This commit is contained in:
Tben 2023-08-09 16:38:39 +01:00
parent 6b77ae9f3c
commit 089f1b56bd
4 changed files with 221 additions and 1 deletions

View File

@ -15,6 +15,8 @@ const reAuthUser = require("./users/reauth-user");
const getUser = require("./users/get-user"); const getUser = require("./users/get-user");
const loginWithGoogle = require("./users/social/google-auth"); const loginWithGoogle = require("./users/social/google-auth");
const loginWithGithub = require("./users/social/github-auth"); const loginWithGithub = require("./users/social/github-auth");
const getToken = require("./users/get-token");
const validateToken = require("./users/validate-token");
const sanitizeSql = require("./utils/functions/sanitizeSql"); const sanitizeSql = require("./utils/functions/sanitizeSql");
//////////////////////////////////////// ////////////////////////////////////////
@ -32,6 +34,8 @@ const user = {
reAuthUser: reAuthUser, reAuthUser: reAuthUser,
updateUser: updateUser, updateUser: updateUser,
getUser: getUser, getUser: getUser,
getToken: getToken,
validateToken: validateToken,
social: { social: {
loginWithGoogle: loginWithGoogle, loginWithGoogle: loginWithGoogle,
loginWithGithub: loginWithGithub, loginWithGithub: loginWithGithub,

View File

@ -1,6 +1,6 @@
{ {
"name": "datasquirel", "name": "datasquirel",
"version": "1.4.1", "version": "1.4.2",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {

120
users/get-token.js Normal file
View File

@ -0,0 +1,120 @@
// @ts-check
/**
* ==============================================================================
* Imports
* ==============================================================================
*/
const http = require("http");
const decrypt = require("../functions/decrypt");
const parseCookies = require("../utils/functions/parseCookies");
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/**
* Get just the access token for user
* ==============================================================================
* @description This Function takes in a request object and returns a user token
* string and csrf token string
*
* @param {Object} params - Arg
* @param {http.IncomingMessage} params.request - Http request object
* @param {string} params.encryptionKey - Encryption Key
* @param {string} params.encryptionSalt - Encryption Salt
* @param {("deep" | "normal")?} [params.level] - Optional. "Deep" value indicates an extra layer of security
* @param {string} params.database - Database Name
*
* @returns {{ key: string | undefined, csrf: string | undefined }}
*/
function getToken({ request, encryptionKey, encryptionSalt, level, database }) {
try {
/**
* Grab the payload
*
* @description Grab the payload
*/
const cookies = parseCookies({ request });
const dsqluid = cookies.dsqluid;
const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
const key = cookies[authKeyName];
const csrf = cookies[csrfName];
/**
* Grab the payload
*
* @description Grab the payload
*/
let userPayload = decrypt({
encryptedString: key,
encryptionKey,
encryptionSalt,
});
/**
* Grab the payload
*
* @description Grab the payload
*/
if (!userPayload) {
return { key: undefined, csrf: undefined };
}
/**
* Grab the payload
*
* @description Grab the payload
*/
let userObject = JSON.parse(userPayload);
if (!userObject.csrf_k) {
return { key: undefined, csrf: undefined };
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Grab the payload
*
* @description Grab the payload
*/
if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) {
return { key: undefined, csrf: undefined };
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Return User Object
*
* @description Return User Object
*/
return { key, csrf };
} catch (error) {
/**
* Return User Object
*
* @description Return User Object
*/
return {
key: undefined,
csrf: undefined,
};
}
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
module.exports = getToken;

96
users/validate-token.js Normal file
View File

@ -0,0 +1,96 @@
// @ts-check
/**
* ==============================================================================
* Imports
* ==============================================================================
*/
const http = require("http");
const decrypt = require("../functions/decrypt");
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/** ****************************************************************************** */
/**
* Validate Token
* ==============================================================================
* @description This Function takes in a encrypted token and returns a user object
*
* @param {Object} params - Arg
* @param {http.IncomingMessage} params.token - Http request object
* @param {string} params.encryptionKey - Encryption Key
* @param {string} params.encryptionSalt - Encryption Salt
* @param {("deep" | "normal")?} [params.level] - Optional. "Deep" value indicates an extra layer of security
* @param {string} params.database - Database Name
*
* @returns { import("../types/user.td").DATASQUIREL_LoggedInUser | null}
*/
function validateToken({ token, encryptionKey, encryptionSalt }) {
try {
/**
* Grab the payload
*
* @description Grab the payload
*/
const key = token;
/**
* Grab the payload
*
* @description Grab the payload
*/
let userPayload = decrypt({
encryptedString: key,
encryptionKey,
encryptionSalt,
});
/**
* Grab the payload
*
* @description Grab the payload
*/
if (!userPayload) {
return null;
}
/**
* Grab the payload
*
* @description Grab the payload
*/
let userObject = JSON.parse(userPayload);
if (!userObject.csrf_k) {
return null;
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Return User Object
*
* @description Return User Object
*/
return userObject;
} catch (error) {
/**
* Return User Object
*
* @description Return User Object
*/
return null;
}
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
module.exports = validateToken;