diff --git a/dist/package-shared/actions/get-csrf-header-name.js b/dist/package-shared/actions/get-csrf-header-name.js index 6c9a7b9..14780b6 100644 --- a/dist/package-shared/actions/get-csrf-header-name.js +++ b/dist/package-shared/actions/get-csrf-header-name.js @@ -2,5 +2,5 @@ Object.defineProperty(exports, "__esModule", { value: true }); exports.default = getCsrfHeaderName; function getCsrfHeaderName() { - return "x-csrf-key"; + return "x-dsql-csrf-key"; } diff --git a/dist/package-shared/actions/users/user-auth.js b/dist/package-shared/actions/users/user-auth.js index 75c65e5..170f768 100644 --- a/dist/package-shared/actions/users/user-auth.js +++ b/dist/package-shared/actions/users/user-auth.js @@ -10,6 +10,7 @@ const write_auth_files_1 = require("../../functions/backend/auth/write-auth-file const parseCookies_1 = __importDefault(require("../../utils/backend/parseCookies")); const get_csrf_header_name_1 = __importDefault(require("../../actions/get-csrf-header-name")); const grab_host_names_1 = __importDefault(require("../../utils/grab-host-names")); +const debug_log_1 = __importDefault(require("@/package-shared/utils/logging/debug-log")); const minuteInMilliseconds = 60000; const hourInMilliseconds = minuteInMilliseconds * 60; const dayInMilliseconds = hourInMilliseconds * 24; @@ -32,20 +33,32 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database cookieString, }); if (debug) { - console.log("userAuth:cookies:", cookies); + (0, debug_log_1.default)({ + log: cookies, + addTime: true, + label: "userAuth:cookies", + }); } const keyNames = (0, get_auth_cookie_names_1.default)({ userId: user_id, database: database || process.env.DSQL_DB_NAME, }); if (debug) { - console.log("userAuth:keyNames:", keyNames); + (0, debug_log_1.default)({ + log: keyNames, + addTime: true, + label: "userAuth:keyNames", + }); } const key = encryptedUserString ? encryptedUserString : cookies[keyNames.keyCookieName]; if (debug) { - console.log("userAuth:key:", key); + (0, debug_log_1.default)({ + log: key, + addTime: true, + label: "userAuth:key", + }); } /** * Grab the payload @@ -58,7 +71,11 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database encryptionSalt, }); if (debug) { - console.log("userAuth:userPayloadJSON:", userPayloadJSON); + (0, debug_log_1.default)({ + log: userPayloadJSON, + addTime: true, + label: "userAuth:userPayloadJSON", + }); } /** * Grab the payload @@ -73,15 +90,13 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database cookieNames: keyNames, }; } - /** - * Grab the payload - * - * @description Grab the payload - */ - /** @type {import("../../types").DATASQUIREL_LoggedInUser} */ let userObject = JSON.parse(userPayloadJSON); if (debug) { - console.log("userAuth:userObject:", userObject); + (0, debug_log_1.default)({ + log: userObject, + addTime: true, + label: "userAuth:userObject", + }); } if (!userObject.csrf_k) { return { @@ -107,6 +122,21 @@ function userAuth({ request, req, encryptionKey, encryptionSalt, level, database if ((level === null || level === void 0 ? void 0 : level.match(/deep/i)) && finalRequest) { const finalCsrfHeaderName = csrfHeaderName || (0, get_csrf_header_name_1.default)(); if (finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k) { + (0, debug_log_1.default)({ + log: finalCsrfHeaderName, + addTime: true, + label: "userAuth:finalCsrfHeaderName", + }); + (0, debug_log_1.default)({ + log: finalRequest.headers[finalCsrfHeaderName], + addTime: true, + label: "userAuth:finalRequest.headers[finalCsrfHeaderName]", + }); + (0, debug_log_1.default)({ + log: userObject, + addTime: true, + label: "userAuth:userObject", + }); return { success: false, payload: null, diff --git a/package-shared/actions/get-csrf-header-name.ts b/package-shared/actions/get-csrf-header-name.ts index bf5024b..abd3000 100644 --- a/package-shared/actions/get-csrf-header-name.ts +++ b/package-shared/actions/get-csrf-header-name.ts @@ -1,3 +1,3 @@ export default function getCsrfHeaderName() { - return "x-csrf-key"; + return "x-dsql-csrf-key"; } diff --git a/package-shared/actions/users/user-auth.ts b/package-shared/actions/users/user-auth.ts index 42941e9..2eed28b 100644 --- a/package-shared/actions/users/user-auth.ts +++ b/package-shared/actions/users/user-auth.ts @@ -6,6 +6,7 @@ import parseCookies from "../../utils/backend/parseCookies"; import { AuthenticatedUser } from "../../types"; import getCsrfHeaderName from "../../actions/get-csrf-header-name"; import grabHostNames from "../../utils/grab-host-names"; +import debugLog from "@/package-shared/utils/logging/debug-log"; const minuteInMilliseconds = 60000; const hourInMilliseconds = minuteInMilliseconds * 60; @@ -60,7 +61,11 @@ export default function userAuth({ }); if (debug) { - console.log("userAuth:cookies:", cookies); + debugLog({ + log: cookies, + addTime: true, + label: "userAuth:cookies", + }); } const keyNames = getAuthCookieNames({ @@ -69,7 +74,11 @@ export default function userAuth({ }); if (debug) { - console.log("userAuth:keyNames:", keyNames); + debugLog({ + log: keyNames, + addTime: true, + label: "userAuth:keyNames", + }); } const key = encryptedUserString @@ -77,7 +86,11 @@ export default function userAuth({ : cookies[keyNames.keyCookieName]; if (debug) { - console.log("userAuth:key:", key); + debugLog({ + log: key, + addTime: true, + label: "userAuth:key", + }); } /** @@ -92,7 +105,11 @@ export default function userAuth({ }); if (debug) { - console.log("userAuth:userPayloadJSON:", userPayloadJSON); + debugLog({ + log: userPayloadJSON, + addTime: true, + label: "userAuth:userPayloadJSON", + }); } /** @@ -109,18 +126,15 @@ export default function userAuth({ }; } - /** - * Grab the payload - * - * @description Grab the payload - */ - - /** @type {import("../../types").DATASQUIREL_LoggedInUser} */ let userObject: import("../../types").DATASQUIREL_LoggedInUser = JSON.parse(userPayloadJSON); if (debug) { - console.log("userAuth:userObject:", userObject); + debugLog({ + log: userObject, + addTime: true, + label: "userAuth:userObject", + }); } if (!userObject.csrf_k) { @@ -148,9 +162,26 @@ export default function userAuth({ */ if (level?.match(/deep/i) && finalRequest) { const finalCsrfHeaderName = csrfHeaderName || getCsrfHeaderName(); + if ( finalRequest.headers[finalCsrfHeaderName] !== userObject.csrf_k ) { + debugLog({ + log: finalCsrfHeaderName, + addTime: true, + label: "userAuth:finalCsrfHeaderName", + }); + debugLog({ + log: finalRequest.headers[finalCsrfHeaderName], + addTime: true, + label: "userAuth:finalRequest.headers[finalCsrfHeaderName]", + }); + debugLog({ + log: userObject, + addTime: true, + label: "userAuth:userObject", + }); + return { success: false, payload: null, diff --git a/package.json b/package.json index da38ac8..2c86b77 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@moduletrace/datasquirel", - "version": "4.5.0", + "version": "4.5.1", "description": "Cloud-based SQL data management tool", "main": "dist/index.js", "bin": {