Update reauth function

This commit is contained in:
Benjamin Toby 2024-08-16 07:48:12 +01:00
parent 607552d451
commit 0e266f3df2
2 changed files with 17 additions and 3 deletions

View File

@ -44,6 +44,7 @@ const localReauthUser = require("../engine/user/reauth-user");
* @param {String} params.encryptionKey - Encryption Key
* @param {String} params.encryptionSalt - Encryption Salt
* @param {string[]} [params.additionalFields] - Additional Fields to be added to the user object
* @param {string} [params.token] - access token to use instead of getting from cookie header
*
* @returns { Promise<FunctionReturn> }
*/
@ -56,6 +57,7 @@ async function reauthUser({
encryptionKey,
encryptionSalt,
additionalFields,
token,
}) {
/**
* Check Encryption Keys
@ -72,6 +74,7 @@ async function reauthUser({
encryptionSalt,
level,
request,
token,
});
if (!existingUser?.payload?.id) {

View File

@ -35,10 +35,18 @@ const parseCookies = require("../utils/functions/parseCookies");
* @param {string} params.encryptionSalt - Encryption Salt
* @param {("deep" | "normal")} [params.level] - Optional. "Deep" value indicates an extra layer of security
* @param {string} params.database - Database Name
* @param {string} [params.token] - access token to use instead of getting from cookie header
*
* @returns { AuthenticatedUserObject }
*/
function userAuth({ request, encryptionKey, encryptionSalt, level, database }) {
function userAuth({
request,
encryptionKey,
encryptionSalt,
level,
database,
token,
}) {
try {
/**
* Grab the payload
@ -50,7 +58,7 @@ function userAuth({ request, encryptionKey, encryptionSalt, level, database }) {
const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
const key = cookies[authKeyName];
const key = token ? token : cookies[authKeyName];
const csrf = cookies[csrfName];
/**
@ -101,7 +109,10 @@ function userAuth({ request, encryptionKey, encryptionSalt, level, database }) {
*
* @description Grab the payload
*/
if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) {
if (
level?.match(/deep/i) &&
!csrf?.match(new RegExp(`${userObject.csrf_k}`))
) {
return {
success: false,
payload: null,