updates

2023-05-09 15:12:55 +01:00 · 2023-05-09 15:12:55 +01:00 · 52628e8eee
commit 52628e8eee
parent 23452dea63
3 changed files with 17 additions and 5 deletions
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
    "name": "datasquirel",
-    "version": "1.0.15",
+    "version": "1.1.0",
    "description": "Cloud-based SQL data management tool",
    "main": "index.js",
    "scripts": {
--- a/users/login-user.js
+++ b/users/login-user.js
@ -131,7 +131,12 @@ module.exports = async function ({ key, payload, database, response, encryptionK
            encryptionSalt,
        });

-        response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`]);
+        const { userId } = httpResponse;
+
+        const authKeyName = `datasquirel_${userId}_${database}_auth_key`;
+        const csrfName = `datasquirel_${userId}_${database}_csrf`;
+
+        response.setHeader("Set-Cookie", [`${authKeyName}=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `${csrfName}=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`, `dsqluid=${userId};samesite=strict;path=/;HttpOnly=true`]);
    }

    /** ********************************************** */
--- a/users/user-auth.js
+++ b/users/user-auth.js
@ -19,15 +19,22 @@ const decrypt = require("../functions/decrypt");
 * @param {Object} request - Http request object
 * @param {String} encryptionKey - Encryption Key
 * @param {String} encryptionSalt - Encryption Salt
+ * @param {String} level - Optional. "Deep" value indicates an extra layer of security
+ * @param {String} database - Database Name
 */
-module.exports = function ({ request, encryptionKey, encryptionSalt, level }) {
+module.exports = function ({ request, encryptionKey, encryptionSalt, level, database }) {
    try {
        /**
         * Grab the payload
         *
         * @description Grab the payload
         */
-        const csrf = request.cookies.csrf;
+        const dsqluid = request.cookies.dsqluid;
+        const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
+        const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
+
+        const key = request.cookies[authKeyName];
+        const csrf = request.cookies[csrfName];

        /**
         * Grab the payload
@ -35,7 +42,7 @@ module.exports = function ({ request, encryptionKey, encryptionSalt, level }) {
         * @description Grab the payload
         */
        let userPayload = decrypt({
-            encryptedString: request.cookies.datasquirelAuthKey,
+            encryptedString: key,
            encryptionKey,
            encryptionSalt,
        });