Updates
This commit is contained in:
parent
901492f5e2
commit
0880526f44
2
client/fetch/index.d.ts
vendored
2
client/fetch/index.d.ts
vendored
@ -1,5 +1,5 @@
|
||||
export = clientFetch;
|
||||
declare function clientFetch(url: string, options?: import("../../package-shared/types").FetchApiOptions, contentType?: "json" | "text" | "html" | "blob" | "file"): Promise<any>;
|
||||
declare function clientFetch(url: string, options?: import("../../package-shared/types").FetchApiOptions, csrf?: boolean): Promise<any>;
|
||||
declare namespace clientFetch {
|
||||
export { clientFetch as fetchApi };
|
||||
}
|
||||
|
@ -3,7 +3,7 @@
|
||||
const _ = require("lodash");
|
||||
|
||||
/** @type {import("../../package-shared/types").FetchApiFn} */
|
||||
async function clientFetch(url, options, contentType) {
|
||||
async function clientFetch(url, options, csrf) {
|
||||
let data;
|
||||
let finalUrl = url;
|
||||
|
||||
|
2
package-shared/types/index.d.ts
vendored
2
package-shared/types/index.d.ts
vendored
@ -885,7 +885,7 @@ export type CheckApiCredentialsFnParam = {
|
||||
table?: string;
|
||||
user_id?: string | number;
|
||||
};
|
||||
export type FetchApiFn = (url: string, options?: FetchApiOptions, contentType?: "json" | "text" | "html" | "blob" | "file") => Promise<any>;
|
||||
export type FetchApiFn = (url: string, options?: FetchApiOptions, csrf?: boolean) => Promise<any>;
|
||||
export type FetchApiOptions = RequestInit & {
|
||||
method: "POST" | "GET" | "DELETE" | "PUT" | "PATCH" | "post" | "get" | "delete" | "put" | "patch";
|
||||
body?: object | string;
|
||||
|
@ -1049,7 +1049,7 @@ export type CheckApiCredentialsFnParam = {
|
||||
export type FetchApiFn = (
|
||||
url: string,
|
||||
options?: FetchApiOptions,
|
||||
contentType?: "json" | "text" | "html" | "blob" | "file"
|
||||
csrf?: boolean
|
||||
) => Promise<any>;
|
||||
|
||||
export type FetchApiOptions = RequestInit & {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@moduletrace/datasquirel",
|
||||
"version": "3.1.2",
|
||||
"version": "3.1.3",
|
||||
"description": "Cloud-based SQL data management tool",
|
||||
"main": "index.js",
|
||||
"bin": {
|
||||
|
6
users/user-auth.d.ts
vendored
6
users/user-auth.d.ts
vendored
@ -16,10 +16,12 @@ export = userAuth;
|
||||
* @param {string} [params.database] - Database Name (slug)
|
||||
* @param {string | number} [params.dsqlUserId] - alt env: DSQL_API_USER_ID
|
||||
* @param {number} [params.expiry] - Expiry time in milliseconds
|
||||
* @param {string} [params.csrfHeaderName] - Optional. CSRF Header Name
|
||||
* @param {boolean} [params.csrfHeaderIsValue] - If the csrf value is the name of the request http header
|
||||
*
|
||||
* @returns { import("../package-shared/types").AuthenticatedUser }
|
||||
*/
|
||||
declare function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, }: {
|
||||
declare function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderIsValue, csrfHeaderName, }: {
|
||||
request?: http.IncomingMessage & {
|
||||
[x: string]: any;
|
||||
};
|
||||
@ -34,5 +36,7 @@ declare function userAuth({ request, req, encryptionKey, encryptionSalt, level,
|
||||
database?: string;
|
||||
dsqlUserId?: string | number;
|
||||
expiry?: number;
|
||||
csrfHeaderName?: string;
|
||||
csrfHeaderIsValue?: boolean;
|
||||
}): import("../package-shared/types").AuthenticatedUser;
|
||||
import http = require("http");
|
||||
|
@ -32,6 +32,8 @@ const yearInMilliseconds = dayInMilliseconds * 365;
|
||||
* @param {string} [params.database] - Database Name (slug)
|
||||
* @param {string | number} [params.dsqlUserId] - alt env: DSQL_API_USER_ID
|
||||
* @param {number} [params.expiry] - Expiry time in milliseconds
|
||||
* @param {string} [params.csrfHeaderName] - Optional. CSRF Header Name
|
||||
* @param {boolean} [params.csrfHeaderIsValue] - If the csrf value is the name of the request http header
|
||||
*
|
||||
* @returns { import("../package-shared/types").AuthenticatedUser }
|
||||
*/
|
||||
@ -46,6 +48,8 @@ function userAuth({
|
||||
encryptedUserString,
|
||||
expiry = weekInMilliseconds,
|
||||
cookieString,
|
||||
csrfHeaderIsValue,
|
||||
csrfHeaderName,
|
||||
}) {
|
||||
try {
|
||||
const finalEncryptionKey =
|
||||
@ -127,12 +131,17 @@ function userAuth({
|
||||
*/
|
||||
if (
|
||||
level?.match(/deep/i) &&
|
||||
!csrf?.match(new RegExp(`${userObject.csrf_k}`))
|
||||
((csrfHeaderName &&
|
||||
req?.headers[csrfHeaderName] !== userObject.csrf_k &&
|
||||
request?.headers[csrfHeaderName] !== userObject.csrf_k) ||
|
||||
(csrfHeaderIsValue &&
|
||||
!req?.headers[userObject.csrf_k] &&
|
||||
!request?.headers[userObject.csrf_k]))
|
||||
) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K requested but does not match payload",
|
||||
msg: "CSRF_K mismatch",
|
||||
};
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user