Moduletrace/datasquirel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Benjamin Toby 2025-01-14 08:41:57 +01:00
parent 285d3b8369
commit 7551749784
9 changed files with 45 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
client/fetch/index.ts
View File

@ -1,4 +1,5 @@
import _ from "lodash"; import _ from "lodash";
import getCsrfHeaderName from "../../utils/get-csrf-header-name";
type FetchApiOptions = { type FetchApiOptions = {
method: method:
@ -46,7 +47,7 @@ export default async function fetchApi(
} as FetchHeader; } as FetchHeader;
if (csrf && csrfValue) { if (csrf && csrfValue) {
finalHeaders[`${csrfValue.replace(/\"/g, "")}`] = "true"; finalHeaders[getCsrfHeaderName()] = csrfValue;
} }
if (typeof options === "string") { if (typeof options === "string") {

3
dist/client/fetch/index.js vendored
View File

@ -14,6 +14,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.default = fetchApi; exports.default = fetchApi;
const lodash_1 = __importDefault(require("lodash")); const lodash_1 = __importDefault(require("lodash"));
const get_csrf_header_name_1 = __importDefault(require("../../utils/get-csrf-header-name"));
/** /**
* # Fetch API * # Fetch API
*/ */
@ -27,7 +28,7 @@ localStorageCSRFKey) {
"Content-Type": "application/json", "Content-Type": "application/json",
}; };
if (csrf && csrfValue) { if (csrf && csrfValue) {
finalHeaders[`${csrfValue.replace(/\"/g, "")}`] = "true"; finalHeaders[(0, get_csrf_header_name_1.default)()] = csrfValue;
} }
if (typeof options === "string") { if (typeof options === "string") {
try { try {

3
dist/users/user-auth.d.ts vendored
View File

@ -16,7 +16,6 @@ type Param = {
dsqlUserId?: string | number; dsqlUserId?: string | number;
expiry?: number; expiry?: number;
csrfHeaderName?: string; csrfHeaderName?: string;
csrfHeaderIsValue?: boolean;
}; };
/** /**
* Authenticate User from request * Authenticate User from request
@ -24,5 +23,5 @@ type Param = {
* @description This Function takes in a request object and returns a user object * @description This Function takes in a request object and returns a user object
* with the user's data * with the user's data
*/ */
export default function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderIsValue, csrfHeaderName, }: Param): AuthenticatedUser; export default function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderName, }: Param): AuthenticatedUser;
export {}; export {};

31
dist/users/user-auth.js vendored
View File

@ -1,5 +1,4 @@
"use strict"; "use strict";
// @ts-check
var __importDefault = (this && this.__importDefault) || function (mod) { var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
@ -9,6 +8,7 @@ const decrypt_1 = __importDefault(require("../package-shared/functions/dsql/decr
const get_auth_cookie_names_1 = __importDefault(require("../package-shared/functions/backend/cookies/get-auth-cookie-names")); const get_auth_cookie_names_1 = __importDefault(require("../package-shared/functions/backend/cookies/get-auth-cookie-names"));
const write_auth_files_1 = require("../package-shared/functions/backend/auth/write-auth-files"); const write_auth_files_1 = require("../package-shared/functions/backend/auth/write-auth-files");
const parseCookies_1 = __importDefault(require("../package-shared/utils/backend/parseCookies")); const parseCookies_1 = __importDefault(require("../package-shared/utils/backend/parseCookies"));
const get_csrf_header_name_1 = __importDefault(require("../utils/get-csrf-header-name"));
const minuteInMilliseconds = 60000; const minuteInMilliseconds = 60000;
const hourInMilliseconds = minuteInMilliseconds * 60; const hourInMilliseconds = minuteInMilliseconds * 60;
const dayInMilliseconds = hourInMilliseconds * 24; const dayInMilliseconds = hourInMilliseconds * 24;
@ -21,7 +21,7 @@ const yearInMilliseconds = dayInMilliseconds * 365;
* @description This Function takes in a request object and returns a user object * @description This Function takes in a request object and returns a user object
* with the user's data * with the user's data
*/ */
function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry = weekInMilliseconds, cookieString, csrfHeaderIsValue, csrfHeaderName, }) { function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry = weekInMilliseconds, cookieString, csrfHeaderName, }) {
try { try {
const finalRequest = req || request; const finalRequest = req || request;
const finalEncryptionKey = encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD; const finalEncryptionKey = encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
@ -39,7 +39,6 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
const key = encryptedUserString const key = encryptedUserString
? encryptedUserString ? encryptedUserString
: cookies[authKeyName]; : cookies[authKeyName];
const csrf = cookies[csrfName];
/** /**
* Grab the payload * Grab the payload
* *
@ -89,24 +88,24 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
* @description Grab the payload * @description Grab the payload
*/ */
if ((level === null || level === void 0 ? void 0 : level.match(/deep/i)) && finalRequest) { if ((level === null || level === void 0 ? void 0 : level.match(/deep/i)) && finalRequest) {
if (csrfHeaderName && const finalCsrfHeaderName = csrfHeaderName || (0, get_csrf_header_name_1.default)();
finalRequest.headers[csrfHeaderName] !== userObject.csrf_k) { if (finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k) {
return { return {
success: false, success: false,
payload: null, payload: null,
msg: "CSRF_K mismatch", msg: "CSRF_K mismatch",
}; };
} }
const targetCsrfHeaderKey = Object.keys(finalRequest.headers) // const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
.map((k) => k.replace(/[^a-zA-Z0-9\-]/g, "")) // .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
.find((k) => k == userObject.csrf_k); // .find((k) => k == userObject.csrf_k);
if (csrfHeaderIsValue && !targetCsrfHeaderKey) { // if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
return { // return {
success: false, // success: false,
payload: null, // payload: null,
msg: "CSRF_K Header Key mismatch", // msg: "CSRF_K Header Key mismatch",
}; // };
} // }
} }
const payloadCreationDate = Number(userObject.date); const payloadCreationDate = Number(userObject.date);
if (Number.isNaN(payloadCreationDate) || if (Number.isNaN(payloadCreationDate) ||
@ -138,7 +137,7 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
payload: userObject, payload: userObject,
}; };
} }
catch ( /** @type {any} */error) { catch (error) {
/** /**
* Return User Object * Return User Object
* *

