Updates
This commit is contained in:
parent
0880526f44
commit
1aa66be3ba
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@moduletrace/datasquirel",
|
||||
"version": "3.1.3",
|
||||
"version": "3.1.4",
|
||||
"description": "Cloud-based SQL data management tool",
|
||||
"main": "index.js",
|
||||
"bin": {
|
||||
|
@ -52,13 +52,15 @@ function userAuth({
|
||||
csrfHeaderName,
|
||||
}) {
|
||||
try {
|
||||
const finalRequest = req || request;
|
||||
|
||||
const finalEncryptionKey =
|
||||
encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
|
||||
const finalEncryptionSalt =
|
||||
encryptionSalt || process.env.DSQL_ENCRYPTION_SALT;
|
||||
|
||||
const cookies = parseCookies({
|
||||
request: request || req,
|
||||
request: finalRequest,
|
||||
cookieString,
|
||||
});
|
||||
|
||||
@ -129,20 +131,29 @@ function userAuth({
|
||||
*
|
||||
* @description Grab the payload
|
||||
*/
|
||||
if (
|
||||
level?.match(/deep/i) &&
|
||||
((csrfHeaderName &&
|
||||
req?.headers[csrfHeaderName] !== userObject.csrf_k &&
|
||||
request?.headers[csrfHeaderName] !== userObject.csrf_k) ||
|
||||
(csrfHeaderIsValue &&
|
||||
!req?.headers[userObject.csrf_k] &&
|
||||
!request?.headers[userObject.csrf_k]))
|
||||
) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K mismatch",
|
||||
};
|
||||
if (level?.match(/deep/i) && finalRequest) {
|
||||
if (
|
||||
csrfHeaderName &&
|
||||
finalRequest.headers[csrfHeaderName] !== userObject.csrf_k
|
||||
) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K mismatch",
|
||||
};
|
||||
}
|
||||
|
||||
const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
|
||||
.filter((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
|
||||
.find((k) => k == userObject.csrf_k);
|
||||
|
||||
if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K Header Key mismatch",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
const payloadCreationDate = Number(userObject.date);
|
||||
|
Loading…
Reference in New Issue
Block a user