This commit is contained in:
Benjamin Toby 2024-12-14 16:59:41 +01:00
parent 0880526f44
commit 1aa66be3ba
2 changed files with 27 additions and 16 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "@moduletrace/datasquirel", "name": "@moduletrace/datasquirel",
"version": "3.1.3", "version": "3.1.4",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"bin": { "bin": {

View File

@ -52,13 +52,15 @@ function userAuth({
csrfHeaderName, csrfHeaderName,
}) { }) {
try { try {
const finalRequest = req || request;
const finalEncryptionKey = const finalEncryptionKey =
encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD; encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
const finalEncryptionSalt = const finalEncryptionSalt =
encryptionSalt || process.env.DSQL_ENCRYPTION_SALT; encryptionSalt || process.env.DSQL_ENCRYPTION_SALT;
const cookies = parseCookies({ const cookies = parseCookies({
request: request || req, request: finalRequest,
cookieString, cookieString,
}); });
@ -129,14 +131,10 @@ function userAuth({
* *
* @description Grab the payload * @description Grab the payload
*/ */
if (level?.match(/deep/i) && finalRequest) {
if ( if (
level?.match(/deep/i) && csrfHeaderName &&
((csrfHeaderName && finalRequest.headers[csrfHeaderName] !== userObject.csrf_k
req?.headers[csrfHeaderName] !== userObject.csrf_k &&
request?.headers[csrfHeaderName] !== userObject.csrf_k) ||
(csrfHeaderIsValue &&
!req?.headers[userObject.csrf_k] &&
!request?.headers[userObject.csrf_k]))
) { ) {
return { return {
success: false, success: false,
@ -145,6 +143,19 @@ function userAuth({
}; };
} }
const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
.filter((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
.find((k) => k == userObject.csrf_k);
if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
return {
success: false,
payload: null,
msg: "CSRF_K Header Key mismatch",
};
}
}
const payloadCreationDate = Number(userObject.date); const payloadCreationDate = Number(userObject.date);
if ( if (