Updates
This commit is contained in:
Benjamin Toby
parent
285d3b8369
commit
7551749784
@ -1,4 +1,5 @@
|
||||
import _ from "lodash";
|
||||
import getCsrfHeaderName from "../../utils/get-csrf-header-name";
|
||||
|
||||
type FetchApiOptions = {
|
||||
method:
|
||||
@ -46,7 +47,7 @@ export default async function fetchApi(
|
||||
} as FetchHeader;
|
||||
|
||||
if (csrf && csrfValue) {
|
||||
finalHeaders[`${csrfValue.replace(/\"/g, "")}`] = "true";
|
||||
finalHeaders[getCsrfHeaderName()] = csrfValue;
|
||||
}
|
||||
|
||||
if (typeof options === "string") {
|
||||
|
||||
3
dist/client/fetch/index.js
vendored
3
dist/client/fetch/index.js
vendored
@ -14,6 +14,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.default = fetchApi;
|
||||
const lodash_1 = __importDefault(require("lodash"));
|
||||
const get_csrf_header_name_1 = __importDefault(require("../../utils/get-csrf-header-name"));
|
||||
/**
|
||||
* # Fetch API
|
||||
*/
|
||||
@ -27,7 +28,7 @@ localStorageCSRFKey) {
|
||||
"Content-Type": "application/json",
|
||||
};
|
||||
if (csrf && csrfValue) {
|
||||
finalHeaders[`${csrfValue.replace(/\"/g, "")}`] = "true";
|
||||
finalHeaders[(0, get_csrf_header_name_1.default)()] = csrfValue;
|
||||
}
|
||||
if (typeof options === "string") {
|
||||
try {
|
||||
|
||||
3
dist/users/user-auth.d.ts
vendored
3
dist/users/user-auth.d.ts
vendored
@ -16,7 +16,6 @@ type Param = {
|
||||
dsqlUserId?: string | number;
|
||||
expiry?: number;
|
||||
csrfHeaderName?: string;
|
||||
csrfHeaderIsValue?: boolean;
|
||||
};
|
||||
/**
|
||||
* Authenticate User from request
|
||||
@ -24,5 +23,5 @@ type Param = {
|
||||
* @description This Function takes in a request object and returns a user object
|
||||
* with the user's data
|
||||
*/
|
||||
export default function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderIsValue, csrfHeaderName, }: Param): AuthenticatedUser;
|
||||
export default function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry, cookieString, csrfHeaderName, }: Param): AuthenticatedUser;
|
||||
export {};
|
||||
|
||||
31
dist/users/user-auth.js
vendored
31
dist/users/user-auth.js
vendored
@ -1,5 +1,4 @@
|
||||
"use strict";
|
||||
// @ts-check
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
@ -9,6 +8,7 @@ const decrypt_1 = __importDefault(require("../package-shared/functions/dsql/decr
|
||||
const get_auth_cookie_names_1 = __importDefault(require("../package-shared/functions/backend/cookies/get-auth-cookie-names"));
|
||||
const write_auth_files_1 = require("../package-shared/functions/backend/auth/write-auth-files");
|
||||
const parseCookies_1 = __importDefault(require("../package-shared/utils/backend/parseCookies"));
|
||||
const get_csrf_header_name_1 = __importDefault(require("../utils/get-csrf-header-name"));
|
||||
const minuteInMilliseconds = 60000;
|
||||
const hourInMilliseconds = minuteInMilliseconds * 60;
|
||||
const dayInMilliseconds = hourInMilliseconds * 24;
|
||||
@ -21,7 +21,7 @@ const yearInMilliseconds = dayInMilliseconds * 365;
|
||||
* @description This Function takes in a request object and returns a user object
|
||||
* with the user's data
|
||||
*/
|
||||
function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry = weekInMilliseconds, cookieString, csrfHeaderIsValue, csrfHeaderName, }) {
|
||||
function userAuth({ request, req, encryptionKey, encryptionSalt, level, database, dsqlUserId, encryptedUserString, expiry = weekInMilliseconds, cookieString, csrfHeaderName, }) {
|
||||
try {
|
||||
const finalRequest = req || request;
|
||||
const finalEncryptionKey = encryptionKey || process.env.DSQL_ENCRYPTION_PASSWORD;
|
||||
@ -39,7 +39,6 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
|
||||
const key = encryptedUserString
|
||||
? encryptedUserString
|
||||
: cookies[authKeyName];
|
||||
const csrf = cookies[csrfName];
|
||||
/**
|
||||
* Grab the payload
|
||||
*
|
||||
@ -89,24 +88,24 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
|
||||
* @description Grab the payload
|
||||
*/
|
||||
if ((level === null || level === void 0 ? void 0 : level.match(/deep/i)) && finalRequest) {
|
||||
if (csrfHeaderName &&
|
||||
finalRequest.headers[csrfHeaderName] !== userObject.csrf_k) {
|
||||
const finalCsrfHeaderName = csrfHeaderName || (0, get_csrf_header_name_1.default)();
|
||||
if (finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K mismatch",
|
||||
};
|
||||
}
|
||||
const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
|
||||
.map((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
|
||||
.find((k) => k == userObject.csrf_k);
|
||||
if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K Header Key mismatch",
|
||||
};
|
||||
