diff --git a/client/fetch/index.ts b/client/fetch/index.ts index 44fbba1..a7b31ca 100644 --- a/client/fetch/index.ts +++ b/client/fetch/index.ts @@ -1,4 +1,5 @@ import _ from "lodash"; +import getCsrfHeaderName from "../../utils/get-csrf-header-name"; type FetchApiOptions = { method: @@ -46,7 +47,7 @@ export default async function fetchApi( } as FetchHeader; if (csrf && csrfValue) { - finalHeaders[`${csrfValue.replace(/\"/g, "")}`] = "true"; + finalHeaders[getCsrfHeaderName()] = csrfValue; } if (typeof options === "string") { diff --git a/dist/client/fetch/index.js b/dist/client/fetch/index.js index 512cefc..01b1de5 100644 --- a/dist/client/fetch/index.js +++ b/dist/client/fetch/index.js @@ -14,6 +14,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) { Object.defineProperty(exports, "__esModule", { value: true }); exports.default = fetchApi; const lodash_1 = __importDefault(require("lodash")); +const get_csrf_header_name_1 = __importDefault(require("../../utils/get-csrf-header-name")); /** * # Fetch API */ @@ -27,7 +28,7 @@ localStorageCSRFKey) { "Content-Type": "application/json", }; if (csrf && csrfValue) { - finalHeaders[`${csrfValue.replace(/\"/g, "")}`] = "true"; + finalHeaders[(0, get_csrf_header_name_1.default)()] = csrfValue; } if (typeof options === "string") { try { diff --git a/dist/users/user-auth.d.ts b/dist/users/user-auth.d.ts index dc8460b..0fdd6f3 100644 --- a/dist/users/user-auth.d.ts +++ b/dist/users/user-auth.d.ts @@ -16,7 +16,6 @@ type Param = { dsqlUserId?: string | number; expiry?: number; csrfHeaderName?: string; - csrfHeaderIsValue?: boolean; }; /** * Authenticate User from request @@ -24,5 +23,5 @@ type Param = { * @description This Function takes in a request object and returns a user object * with the user's data */ -export default function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderIsValue, csrfHeaderName, }: Param): AuthenticatedUser; +export default function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderName, }: Param): AuthenticatedUser; export {}; diff --git a/dist/users/user-auth.js b/dist/users/user-auth.js index ccc71eb..872e846 100644 --- a/dist/users/user-auth.js +++ b/dist/users/user-auth.js @@ -1,5 +1,4 @@ "use strict"; -// @ts-check var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; @@ -9,6 +8,7 @@ const decrypt_1 = __importDefault(require("../package-shared/functions/dsql/decr const get_auth_cookie_names_1 = __importDefault(require("../package-shared/functions/backend/cookies/get-auth-cookie-names")); const write_auth_files_1 = require("../package-shared/functions/backend/auth/write-auth-files"); const parseCookies_1 = __importDefault(require("../package-shared/utils/backend/parseCookies")); +const get_csrf_header_name_1 = __importDefault(require("../utils/get-csrf-header-name")); const minuteInMilliseconds = 60000; const hourInMilliseconds = minuteInMilliseconds * 60; const dayInMilliseconds = hourInMilliseconds * 24; @@ -21,7 +21,7 @@ const yearInMilliseconds = dayInMilliseconds * 365; * @description This Function takes in a request object and returns a user object * with the user's data */ -function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry = weekInMilliseconds, cookieString, csrfHeaderIsValue, csrfHeaderName, }) { +function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry = weekInMilliseconds, cookieString, csrfHeaderName, }) { try { const finalRequest = req || request; const finalEncryptionKey = encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD; @@ -39,7 +39,6 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database const key = encryptedUserString ? encryptedUserString : cookies[authKeyName]; - const csrf = cookies[csrfName]; /** * Grab the payload * @@ -89,24 +88,24 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database * @description Grab the payload */ if ((level === null || level === void 0 ? void 0 : level.match(/deep/i)) && finalRequest) { - if (csrfHeaderName && - finalRequest.headers[csrfHeaderName] !== userObject.csrf_k) { + const finalCsrfHeaderName = csrfHeaderName || (0, get_csrf_header_name_1.default)(); + if (finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k) { return { success: false, payload: null, msg: "CSRF_K mismatch", }; } - const targetCsrfHeaderKey = Object.keys(finalRequest.headers) - .