From aa38ec7d378b87f747844b5f992d10810409f266 Mon Sep 17 00:00:00 2001 From: Tben <52448020+BenjaminToby@users.noreply.github.com> Date: Sat, 6 May 2023 14:29:42 +0100 Subject: [PATCH] updates --- package.json | 2 +- users/login-user.js | 2 +- users/user-auth.js | 11 +++++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index c809ad6..d9dbfae 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "datasquirel", - "version": "1.0.8", + "version": "1.0.13", "description": "Cloud-based SQL data management tool", "main": "index.js", "scripts": { diff --git a/users/login-user.js b/users/login-user.js index 4ef3829..b30025d 100644 --- a/users/login-user.js +++ b/users/login-user.js @@ -131,7 +131,7 @@ module.exports = async function ({ key, payload, database, response, encryptionK encryptionSalt, }); - response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf};samesite=strict;path=/;HttpOnly=true`]); + response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`]); } /** ********************************************** */ diff --git a/users/user-auth.js b/users/user-auth.js index 9111004..3530a11 100644 --- a/users/user-auth.js +++ b/users/user-auth.js @@ -20,8 +20,15 @@ const decrypt = require("../functions/decrypt"); * @param {String} encryptionKey - Encryption Key * @param {String} encryptionSalt - Encryption Salt */ -module.exports = function ({ request, encryptionKey, encryptionSalt }) { +module.exports = function ({ request, encryptionKey, encryptionSalt, level }) { try { + /** + * Grab the payload + * + * @description Grab the payload + */ + const csrf = request.cookies.csrf; + /** * Grab the payload * @@ -70,7 +77,7 @@ module.exports = function ({ request, encryptionKey, encryptionSalt }) { * * @description Grab the payload */ - if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) { + if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) { return { success: false, payload: null,