This commit is contained in:
Tben 2023-05-06 14:29:42 +01:00
parent 7e83ab8d0e
commit aa38ec7d37
3 changed files with 11 additions and 4 deletions

View File

@ -1,6 +1,6 @@
{
"name": "datasquirel",
"version": "1.0.8",
"version": "1.0.13",
"description": "Cloud-based SQL data management tool",
"main": "index.js",
"scripts": {

View File

@ -131,7 +131,7 @@ module.exports = async function ({ key, payload, database, response, encryptionK
encryptionSalt,
});
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf};samesite=strict;path=/;HttpOnly=true`]);
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.payload.csrf_k};samesite=strict;path=/;HttpOnly=true`]);
}
/** ********************************************** */

View File

@ -20,8 +20,15 @@ const decrypt = require("../functions/decrypt");
* @param {String} encryptionKey - Encryption Key
* @param {String} encryptionSalt - Encryption Salt
*/
module.exports = function ({ request, encryptionKey, encryptionSalt }) {
module.exports = function ({ request, encryptionKey, encryptionSalt, level }) {
try {
/**
* Grab the payload
*
* @description Grab the payload
*/
const csrf = request.cookies.csrf;
/**
* Grab the payload
*
@ -70,7 +77,7 @@ module.exports = function ({ request, encryptionKey, encryptionSalt }) {
*
* @description Grab the payload
*/
if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) {
if (level?.match(/deep/i) && !csrf?.match(new RegExp(`${userObject.csrf_k}`))) {
return {
success: false,
payload: null,