From 7e83ab8d0ebb53b5716aa5b38f61f02dfe73e8d1 Mon Sep 17 00:00:00 2001 From: Tben <52448020+BenjaminToby@users.noreply.github.com> Date: Sat, 6 May 2023 14:15:22 +0100 Subject: [PATCH] updates --- package.json | 2 +- users/login-user.js | 2 +- users/user-auth.js | 139 ++++++++++++++++++++++++-------------------- 3 files changed, 78 insertions(+), 65 deletions(-) diff --git a/package.json b/package.json index 1ed5ade..c809ad6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "datasquirel", - "version": "1.0.6", + "version": "1.0.8", "description": "Cloud-based SQL data management tool", "main": "index.js", "scripts": { diff --git a/users/login-user.js b/users/login-user.js index 3bcf7e7..4ef3829 100644 --- a/users/login-user.js +++ b/users/login-user.js @@ -131,7 +131,7 @@ module.exports = async function ({ key, payload, database, response, encryptionK encryptionSalt, }); - response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.csrf};samesite=strict;path=/;HttpOnly=true`]); + response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf};samesite=strict;path=/;HttpOnly=true`]); } /** ********************************************** */ diff --git a/users/user-auth.js b/users/user-auth.js index 156e8e8..9111004 100644 --- a/users/user-auth.js +++ b/users/user-auth.js @@ -21,75 +21,88 @@ const decrypt = require("../functions/decrypt"); * @param {String} encryptionSalt - Encryption Salt */ module.exports = function ({ request, encryptionKey, encryptionSalt }) { - /** - * Grab the payload - * - * @description Grab the payload - */ - let userPayload = decrypt({ - encryptedString: request.cookies.datasquirelAuthKey, - encryptionKey, - encryptionSalt, - }); + try { + /** + * Grab the payload + * + * @description Grab the payload + */ + let userPayload = decrypt({ + encryptedString: request.cookies.datasquirelAuthKey, + encryptionKey, + encryptionSalt, + }); - /** - * Grab the payload - * - * @description Grab the payload - */ - if (!userPayload) { + /** + * Grab the payload + * + * @description Grab the payload + */ + if (!userPayload) { + return { + success: false, + payload: null, + msg: "Couldn't Decrypt cookie", + }; + } + + /** + * Grab the payload + * + * @description Grab the payload + */ + let userObject = JSON.parse(userPayload); + + if (!userObject.csrf_k) { + return { + success: false, + payload: null, + msg: "No CSRF_K in decrypted payload", + }; + } + + /** ********************************************** */ + /** ********************************************** */ + /** ********************************************** */ + + /** + * Grab the payload + * + * @description Grab the payload + */ + if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) { + return { + success: false, + payload: null, + msg: "CSRF_K requested but does not match payload", + }; + } + + /** ********************************************** */ + /** ********************************************** */ + /** ********************************************** */ + + /** + * Return User Object + * + * @description Return User Object + */ + return { + success: true, + payload: userObject, + }; + } catch (error) { + /** + * Return User Object + * + * @description Return User Object + */ return { success: false, payload: null, - msg: "Couldn't Decrypt cookie", + msg: error.message, }; } - - /** - * Grab the payload - * - * @description Grab the payload - */ - let userObject = JSON.parse(userPayload); - - if (!userObject.csrf_k) { - return { - success: false, - payload: null, - msg: "No CSRF_K in decrypted payload", - }; - } - - /** ********************************************** */ - /** ********************************************** */ - /** ********************************************** */ - - /** - * Grab the payload - * - * @description Grab the payload - */ - if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) { - return { - success: false, - payload: null, - msg: "CSRF_K requested but does not match payload", - }; - } - - /** ********************************************** */ - /** ********************************************** */ - /** ********************************************** */ - - /** - * Return User Object - * - * @description Return User Object - */ - return { - success: true, - payload: userObject, - }; }; /** ********************************************** */