1
dist/utils/get-csrf-header-name.d.ts vendored Normal file
View File

@ -0,0 +1 @@
export default function getCsrfHeaderName(): string;

6
dist/utils/get-csrf-header-name.js vendored Normal file
View File

@ -0,0 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = getCsrfHeaderName;
function getCsrfHeaderName() {
return "x-csrf-key";
}

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@moduletrace/datasquirel", "name": "@moduletrace/datasquirel",
"version": "3.4.5", "version": "3.4.6",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "dist/index.js", "main": "dist/index.js",
"bin": { "bin": {

32
users/user-auth.ts
View File

@ -1,11 +1,10 @@
// @ts-check
import http from "http"; import http from "http";
import decrypt from "../package-shared/functions/dsql/decrypt"; import decrypt from "../package-shared/functions/dsql/decrypt";
import getAuthCookieNames from "../package-shared/functions/backend/cookies/get-auth-cookie-names"; import getAuthCookieNames from "../package-shared/functions/backend/cookies/get-auth-cookie-names";
import { checkAuthFile } from "../package-shared/functions/backend/auth/write-auth-files"; import { checkAuthFile } from "../package-shared/functions/backend/auth/write-auth-files";
import parseCookies from "../package-shared/utils/backend/parseCookies"; import parseCookies from "../package-shared/utils/backend/parseCookies";
import { AuthenticatedUser } from "../package-shared/types"; import { AuthenticatedUser } from "../package-shared/types";
import getCsrfHeaderName from "../utils/get-csrf-header-name";
const minuteInMilliseconds = 60000; const minuteInMilliseconds = 60000;
const hourInMilliseconds = minuteInMilliseconds * 60; const hourInMilliseconds = minuteInMilliseconds * 60;
@ -26,7 +25,6 @@ type Param = {
dsqlUserId?: string | number; dsqlUserId?: string | number;
expiry?: number; expiry?: number;
csrfHeaderName?: string; csrfHeaderName?: string;
csrfHeaderIsValue?: boolean;
}; };
/** /**
@ -46,7 +44,6 @@ export default function userAuth({
encryptedUserString, encryptedUserString,
expiry = weekInMilliseconds, expiry = weekInMilliseconds,
cookieString, cookieString,
csrfHeaderIsValue,
csrfHeaderName, csrfHeaderName,
}: Param): AuthenticatedUser { }: Param): AuthenticatedUser {
try { try {
@ -73,7 +70,6 @@ export default function userAuth({
const key = encryptedUserString const key = encryptedUserString
? encryptedUserString ? encryptedUserString
: cookies[authKeyName]; : cookies[authKeyName];
const csrf = cookies[csrfName];
/** /**
* Grab the payload * Grab the payload
@ -131,9 +127,9 @@ export default function userAuth({
* @description Grab the payload * @description Grab the payload
*/ */
if (level?.match(/deep/i) && finalRequest) { if (level?.match(/deep/i) && finalRequest) {
const finalCsrfHeaderName = csrfHeaderName || getCsrfHeaderName();
if ( if (
csrfHeaderName && finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k
finalRequest.headers[csrfHeaderName] !== userObject.csrf_k
) { ) {
return { return {
success: false, success: false,
@ -142,17 +138,17 @@ export default function userAuth({
}; };
} }
const targetCsrfHeaderKey = Object.keys(finalRequest.headers) // const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
.map((k) => k.replace(/[^a-zA-Z0-9\-]/g, "")) // .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
.find((k) => k == userObject.csrf_k); // .find((k) => k == userObject.csrf_k);
if (csrfHeaderIsValue && !targetCsrfHeaderKey) { // if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
return { // return {
success: false, // success: false,
payload: null, // payload: null,
msg: "CSRF_K Header Key mismatch", // msg: "CSRF_K Header Key mismatch",
}; // };
} // }
} }
const payloadCreationDate = Number(userObject.date); const payloadCreationDate = Number(userObject.date);
@ -191,7 +187,7 @@ export default function userAuth({
success: true, success: true,
payload: userObject, payload: userObject,
}; };
} catch (/** @type {any} */ error: any) { } catch (error: any) {
/** /**
* Return User Object * Return User Object
* *

3
utils/get-csrf-header-name.ts Normal file
View File

@ -0,0 +1,3 @@
export default function getCsrfHeaderName() {
return "x-csrf-key";
}