This commit is contained in:
Tben 2023-05-06 14:15:22 +01:00
parent 224dbf4175
commit 7e83ab8d0e
3 changed files with 78 additions and 65 deletions

View File

@ -1,6 +1,6 @@
{ {
"name": "datasquirel", "name": "datasquirel",
"version": "1.0.6", "version": "1.0.8",
"description": "Cloud-based SQL data management tool", "description": "Cloud-based SQL data management tool",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {

View File

@ -131,7 +131,7 @@ module.exports = async function ({ key, payload, database, response, encryptionK
encryptionSalt, encryptionSalt,
}); });
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.csrf};samesite=strict;path=/;HttpOnly=true`]); response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf};samesite=strict;path=/;HttpOnly=true`]);
} }
/** ********************************************** */ /** ********************************************** */

View File

@ -21,75 +21,88 @@ const decrypt = require("../functions/decrypt");
* @param {String} encryptionSalt - Encryption Salt * @param {String} encryptionSalt - Encryption Salt
*/ */
module.exports = function ({ request, encryptionKey, encryptionSalt }) { module.exports = function ({ request, encryptionKey, encryptionSalt }) {
/** try {
* Grab the payload /**
* * Grab the payload
* @description Grab the payload *
*/ * @description Grab the payload
let userPayload = decrypt({ */
encryptedString: request.cookies.datasquirelAuthKey, let userPayload = decrypt({
encryptionKey, encryptedString: request.cookies.datasquirelAuthKey,
encryptionSalt, encryptionKey,
}); encryptionSalt,
});
/** /**
* Grab the payload * Grab the payload
* *
* @description Grab the payload * @description Grab the payload
*/ */
if (!userPayload) { if (!userPayload) {
return {
success: false,
payload: null,
msg: "Couldn't Decrypt cookie",
};
}
/**
* Grab the payload
*
* @description Grab the payload
*/
let userObject = JSON.parse(userPayload);
if (!userObject.csrf_k) {
return {
success: false,
payload: null,
msg: "No CSRF_K in decrypted payload",
};
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Grab the payload
*
* @description Grab the payload
*/
if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) {
return {
success: false,
payload: null,
msg: "CSRF_K requested but does not match payload",
};
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Return User Object
*
* @description Return User Object
*/
return {
success: true,
payload: userObject,
};
} catch (error) {
/**
* Return User Object
*
* @description Return User Object
*/
return { return {
success: false, success: false,
payload: null, payload: null,
msg: "Couldn't Decrypt cookie", msg: error.message,
}; };
} }
/**
* Grab the payload
*
* @description Grab the payload
*/
let userObject = JSON.parse(userPayload);
if (!userObject.csrf_k) {
return {
success: false,
payload: null,
msg: "No CSRF_K in decrypted payload",
};
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Grab the payload
*
* @description Grab the payload
*/
if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) {
return {
success: false,
payload: null,
msg: "CSRF_K requested but does not match payload",
};
}
/** ********************************************** */
/** ********************************************** */
/** ********************************************** */
/**
* Return User Object
*
* @description Return User Object
*/
return {
success: true,
payload: userObject,
};
}; };
/** ********************************************** */ /** ********************************************** */