From 52628e8eee23055b5cc82a3e566da1aab4e9a3e3 Mon Sep 17 00:00:00 2001 From: Tben <52448020+BenjaminToby@users.noreply.github.com> Date: Tue, 9 May 2023 15:12:55 +0100 Subject: [PATCH] updates --- package.json | 2 +- users/login-user.js | 7 ++++++- users/user-auth.js | 13 ++++++++++--- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index d8fb6f1..a121098 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "datasquirel", - "version": "1.0.15", + "version": "1.1.0", "description": "Cloud-based SQL data management tool", "main": "index.js", "scripts": { diff --git a/users/login-user.js b/users/login-user.js index b30025d..5e0e973 100644 --- a/users/login-user.js +++ b/users/login-user.js @@ -131,7 +131,12 @@ module.exports = async function ({ key, payload, database, response, encryptionK encryptionSalt, }); - response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`]); + const { userId } = httpResponse; + + const authKeyName = `datasquirel_${userId}_${database}_auth_key`; + const csrfName = `datasquirel_${userId}_${database}_csrf`; + + response.setHeader("Set-Cookie", [`${authKeyName}=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `${csrfName}=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`, `dsqluid=${userId};samesite=strict;path=/;HttpOnly=true`]); } /** ********************************************** */ diff --git a/users/user-auth.js b/users/user-auth.js index 3530a11..0e614ea 100644 --- a/users/user-auth.js +++ b/users/user-auth.js @@ -19,15 +19,22 @@ const decrypt = require("../functions/decrypt"); * @param {Object} request - Http request object * @param {String} encryptionKey - Encryption Key * @param {String} encryptionSalt - Encryption Salt + * @param {String} level - Optional. "Deep" value indicates an extra layer of security + * @param {String} database - Database Name */ -module.exports = function ({ request, encryptionKey, encryptionSalt, level }) { +module.exports = function ({ request, encryptionKey, encryptionSalt, level, database }) { try { /** * Grab the payload * * @description Grab the payload */ - const csrf = request.cookies.csrf; + const dsqluid = request.cookies.dsqluid; + const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`; + const csrfName = `datasquirel_${dsqluid}_${database}_csrf`; + + const key = request.cookies[authKeyName]; + const csrf = request.cookies[csrfName]; /** * Grab the payload @@ -35,7 +42,7 @@ module.exports = function ({ request, encryptionKey, encryptionSalt, level }) { * @description Grab the payload */ let userPayload = decrypt({ - encryptedString: request.cookies.datasquirelAuthKey, + encryptedString: key, encryptionKey, encryptionSalt, });