Updates
This commit is contained in:
Benjamin Toby
parent
901492f5e2
commit
0880526f44
2
client/fetch/index.d.ts
vendored
2
client/fetch/index.d.ts
vendored
@ -1,5 +1,5 @@
|
|||||||
export = clientFetch;
|
export = clientFetch;
|
||||||
declare function clientFetch(url: string, options?: import("../../package-shared/types").FetchApiOptions, contentType?: "json" | "text" | "html" | "blob" | "file"): Promise<any>;
|
declare function clientFetch(url: string, options?: import("../../package-shared/types").FetchApiOptions, csrf?: boolean): Promise<any>;
|
||||||
declare namespace clientFetch {
|
declare namespace clientFetch {
|
||||||
export { clientFetch as fetchApi };
|
export { clientFetch as fetchApi };
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
const _ = require("lodash");
|
const _ = require("lodash");
|
||||||
|
|
||||||
/** @type {import("../../package-shared/types").FetchApiFn} */
|
/** @type {import("../../package-shared/types").FetchApiFn} */
|
||||||
async function clientFetch(url, options, contentType) {
|
async function clientFetch(url, options, csrf) {
|
||||||
let data;
|
let data;
|
||||||
let finalUrl = url;
|
let finalUrl = url;
|
||||||
|
|
||||||
|
|||||||
2
package-shared/types/index.d.ts
vendored
2
package-shared/types/index.d.ts
vendored
@ -885,7 +885,7 @@ export type CheckApiCredentialsFnParam = {
|
|||||||
table?: string;
|
table?: string;
|
||||||
user_id?: string | number;
|
user_id?: string | number;
|
||||||
};
|
};
|
||||||
export type FetchApiFn = (url: string, options?: FetchApiOptions, contentType?: "json" | "text" | "html" | "blob" | "file") => Promise<any>;
|
export type FetchApiFn = (url: string, options?: FetchApiOptions, csrf?: boolean) => Promise<any>;
|
||||||
export type FetchApiOptions = RequestInit & {
|
export type FetchApiOptions = RequestInit & {
|
||||||
method: "POST" | "GET" | "DELETE" | "PUT" | "PATCH" | "post" | "get" | "delete" | "put" | "patch";
|
method: "POST" | "GET" | "DELETE" | "PUT" | "PATCH" | "post" | "get" | "delete" | "put" | "patch";
|
||||||
body?: object | string;
|
body?: object | string;
|
||||||
|
|||||||
@ -1049,7 +1049,7 @@ export type CheckApiCredentialsFnParam = {
|
|||||||
export type FetchApiFn = (
|
export type FetchApiFn = (
|
||||||
url: string,
|
url: string,
|
||||||
options?: FetchApiOptions,
|
options?: FetchApiOptions,
|
||||||
contentType?: "json" | "text" | "html" | "blob" | "file"
|
csrf?: boolean
|
||||||
) => Promise<any>;
|
) => Promise<any>;
|
||||||
|
|
||||||
export type FetchApiOptions = RequestInit & {
|
export type FetchApiOptions = RequestInit & {
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@moduletrace/datasquirel",
|
"name": "@moduletrace/datasquirel",
|
||||||
"version": "3.1.2",
|
"version": "3.1.3",
|
||||||
"description": "Cloud-based SQL data management tool",
|
"description": "Cloud-based SQL data management tool",
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"bin": {
|
"bin": {
|
||||||
|
|||||||
6
users/user-auth.d.ts
vendored
6
users/user-auth.d.ts
vendored
@ -16,10 +16,12 @@ export = userAuth;
|
|||||||
* @param {string} [params.database] - Database Name (slug)
|
* @param {string} [params.database] - Database Name (slug)
|
||||||
* @param {string | number} [params.dsqlUserId] - alt env: DSQL_API_USER_ID
|
* @param {string | number} [params.dsqlUserId] - alt env: DSQL_API_USER_ID
|
||||||
