2023-08-07 03:42:49 +00:00
|
|
|
// @ts-check
|
|
|
|
|
2023-05-06 11:14:09 +00:00
|
|
|
/**
|
|
|
|
* ==============================================================================
|
|
|
|
* Imports
|
|
|
|
* ==============================================================================
|
|
|
|
*/
|
2023-08-07 04:10:45 +00:00
|
|
|
const http = require("http");
|
2023-05-06 11:14:09 +00:00
|
|
|
const decrypt = require("../functions/decrypt");
|
2023-06-24 12:09:26 +00:00
|
|
|
const parseCookies = require("../utils/functions/parseCookies");
|
2023-05-06 11:14:09 +00:00
|
|
|
|
|
|
|
/** ****************************************************************************** */
|
|
|
|
/** ****************************************************************************** */
|
|
|
|
/** ****************************************************************************** */
|
|
|
|
/** ****************************************************************************** */
|
|
|
|
/** ****************************************************************************** */
|
|
|
|
/** ****************************************************************************** */
|
|
|
|
|
2023-05-23 14:06:59 +00:00
|
|
|
/**
|
2023-07-24 13:37:08 +00:00
|
|
|
* @typedef {object} AuthenticatedUserObject
|
2023-05-23 14:06:59 +00:00
|
|
|
* @property {boolean} success - Did the function run successfully?
|
2023-08-07 03:42:49 +00:00
|
|
|
* @property {import("../types/user.td").DATASQUIREL_LoggedInUser | null} payload - Payload
|
2023-08-07 04:10:45 +00:00
|
|
|
* @property {string | unknown} [msg] - Response Message
|
2023-05-23 14:06:59 +00:00
|
|
|
*/
|
|
|
|
|
2023-05-06 11:14:09 +00:00
|
|
|
/**
|
2023-07-24 13:37:08 +00:00
|
|
|
* Authenticate User from request
|
2023-05-06 11:14:09 +00:00
|
|
|
* ==============================================================================
|
2023-07-24 13:37:08 +00:00
|
|
|
* @description This Function takes in a request object and returns a user object
|
|
|
|
* with the user's data
|
|
|
|
*
|
2023-05-23 11:16:10 +00:00
|
|
|
* @param {Object} params - Arg
|
2023-08-07 04:10:45 +00:00
|
|
|
* @param {http.IncomingMessage} params.request - Http request object
|
2023-08-07 08:48:19 +00:00
|
|
|
* @param {string} params.encryptionKey - Encryption Key
|
|
|
|
* @param {string} params.encryptionSalt - Encryption Salt
|
2023-08-12 04:20:17 +00:00
|
|
|
* @param {("deep" | "normal")} [params.level] - Optional. "Deep" value indicates an extra layer of security
|
2023-08-07 08:48:19 +00:00
|
|
|
* @param {string} params.database - Database Name
|
2023-05-23 14:06:59 +00:00
|
|
|
*
|
2023-07-26 03:52:03 +00:00
|
|
|
* @returns { AuthenticatedUserObject }
|
2023-05-06 11:14:09 +00:00
|
|
|
*/
|
2023-07-07 19:13:13 +00:00
|
|
|
function userAuth({ request, encryptionKey, encryptionSalt, level, database }) {
|
2023-05-06 13:15:22 +00:00
|
|
|
try {
|
2023-05-06 13:29:42 +00:00
|
|
|
/**
|
|
|
|
* Grab the payload
|
|
|
|
*
|
|
|
|
* @description Grab the payload
|
|
|
|
*/
|
2023-06-24 12:09:26 +00:00
|
|
|
const cookies = parseCookies({ request });
|
|
|
|
const dsqluid = cookies.dsqluid;
