Moduletrace/datasquirel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Benjamin Toby 2024-12-14 16:59:41 +01:00
parent 0880526f44
commit 1aa66be3ba
2 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "@moduletrace/datasquirel",
"version": "3.1.3",
"version": "3.1.4",
"description": "Cloud-based SQL data management tool",
"main": "index.js",
"bin": {

27
users/user-auth.js
View File

@ -52,13 +52,15 @@ function userAuth({
csrfHeaderName,
}) {
try {
const finalRequest = req || request;
const finalEncryptionKey =
encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
const finalEncryptionSalt =
encryptionSalt || process.env.DSQL_ENCRYPTION_SALT;
const cookies = parseCookies({
request: request || req,
request: finalRequest,
cookieString,
});
@ -129,14 +131,10 @@ function userAuth({
*
* @description Grab the payload
*/
if (level?.match(/deep/i) && finalRequest) {
if (
level?.match(/deep/i) &&
((csrfHeaderName &&
req?.headers[csrfHeaderName] !== userObject.csrf_k &&
request?.headers[csrfHeaderName] !== userObject.csrf_k) ||
(csrfHeaderIsValue &&
!req?.headers[userObject.csrf_k] &&
!request?.headers[userObject.csrf_k]))
csrfHeaderName &&
finalRequest.headers[csrfHeaderName] !== userObject.csrf_k
) {
return {
success: false,
@ -145,6 +143,19 @@ function userAuth({
};
}
const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
.filter((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
.find((k) => k == userObject.csrf_k);
if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
return {
success: false,
payload: null,
msg: "CSRF_K Header Key mismatch",
};
}
}
const payloadCreationDate = Number(userObject.date);
if (