}
|
||||
// const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
|
||||
// .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
|
||||
// .find((k) => k == userObject.csrf_k);
|
||||
// if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
|
||||
// return {
|
||||
// success: false,
|
||||
// payload: null,
|
||||
// msg: "CSRF_K Header Key mismatch",
|
||||
// };
|
||||
// }
|
||||
}
|
||||
const payloadCreationDate = Number(userObject.date);
|
||||
if (Number.isNaN(payloadCreationDate) ||
|
||||
@ -138,7 +137,7 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
|
||||
payload: userObject,
|
||||
};
|
||||
}
|
||||
catch ( /** @type {any} */error) {
|
||||
catch (error) {
|
||||
/**
|
||||
* Return User Object
|
||||
*
|
||||
|
||||
1
dist/utils/get-csrf-header-name.d.ts
vendored
Normal file
1
dist/utils/get-csrf-header-name.d.ts
vendored
Normal file
@ -0,0 +1 @@
|
||||
export default function getCsrfHeaderName(): string;
|
||||
6
dist/utils/get-csrf-header-name.js
vendored
Normal file
6
dist/utils/get-csrf-header-name.js
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.default = getCsrfHeaderName;
|
||||
function getCsrfHeaderName() {
|
||||
return "x-csrf-key";
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@moduletrace/datasquirel",
|
||||
"version": "3.4.5",
|
||||
"version": "3.4.6",
|
||||
"description": "Cloud-based SQL data management tool",
|
||||
"main": "dist/index.js",
|
||||
"bin": {
|
||||
|
||||
@ -1,11 +1,10 @@
|
||||
// @ts-check
|
||||
|
||||
import http from "http";
|
||||
import decrypt from "../package-shared/functions/dsql/decrypt";
|
||||
import getAuthCookieNames from "../package-shared/functions/backend/cookies/get-auth-cookie-names";
|
||||
import { checkAuthFile } from "../package-shared/functions/backend/auth/write-auth-files";
|
||||
import parseCookies from "../package-shared/utils/backend/parseCookies";
|
||||
import { AuthenticatedUser } from "../package-shared/types";
|
||||
import getCsrfHeaderName from "../utils/get-csrf-header-name";
|
||||
|
||||
const minuteInMilliseconds = 60000;
|
||||
const hourInMilliseconds = minuteInMilliseconds * 60;
|
||||
@ -26,7 +25,6 @@ type Param = {
|
||||
dsqlUserId?: string | number;
|
||||
expiry?: number;
|
||||
csrfHeaderName?: string;
|
||||
csrfHeaderIsValue?: boolean;
|
||||
};
|
||||
|
||||
/**
|
||||
@ -46,7 +44,6 @@ export default function userAuth({
|
||||
encryptedUserString,
|
||||
expiry = weekInMilliseconds,
|
||||
cookieString,
|
||||
csrfHeaderIsValue,
|
||||
csrfHeaderName,
|
||||
}: Param): AuthenticatedUser {
|
||||
try {
|
||||
@ -73,7 +70,6 @@ export default function userAuth({
|
||||
const key = encryptedUserString
|
||||
? encryptedUserString
|
||||
: cookies[authKeyName];
|
||||
const csrf = cookies[csrfName];
|
||||
|
||||
/**
|
||||
* Grab the payload
|
||||
@ -131,9 +127,9 @@ export default function userAuth({
|
||||
* @description Grab the payload
|
||||
*/
|
||||
if (level?.match(/deep/i) && finalRequest) {
|
||||
const finalCsrfHeaderName = csrfHeaderName || getCsrfHeaderName();
|
||||
if (
|
||||
csrfHeaderName &&
|
||||
finalRequest.headers[csrfHeaderName] !== userObject.csrf_k
|
||||
finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k
|
||||
) {
|
||||
return {
|
||||
success: false,
|
||||
@ -142,17 +138,17 @@ export default function userAuth({
|
||||
};
|
||||
}
|
||||
|
||||
const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
|
||||
.map((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
|
||||
.find((k) => k == userObject.csrf_k);
|
||||
// const targetCsrfHeaderKey = Object.keys(finalRequest.headers)
|
||||
// .map((k) => k.replace(/[^a-zA-Z0-9\-]/g, ""))
|
||||
// .find((k) => k == userObject.csrf_k);
|
||||
|
||||
if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
|
||||
return {
|
||||
success: false,
|
||||
payload: null,
|
||||
msg: "CSRF_K Header Key mismatch",
|
||||
};
|
||||
}
|
||||
// if (csrfHeaderIsValue && !targetCsrfHeaderKey) {
|
||||
// return {
|
||||
// success: false,
|
||||
// payload: null,
|
||||
// msg: "CSRF_K Header Key mismatch",
|
||||
// };
|
||||
// }
|
||||
}
|
||||
|
||||
const payloadCreationDate = Number(userObject.date);
|
||||
@ -191,7 +187,7 @@ export default function userAuth({
|
||||
success: true,
|
||||
payload: userObject,
|
||||
};
|
||||
} catch (/** @type {any} */ error: any) {
|
||||
} catch (error: any) {
|
||||
/**
|
||||
* Return User Object
|
||||
*
|
||||
|
||||
3
utils/get-csrf-header-name.ts
Normal file
3
utils/get-csrf-header-name.ts
Normal file
@ -0,0 +1,3 @@
|
||||
export default function getCsrfHeaderName() {
|
||||
return "x-csrf-key";
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user