Moduletrace/datasquirel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Benjamin Toby 2025-05-04 18:49:34 +01:00
parent e4c6c995ef
commit 9ea903a401
5 changed files with 87 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dist/package-shared/actions/get-csrf-header-name.js vendored
View File

@ -2,5 +2,5 @@
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = getCsrfHeaderName;
function getCsrfHeaderName() {
return "x-csrf-key";
return "x-dsql-csrf-key";
}

52
dist/package-shared/actions/users/user-auth.js vendored
View File

@ -10,6 +10,7 @@ const write_auth_files_1 = require("../../functions/backend/auth/write-auth-file
const parseCookies_1 = __importDefault(require("../../utils/backend/parseCookies"));
const get_csrf_header_name_1 = __importDefault(require("../../actions/get-csrf-header-name"));
const grab_host_names_1 = __importDefault(require("../../utils/grab-host-names"));
const debug_log_1 = __importDefault(require("@/package-shared/utils/logging/debug-log"));
const minuteInMilliseconds = 60000;
const hourInMilliseconds = minuteInMilliseconds * 60;
const dayInMilliseconds = hourInMilliseconds * 24;
@ -32,20 +33,32 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
cookieString,
});
if (debug) {
console.log("userAuth:cookies:", cookies);
(0, debug_log_1.default)({
log: cookies,
addTime: true,
label: "userAuth:cookies",
});
}
const keyNames = (0, get_auth_cookie_names_1.default)({
userId: user_id,
database: database || process.env.DSQL_DB_NAME,
});
if (debug) {
console.log("userAuth:keyNames:", keyNames);
(0, debug_log_1.default)({
log: keyNames,
addTime: true,
label: "userAuth:keyNames",
});
}
const key = encryptedUserString
? encryptedUserString
: cookies[keyNames.keyCookieName];
if (debug) {
console.log("userAuth:key:", key);
(0, debug_log_1.default)({
log: key,
addTime: true,
label: "userAuth:key",
});
}
/**
* Grab the payload
@ -58,7 +71,11 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
encryptionSalt,
});
if (debug) {
console.log("userAuth:userPayloadJSON:", userPayloadJSON);
(0, debug_log_1.default)({
log: userPayloadJSON,
addTime: true,
label: "userAuth:userPayloadJSON",
});
}
/**
* Grab the payload
@ -73,15 +90,13 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
cookieNames: keyNames,
};
}
/**
* Grab the payload
*
* @description Grab the payload
*/
/** @type {import("../../types").DATASQUIREL_LoggedInUser} */
let userObject = JSON.parse(userPayloadJSON);
if (debug) {
console.log("userAuth:userObject:", userObject);
(0, debug_log_1.default)({
log: userObject,
addTime: true,
label: "userAuth:userObject",
});
}
if (!userObject.csrf_k) {
return {
@ -107,6 +122,21 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database
if ((level === null || level === void 0 ? void 0 : level.match(/deep/i)) && finalRequest) {
const finalCsrfHeaderName = csrfHeaderName || (0, get_csrf_header_name_1.default)();
if (finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k) {
(0, debug_log_1.default)({
log: finalCsrfHeaderName,
addTime: true,
label: "userAuth:finalCsrfHeaderName",
});
(0, debug_log_1.default)({
log: finalRequest.headers[finalCsrfHeaderName],
addTime: true,
label: "userAuth:finalRequest.headers[finalCsrfHeaderName]",
});
(0, debug_log_1.default)({
log: userObject,
addTime: true,
label: "userAuth:userObject",
});
return {
success: false,
payload: null,

2
package-shared/actions/get-csrf-header-name.ts
View File

@ -1,3 +1,3 @@
export default function getCsrfHeaderName() {
return "x-csrf-key";
return "x-dsql-csrf-key";
}

55
package-shared/actions/users/user-auth.ts
View File

@ -6,6 +6,7 @@ import parseCookies from "../../utils/backend/parseCookies";
import { AuthenticatedUser } from "../../types";
import getCsrfHeaderName from "../../actions/get-csrf-header-name";
import grabHostNames from "../../utils/grab-host-names";
import debugLog from "@/package-shared/utils/logging/debug-log";
const minuteInMilliseconds = 60000;
const hourInMilliseconds = minuteInMilliseconds * 60;
@ -60,7 +61,11 @@ export default function userAuth({
});
if (debug) {
console.log("userAuth:cookies:", cookies);
debugLog({
log: cookies,
addTime: true,
label: "userAuth:cookies",
});
}
const keyNames = getAuthCookieNames({
@ -69,7 +74,11 @@ export default function userAuth({
});
if (debug) {
console.log("userAuth:keyNames:", keyNames);
debugLog({
log: keyNames,
addTime: true,
label: "userAuth:keyNames",
});
}
const key = encryptedUserString
@ -77,7 +86,11 @@ export default function userAuth({
: cookies[keyNames.keyCookieName];
if (debug) {
console.log("userAuth:key:", key);
debugLog({
log: key,
addTime: true,
label: "userAuth:key",
});
}
/**
@ -92,7 +105,11 @@ export default function userAuth({
});
if (debug) {
console.log("userAuth:userPayloadJSON:", userPayloadJSON);
debugLog({
log: userPayloadJSON,
addTime: true,
label: "userAuth:userPayloadJSON",
});
}
/**
@ -109,18 +126,15 @@ export default function userAuth({
};
}
/**
* Grab the payload
*
* @description Grab the payload
*/
/** @type {import("../../types").DATASQUIREL_LoggedInUser} */
let userObject: import("../../types").DATASQUIREL_LoggedInUser =
JSON.parse(userPayloadJSON);
if (debug) {
console.log("userAuth:userObject:", userObject);
debugLog({
log: userObject,
addTime: true,
label: "userAuth:userObject",
});
}
if (!userObject.csrf_k) {
@ -148,9 +162,26 @@ export default function userAuth({
*/
if (level?.match(/deep/i) && finalRequest) {
const finalCsrfHeaderName = csrfHeaderName || getCsrfHeaderName();
if (
finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k
) {
debugLog({
log: finalCsrfHeaderName,
addTime: true,
label: "userAuth:finalCsrfHeaderName",
});
debugLog({
log: finalRequest.headers[finalCsrfHeaderName],
addTime: true,
label: "userAuth:finalRequest.headers[finalCsrfHeaderName]",
});
debugLog({
log: userObject,
addTime: true,
label: "userAuth:userObject",
});
return {
success: false,
payload: null,

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "@moduletrace/datasquirel",
"version": "4.5.0",
"version": "4.5.1",
"description": "Cloud-based SQL data management tool",
"main": "dist/index.js",
"bin": {