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, "")) - .find((k) => k == userObject.csrf_k); - if (csrfHeaderIsValue && !targetCsrfHeaderKey) { - return { - success: false, - payload: null, - msg: "CSRF_K Header Key mismatch", - }; - } + // const targetCsrfHeaderKey = Object.keys(finalRequest.headers) + // .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, "")) + // .find((k) => k == userObject.csrf_k); + // if (csrfHeaderIsValue && !targetCsrfHeaderKey) { + // return { + // success: false, + // payload: null, + // msg: "CSRF_K Header Key mismatch", + // }; + // } } const payloadCreationDate = Number(userObject.date); if (Number.isNaN(payloadCreationDate) || @@ -138,7 +137,7 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database payload: userObject, }; } - catch ( /** @type {any} */error) { + catch (error) { /** * Return User Object * diff --git a/dist/utils/get-csrf-header-name.d.ts b/dist/utils/get-csrf-header-name.d.ts new file mode 100644 index 0000000..c3eef54 --- /dev/null +++ b/dist/utils/get-csrf-header-name.d.ts @@ -0,0 +1 @@ +export default function getCsrfHeaderName(): string; diff --git a/dist/utils/get-csrf-header-name.js b/dist/utils/get-csrf-header-name.js new file mode 100644 index 0000000..6c9a7b9 --- /dev/null +++ b/dist/utils/get-csrf-header-name.js @@ -0,0 +1,6 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.default = getCsrfHeaderName; +function getCsrfHeaderName() { + return "x-csrf-key"; +} diff --git a/package.json b/package.json index d867cdb..8987c98 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@moduletrace/datasquirel", - "version": "3.4.5", + "version": "3.4.6", "description": "Cloud-based SQL data management tool", "main": "dist/index.js", "bin": { diff --git a/users/user-auth.ts b/users/user-auth.ts index 512de9f..843592a 100644 --- a/users/user-auth.ts +++ b/users/user-auth.ts @@ -1,11 +1,10 @@ -// @ts-check - import http from "http"; import decrypt from "../package-shared/functions/dsql/decrypt"; import getAuthCookieNames from "../package-shared/functions/backend/cookies/get-auth-cookie-names"; import { checkAuthFile } from "../package-shared/functions/backend/auth/write-auth-files"; import parseCookies from "../package-shared/utils/backend/parseCookies"; import { AuthenticatedUser } from "../package-shared/types"; +import getCsrfHeaderName from "../utils/get-csrf-header-name"; const minuteInMilliseconds = 60000; const hourInMilliseconds = minuteInMilliseconds * 60; @@ -26,7 +25,6 @@ type Param = { dsqlUserId?: string | number; expiry?: number; csrfHeaderName?: string; - csrfHeaderIsValue?: boolean; }; /** @@ -46,7 +44,6 @@ export default function userAuth({ encryptedUserString, expiry = weekInMilliseconds, cookieString, - csrfHeaderIsValue, csrfHeaderName, }: Param): AuthenticatedUser { try { @@ -73,7 +70,6 @@ export default function userAuth({ const key = encryptedUserString ? encryptedUserString : cookies[authKeyName]; - const csrf = cookies[csrfName]; /** * Grab the payload @@ -131,9 +127,9 @@ export default function userAuth({ * @description Grab the payload */ if (level?.match(/deep/i) && finalRequest) { + const finalCsrfHeaderName = csrfHeaderName || getCsrfHeaderName(); if ( - csrfHeaderName && - finalRequest.headers[csrfHeaderName] !== userObject.csrf_k + finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k ) { return { success: false, @@ -142,17 +138,17 @@ export default function userAuth({ }; } - const targetCsrfHeaderKey = Object.keys(finalRequest.headers) - .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, "")) - .find((k) => k == userObject.csrf_k); + // const targetCsrfHeaderKey = Object.keys(finalRequest.headers) + // .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, "")) + // .find((k) => k == userObject.csrf_k); - if (csrfHeaderIsValue && !targetCsrfHeaderKey) { - return { - success: false, - payload: null, - msg: "CSRF_K Header Key mismatch", - }; - } + // if (csrfHeaderIsValue && !targetCsrfHeaderKey) { + // return { + // success: false, + // payload: null, + // msg: "CSRF_K Header Key mismatch", + // }; + // } } const payloadCreationDate = Number(userObject.date); @@ -191,7 +187,7 @@ export default function userAuth({ success: true, payload: userObject, }; - } catch (/** @type {any} */ error: any) { + } catch (error: any) { /** * Return User Object * diff --git a/utils/get-csrf-header-name.ts b/utils/get-csrf-header-name.ts new file mode 100644 index 0000000..bf5024b --- /dev/null +++ b/utils/get-csrf-header-name.ts @@ -0,0 +1,3 @@ +export default function getCsrfHeaderName() { + return "x-csrf-key"; +}