updates
This commit is contained in:
parent
224dbf4175
commit
7e83ab8d0e
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "datasquirel",
|
"name": "datasquirel",
|
||||||
"version": "1.0.6",
|
"version": "1.0.8",
|
||||||
"description": "Cloud-based SQL data management tool",
|
"description": "Cloud-based SQL data management tool",
|
||||||
"main": "index.js",
|
"main": "index.js",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
|
@ -131,7 +131,7 @@ module.exports = async function ({ key, payload, database, response, encryptionK
|
|||||||
encryptionSalt,
|
encryptionSalt,
|
||||||
});
|
});
|
||||||
|
|
||||||
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.csrf};samesite=strict;path=/;HttpOnly=true`]);
|
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf};samesite=strict;path=/;HttpOnly=true`]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** ********************************************** */
|
/** ********************************************** */
|
||||||
|
@ -21,75 +21,88 @@ const decrypt = require("../functions/decrypt");
|
|||||||
* @param {String} encryptionSalt - Encryption Salt
|
* @param {String} encryptionSalt - Encryption Salt
|
||||||
*/
|
*/
|
||||||
module.exports = function ({ request, encryptionKey, encryptionSalt }) {
|
module.exports = function ({ request, encryptionKey, encryptionSalt }) {
|
||||||
/**
|
try {
|
||||||
* Grab the payload
|
/**
|
||||||
*
|
* Grab the payload
|
||||||
* @description Grab the payload
|
*
|
||||||
*/
|
* @description Grab the payload
|
||||||
let userPayload = decrypt({
|
*/
|
||||||
encryptedString: request.cookies.datasquirelAuthKey,
|
let userPayload = decrypt({
|
||||||
encryptionKey,
|
encryptedString: request.cookies.datasquirelAuthKey,
|
||||||
encryptionSalt,
|
encryptionKey,
|
||||||
});
|
encryptionSalt,
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Grab the payload
|
* Grab the payload
|
||||||
*
|
*
|
||||||
* @description Grab the payload
|
* @description Grab the payload
|
||||||
*/
|
*/
|
||||||
if (!userPayload) {
|
if (!userPayload) {
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "Couldn't Decrypt cookie",
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Grab the payload
|
||||||
|
*
|
||||||
|
* @description Grab the payload
|
||||||
|
*/
|
||||||
|
let userObject = JSON.parse(userPayload);
|
||||||
|
|
||||||
|
if (!userObject.csrf_k) {
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "No CSRF_K in decrypted payload",
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Grab the payload
|
||||||
|
*
|
||||||
|
* @description Grab the payload
|
||||||
|
*/
|
||||||
|
if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) {
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "CSRF_K requested but does not match payload",
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return User Object
|
||||||
|
*
|
||||||
|
* @description Return User Object
|
||||||
|
*/
|
||||||
|
return {
|
||||||
|
success: true,
|
||||||
|
payload: userObject,
|
||||||
|
};
|
||||||
|
} catch (error) {
|
||||||
|
/**
|
||||||
|
* Return User Object
|
||||||
|
*
|
||||||
|
* @description Return User Object
|
||||||
|
*/
|
||||||
return {
|
return {
|
||||||
success: false,
|
success: false,
|
||||||
payload: null,
|
payload: null,
|
||||||
msg: "Couldn't Decrypt cookie",
|
msg: error.message,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Grab the payload
|
|
||||||
*
|
|
||||||
* @description Grab the payload
|
|
||||||
*/
|
|
||||||
let userObject = JSON.parse(userPayload);
|
|
||||||
|
|
||||||
if (!userObject.csrf_k) {
|
|
||||||
return {
|
|
||||||
success: false,
|
|
||||||
payload: null,
|
|
||||||
msg: "No CSRF_K in decrypted payload",
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
/** ********************************************** */
|
|
||||||
/** ********************************************** */
|
|
||||||
/** ********************************************** */
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Grab the payload
|
|
||||||
*
|
|
||||||
* @description Grab the payload
|
|
||||||
*/
|
|
||||||
if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) {
|
|
||||||
return {
|
|
||||||
success: false,
|
|
||||||
payload: null,
|
|
||||||
msg: "CSRF_K requested but does not match payload",
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
/** ********************************************** */
|
|
||||||
/** ********************************************** */
|
|
||||||
/** ********************************************** */
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return User Object
|
|
||||||
*
|
|
||||||
* @description Return User Object
|
|
||||||
*/
|
|
||||||
return {
|
|
||||||
success: true,
|
|
||||||
payload: userObject,
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/** ********************************************** */
|
/** ********************************************** */
|
||||||
|
Loading…
Reference in New Issue
Block a user