This commit is contained in:
Tben 2023-05-09 15:12:55 +01:00
parent 23452dea63
commit 52628e8eee
3 changed files with 17 additions and 5 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "datasquirel", "name": "datasquirel",
"version": "1.0.15", "version": "1.1.0",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {

View File

@ -131,7 +131,12 @@ module.exports = async function ({ key, payload, database, response, encryptionK
encryptionSalt, encryptionSalt,
}); });
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`]); const { userId } = httpResponse;
const authKeyName = `datasquirel_${userId}_${database}_auth_key`;
const csrfName = `datasquirel_${userId}_${database}_csrf`;
response.setHeader("Set-Cookie", [`${authKeyName}=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `${csrfName}=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`, `dsqluid=${userId};samesite=strict;path=/;HttpOnly=true`]);
} }
/** ********************************************** */ /** ********************************************** */

View File

@ -19,15 +19,22 @@ const decrypt = require("../functions/decrypt");
* @param {Object} request - Http request object * @param {Object} request - Http request object
* @param {String} encryptionKey - Encryption Key * @param {String} encryptionKey - Encryption Key
* @param {String} encryptionSalt - Encryption Salt * @param {String} encryptionSalt - Encryption Salt
* @param {String} level - Optional. "Deep" value indicates an extra layer of security
* @param {String} database - Database Name
*/ */
module.exports = function ({ request, encryptionKey, encryptionSalt, level }) { module.exports = function ({ request, encryptionKey, encryptionSalt, level, database }) {
try { try {
/** /**
* Grab the payload * Grab the payload
* *
* @description Grab the payload * @description Grab the payload
*/ */
const csrf = request.cookies.csrf; const dsqluid = request.cookies.dsqluid;
const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
const key = request.cookies[authKeyName];
const csrf = request.cookies[csrfName];
/** /**
* Grab the payload * Grab the payload
@ -35,7 +42,7 @@ module.exports = function ({ request, encryptionKey, encryptionSalt, level }) {
* @description Grab the payload * @description Grab the payload
*/ */
let userPayload = decrypt({ let userPayload = decrypt({
encryptedString: request.cookies.datasquirelAuthKey, encryptedString: key,
encryptionKey, encryptionKey,
encryptionSalt, encryptionSalt,
}); });