:16:10 +00:00
* @param {String} params.encryptionKey - Encryption Key
* @param {String} params.encryptionSalt - Encryption Salt
* @param {String} params.level - Optional. "Deep" value indicates an extra layer of security
* @param {String} params.database - Database Name
2023-05-23 14:06:59 +00:00
*
2023-07-26 03:52:03 +00:00
* @returns { AuthenticatedUserObject }
2023-05-06 11:14:09 +00:00
*/
2023-07-07 19:13:13 +00:00
function userAuth({ request, encryptionKey, encryptionSalt, level, database }) {
2023-05-06 13:15:22 +00:00
try {
2023-05-06 13:29:42 +00:00
/**
* Grab the payload
*
* @description Grab the payload
*/
2023-06-24 12:09:26 +00:00
const cookies = parseCookies({ request });
const dsqluid = cookies.dsqluid;
2023-05-09 14:12:55 +00:00
const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
2023-06-24 12:09:26 +00:00
const key = cookies[authKeyName];
const csrf = cookies[csrfName];
2023-05-06 13:29:42 +00:00
2023-05-06 13:15:22 +00:00
/**
* Grab the payload
*
* @description Grab the payload
*/
let userPayload = decrypt({
2023-05-09 14:12:55 +00:00
encryptedString: key,
2023-05-06 13:15:22 +00:00
encryptionKey,
encryptionSalt,
});
2023-05-06 11:14:09 +00:00
2023-05-06 13:15:22 +00:00
/**
* Grab the payload
*
* @description Grab the payload
*/
if (!userPayload) {
return {
success: false,
payload: null,
msg: "Couldn't Decrypt cookie",
};
}
2023-05-06 11:14:09 +00:00
2023-05-06 13:15:22 +00:00
/**
* Grab the payload
*
* @description Grab the payload
*/
let userObject = JSON.parse(userPayload);
2023-05-06 11:14:09 +00:00
2023-05-06 13:15:22 +00:00
if (!userObject.csrf_k) {
return {
success: false,
payload: null,
msg: "No CSRF_K in decrypted payload",
};
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Grab the payload
*
* @description Grab the payload
*/
2023-05-06 13:29:42 +00:00
if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) {
2023-05-06 13:15:22 +00:00
return {
success: false,
payload: null,
msg: "CSRF_K requested but does not match payload",
};
}
2023-05-06 11:14:09 +00:00
2023-05-06 13:15:22 +00:00
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
2023-05-06 11:14:09 +00:00
2023-05-06 13:15:22 +00:00
/**
* Return User Object
*
* @description Return User Object
*/
return {
success: true,
payload: userObject,
};
} catch (error) {
/**
* Return User Object
*
* @description Return User Object
*/
2023-05-06 11:14:09 +00:00
return {
success: false,
payload: null,
2023-08-07 04:10:45 +00:00
msg: error,
2023-05-06 11:14:09 +00:00
};
}
2023-07-07 19:13:13 +00:00
}
2023-05-06 11:14:09 +00:00
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
2023-07-07 19:13:13 +00:00
module.exports = userAuth;