|
2023-05-09 14:12:55 +00:00
|
|
|
const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
|
|
|
|
const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
|
|
|
|
|
2023-06-24 12:09:26 +00:00
|
|
|
const key = cookies[authKeyName];
|
|
|
|
const csrf = cookies[csrfName];
|
2023-05-06 13:29:42 +00:00
|
|
|
|
2023-05-06 13:15:22 +00:00
|
|
|
/**
|
|
|
|
* Grab the payload
|
|
|
|
*
|
|
|
|
* @description Grab the payload
|
|
|
|
*/
|
|
|
|
let userPayload = decrypt({
|
2023-05-09 14:12:55 +00:00
|
|
|
encryptedString: key,
|
2023-05-06 13:15:22 +00:00
|
|
|
encryptionKey,
|
|
|
|
encryptionSalt,
|
|
|
|
});
|
2023-05-06 11:14:09 +00:00
|
|
|
|
2023-05-06 13:15:22 +00:00
|
|
|
/**
|
|
|
|
* Grab the payload
|
|
|
|
*
|
|
|
|
* @description Grab the payload
|
|
|
|
*/
|
|
|
|
if (!userPayload) {
|
|
|
|
return {
|
|
|
|
success: false,
|
|
|
|
payload: null,
|
|
|
|
msg: "Couldn't Decrypt cookie",
|
|
|
|
};
|
|
|
|
}
|
2023-05-06 11:14:09 +00:00
|
|
|
|
2023-05-06 13:15:22 +00:00
|
|
|
/**
|
|
|
|
* Grab the payload
|
|
|
|
*
|
|
|
|
* @description Grab the payload
|
|
|
|
*/
|
|
|
|
let userObject = JSON.parse(userPayload);
|
2023-05-06 11:14:09 +00:00
|
|
|
|
2023-05-06 13:15:22 +00:00
|
|
|
if (!userObject.csrf_k) {
|
|
|
|
return {
|
|
|
|
success: false,
|
|
|
|
payload: null,
|
|
|
|
msg: "No CSRF_K in decrypted payload",
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
/** ********************************************** */
|
|
|
|
/** ********************************************** */
|
|
|
|
/** ********************************************** */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Grab the payload
|
|
|
|
*
|
|
|
|
* @description Grab the payload
|
|
|
|
*/
|
2023-05-06 13:29:42 +00:00
|
|
|
if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) {
|
2023-05-06 13:15:22 +00:00
|
|
|
return {
|
|
|
|
success: false,
|
|
|
|
payload: null,
|
|
|
|
msg: "CSRF_K requested but does not match payload",
|
|
|
|
};
|
|
|
|
}
|
2023-05-06 11:14:09 +00:00
|
|
|
|
2023-05-06 13:15:22 +00:00
|
|
|
/** ********************************************** */
|
|
|
|
/** ********************************************** */
|
|
|
|
/** ********************************************** */
|
2023-05-06 11:14:09 +00:00
|
|
|
|
2023-05-06 13:15:22 +00:00
|
|
|
/**
|
|
|
|
* Return User Object
|
|
|
|
*
|
|
|
|
* @description Return User Object
|
|
|
|
*/
|
|
|
|
return {
|
|
|
|
success: true,
|
|
|
|
payload: userObject,
|
|
|
|
};
|
|
|
|
} catch (error) {
|
|
|
|
/**
|
|
|
|
* Return User Object
|
|
|
|
*
|
|
|
|
* @description Return User Object
|
|
|
|
*/
|
2023-05-06 11:14:09 +00:00
|
|
|
return {
|
|
|
|
success: false,
|
|
|
|
payload: null,
|
2023-08-07 04:10:45 +00:00
|
|
|
msg: error,
|
2023-05-06 11:14:09 +00:00
|
|
|
};
|
|
|
|
}
|
2023-07-07 19:13:13 +00:00
|
|
|
}
|
2023-05-06 11:14:09 +00:00
|
|
|
|
|
|
|
/** ********************************************** */
|
|
|
|
/** ********************************************** */
|
|
|
|
/** ********************************************** */
|
2023-07-07 19:13:13 +00:00
|
|
|
|
|
|
|
module.exports = userAuth;
|