* @param {number} [params.expiry] - Expiry time in milliseconds
|
* @param {number} [params.expiry] - Expiry time in milliseconds
|
||||||
|
* @param {string} [params.csrfHeaderName] - Optional. CSRF Header Name
|
||||||
|
* @param {boolean} [params.csrfHeaderIsValue] - If the csrf value is the name of the request http header
|
||||||
*
|
*
|
||||||
* @returns { import("../package-shared/types").AuthenticatedUser }
|
* @returns { import("../package-shared/types").AuthenticatedUser }
|
||||||
*/
|
*/
|
||||||
declare function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, }: {
|
declare function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderIsValue, csrfHeaderName, }: {
|
||||||
request?: http.IncomingMessage & {
|
request?: http.IncomingMessage & {
|
||||||
[x: string]: any;
|
[x: string]: any;
|
||||||
};
|
};
|
||||||
@ -34,5 +36,7 @@ declare function userAuth({ request, req, encryptionKey, encryptionSalt, level,
|
|||||||
database?: string;
|
database?: string;
|
||||||
dsqlUserId?: string | number;
|
dsqlUserId?: string | number;
|
||||||
expiry?: number;
|
expiry?: number;
|
||||||
|
csrfHeaderName?: string;
|
||||||
|
csrfHeaderIsValue?: boolean;
|
||||||
}): import("../package-shared/types").AuthenticatedUser;
|
}): import("../package-shared/types").AuthenticatedUser;
|
||||||
import http = require("http");
|
import http = require("http");
|
||||||
|
|||||||
@ -32,6 +32,8 @@ const yearInMilliseconds = dayInMilliseconds * 365;
|
|||||||
* @param {string} [params.database] - Database Name (slug)
|
* @param {string} [params.database] - Database Name (slug)
|
||||||
* @param {string | number} [params.dsqlUserId] - alt env: DSQL_API_USER_ID
|
* @param {string | number} [params.dsqlUserId] - alt env: DSQL_API_USER_ID
|
||||||
* @param {number} [params.expiry] - Expiry time in milliseconds
|
* @param {number} [params.expiry] - Expiry time in milliseconds
|
||||||
|
* @param {string} [params.csrfHeaderName] - Optional. CSRF Header Name
|
||||||
|
* @param {boolean} [params.csrfHeaderIsValue] - If the csrf value is the name of the request http header
|
||||||
*
|
*
|
||||||
* @returns { import("../package-shared/types").AuthenticatedUser }
|
* @returns { import("../package-shared/types").AuthenticatedUser }
|
||||||
*/
|
*/
|
||||||
@ -46,6 +48,8 @@ function userAuth({
|
|||||||
encryptedUserString,
|
encryptedUserString,
|
||||||
expiry = weekInMilliseconds,
|
expiry = weekInMilliseconds,
|
||||||
cookieString,
|
cookieString,
|
||||||
|
csrfHeaderIsValue,
|
||||||
|
csrfHeaderName,
|
||||||
}) {
|
}) {
|
||||||
try {
|
try {
|
||||||
const finalEncryptionKey =
|
const finalEncryptionKey =
|
||||||
@ -127,12 +131,17 @@ function userAuth({
|
|||||||
*/
|
*/
|
||||||
if (
|
if (
|
||||||
level?.match(/deep/i) &&
|
level?.match(/deep/i) &&
|
||||||
!csrf?.match(new RegExp(`${userObject.csrf_k}`))
|
((csrfHeaderName &&
|
||||||
|
req?.headers[csrfHeaderName] !== userObject.csrf_k &&
|
||||||
|
request?.headers[csrfHeaderName] !== userObject.csrf_k) ||
|
||||||
|
(csrfHeaderIsValue &&
|
||||||
|
!req?.headers[userObject.csrf_k] &&
|
||||||
|
!request?.headers[userObject.csrf_k]))
|
||||||
) {
|
) {
|
||||||
return {
|
return {
|
||||||
success: false,
|
success: false,
|
||||||
payload: null,
|
payload: null,
|
||||||
msg: "CSRF_K requested but does not match payload",
|
msg: "CSRF_K mismatch",
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user