Moduletrace/datasquirel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Benjamin Toby 2024-12-14 16:59:41 +01:00
parent 0880526f44
commit 1aa66be3ba
2 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@moduletrace/datasquirel", "name": "@moduletrace/datasquirel",
"version": "3.1.3", "version": "3.1.4",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"bin": { "bin": {

41
users/user-auth.js
View File

@ -52,13 +52,15 @@ function userAuth({
csrfHeaderName, csrfHeaderName,
}) { }) {
try { try {
const finalRequest = req || request;
const finalEncryptionKey = const finalEncryptionKey =
encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD; encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
const finalEncryptionSalt = const finalEncryptionSalt =
encryptionSalt || process.env.DSQL_ENCRYPTION_SALT; encryptionSalt || process.env.DSQL_ENCRYPTION_SALT;
const cookies = parseCookies({ const cookies = parseCookies({
request: request || req, request: finalRequest,
cookieString, cookieString,
}); });
@ -129,20 +131,29 @@ function userAuth({
* *
* @description Grab the payload * @description Grab the payload
*/ */
if ( if (level?.match(/deep/i) && finalRequest) {
level?.match(/deep/i) && if (
((csrfHeaderName && csrfHeaderName &&
req?.headers[csrfHeaderName] !== userObject.csrf_k && finalRequest.headers[csrfHeaderName] !== userObject.csrf_k
request?.headers[csrfHeaderName] !== userObject.csrf_k) || ) {
(csrfHeaderIsValue && return {
!req?.headers[userObject.csrf_k] && success: false,
!request?.headers[userObject.csrf_k])) payload: null,
) { msg: "CSRF_K mismatch",
return { };
success: false, }
payload: null,
msg: "CSRF_K mismatch", const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
}; .filter((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
.find((k) => k == userObject.csrf_k);
if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
return {
success: false,
payload: null,
msg: "CSRF_K Header Key mismatch",
};
}
} }
const payloadCreationDate = Number(userObject.date); const payloadCreationDate = Number(userObject.date);