From 0e266f3df20786d6ea3cc8352d7d22cf2a61ae0c Mon Sep 17 00:00:00 2001 From: Benjamin Toby Date: Fri, 16 Aug 2024 07:48:12 +0100 Subject: [PATCH] Update reauth function --- users/reauth-user.js | 3 +++ users/user-auth.js | 17 ++++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/users/reauth-user.js b/users/reauth-user.js index 275a72b..4080f4f 100644 --- a/users/reauth-user.js +++ b/users/reauth-user.js @@ -44,6 +44,7 @@ const localReauthUser = require("../engine/user/reauth-user"); * @param {String} params.encryptionKey - Encryption Key * @param {String} params.encryptionSalt - Encryption Salt * @param {string[]} [params.additionalFields] - Additional Fields to be added to the user object + * @param {string} [params.token] - access token to use instead of getting from cookie header * * @returns { Promise } */ @@ -56,6 +57,7 @@ async function reauthUser({ encryptionKey, encryptionSalt, additionalFields, + token, }) { /** * Check Encryption Keys @@ -72,6 +74,7 @@ async function reauthUser({ encryptionSalt, level, request, + token, }); if (!existingUser?.payload?.id) { diff --git a/users/user-auth.js b/users/user-auth.js index c6d4d9f..367c091 100644 --- a/users/user-auth.js +++ b/users/user-auth.js @@ -35,10 +35,18 @@ const parseCookies = require("../utils/functions/parseCookies"); * @param {string} params.encryptionSalt - Encryption Salt * @param {("deep" | "normal")} [params.level] - Optional. "Deep" value indicates an extra layer of security * @param {string} params.database - Database Name + * @param {string} [params.token] - access token to use instead of getting from cookie header * * @returns { AuthenticatedUserObject } */ -function userAuth({ request, encryptionKey, encryptionSalt, level, database }) { +function userAuth({ + request, + encryptionKey, + encryptionSalt, + level, + database, + token, +}) { try { /** * Grab the payload @@ -50,7 +58,7 @@ function userAuth({ request, encryptionKey, encryptionSalt, level, database }) { const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`; const csrfName = `datasquirel_${dsqluid}_${database}_csrf`; - const key = cookies[authKeyName]; + const key = token ? token : cookies[authKeyName]; const csrf = cookies[csrfName]; /** @@ -101,7 +109,10 @@ function userAuth({ request, encryptionKey, encryptionSalt, level, database }) { * * @description Grab the payload */ - if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) { + if ( + level?.match(/deep/i) && + !csrf?.match(new RegExp(`${userObject.csrf_k}`)) + ) { return { success: false, payload: null,