updates
This commit is contained in:
parent
47f6e8331e
commit
f8633b839e
21
functions/decrypt.js
Normal file
21
functions/decrypt.js
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
const { scryptSync, createDecipheriv } = require("crypto");
|
||||||
|
const { Buffer } = require("buffer");
|
||||||
|
|
||||||
|
const decrypt = ({ encryptedString, encryptionKey, encryptionSalt }) => {
|
||||||
|
const algorithm = "aes-192-cbc";
|
||||||
|
const password = encryptionKey;
|
||||||
|
|
||||||
|
let key = scryptSync(password, encryptionSalt, 24);
|
||||||
|
let iv = Buffer.alloc(16, 0);
|
||||||
|
const decipher = createDecipheriv(algorithm, key, iv);
|
||||||
|
|
||||||
|
try {
|
||||||
|
let decrypted = decipher.update(encryptedString, "hex", "utf8");
|
||||||
|
decrypted += decipher.final("utf8");
|
||||||
|
return decrypted;
|
||||||
|
} catch (error) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = decrypt;
|
21
functions/encrypt.js
Normal file
21
functions/encrypt.js
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
const { scryptSync, createCipheriv } = require("crypto");
|
||||||
|
const { Buffer } = require("buffer");
|
||||||
|
|
||||||
|
const encrypt = ({ data, encryptionKey, encryptionSalt }) => {
|
||||||
|
const algorithm = "aes-192-cbc";
|
||||||
|
const password = encryptionKey;
|
||||||
|
|
||||||
|
let key = scryptSync(password, encryptionSalt, 24);
|
||||||
|
let iv = Buffer.alloc(16, 0);
|
||||||
|
const cipher = createCipheriv(algorithm, key, iv);
|
||||||
|
|
||||||
|
try {
|
||||||
|
let encrypted = cipher.update(data, "utf8", "hex");
|
||||||
|
encrypted += cipher.final("hex");
|
||||||
|
return encrypted;
|
||||||
|
} catch (error) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = encrypt;
|
8
index.js
8
index.js
@ -6,6 +6,10 @@
|
|||||||
const get = require("./utils/get");
|
const get = require("./utils/get");
|
||||||
const post = require("./utils/post");
|
const post = require("./utils/post");
|
||||||
const uploadImage = require("./utils/upload-image");
|
const uploadImage = require("./utils/upload-image");
|
||||||
|
const createUser = require("./users/add-user");
|
||||||
|
const loginUser = require("./users/login-user");
|
||||||
|
const logoutUser = require("./users/logout-user");
|
||||||
|
const userAuth = require("./users/user-auth");
|
||||||
|
|
||||||
/** ****************************************************************************** */
|
/** ****************************************************************************** */
|
||||||
/** ****************************************************************************** */
|
/** ****************************************************************************** */
|
||||||
@ -24,6 +28,10 @@ const datasquirel = {
|
|||||||
get: get,
|
get: get,
|
||||||
post: post,
|
post: post,
|
||||||
uploadImage: uploadImage,
|
uploadImage: uploadImage,
|
||||||
|
createUser: createUser,
|
||||||
|
loginUser: loginUser,
|
||||||
|
logoutUser: logoutUser,
|
||||||
|
userAuth: userAuth,
|
||||||
};
|
};
|
||||||
|
|
||||||
module.exports = datasquirel;
|
module.exports = datasquirel;
|
||||||
|
88
users/add-user.js
Normal file
88
users/add-user.js
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Imports
|
||||||
|
* ==============================================================================
|
||||||
|
*/
|
||||||
|
const https = require("https");
|
||||||
|
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Main Function
|
||||||
|
* ==============================================================================
|
||||||
|
* @param {String} key - API Key
|
||||||
|
* @param {String} database - Target Database
|
||||||
|
* @param {String | Object} payload - SQL query String or Request Object. Eg. {
|
||||||
|
action: "insert | update | delete",
|
||||||
|
data: {
|
||||||
|
user_id: user.id,
|
||||||
|
user_first_name: user.first_name,
|
||||||
|
user_last_name: user.last_name,
|
||||||
|
},
|
||||||
|
table: "posts",
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
module.exports = async function ({ key, payload, database }) {
|
||||||
|
/**
|
||||||
|
* Make https request
|
||||||
|
*
|
||||||
|
* @description make a request to datasquirel.com
|
||||||
|
*/
|
||||||
|
const httpResponse = await new Promise((resolve, reject) => {
|
||||||
|
https
|
||||||
|
.request(
|
||||||
|
{
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
Authorization: key,
|
||||||
|
},
|
||||||
|
port: 443,
|
||||||
|
hostname: "datasquirel.com",
|
||||||
|
path: `/api/user/add-user`,
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Callback Function
|
||||||
|
*
|
||||||
|
* @description https request callback
|
||||||
|
*/
|
||||||
|
(response) => {
|
||||||
|
var str = "";
|
||||||
|
|
||||||
|
response.on("data", function (chunk) {
|
||||||
|
str += chunk;
|
||||||
|
});
|
||||||
|
|
||||||
|
response.on("end", function () {
|
||||||
|
resolve(JSON.parse(str));
|
||||||
|
});
|
||||||
|
|
||||||
|
response.on("error", (err) => {
|
||||||
|
reject(err);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
)
|
||||||
|
.write({
|
||||||
|
payload,
|
||||||
|
database,
|
||||||
|
})
|
||||||
|
.end();
|
||||||
|
});
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
return httpResponse;
|
||||||
|
};
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
143
users/login-user.js
Normal file
143
users/login-user.js
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Imports
|
||||||
|
* ==============================================================================
|
||||||
|
*/
|
||||||
|
const https = require("https");
|
||||||
|
const encrypt = require("../functions/encrypt");
|
||||||
|
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Main Function
|
||||||
|
* ==============================================================================
|
||||||
|
* @param {String} key - API Key
|
||||||
|
* @param {String} database - Target Database
|
||||||
|
* @param {Object} payload - SQL query String or Request Object. Eg. {
|
||||||
|
action: "insert | update | delete",
|
||||||
|
data: {
|
||||||
|
user_id: user.id,
|
||||||
|
user_first_name: user.first_name,
|
||||||
|
user_last_name: user.last_name,
|
||||||
|
},
|
||||||
|
table: "posts",
|
||||||
|
}
|
||||||
|
* @param {Object} response - Http response object
|
||||||
|
* @param {String} encryptionKey - Encryption Key
|
||||||
|
* @param {String} encryptionSalt - Encryption Salt
|
||||||
|
*/
|
||||||
|
module.exports = async function ({ key, payload, database, response, encryptionKey, encryptionSalt }) {
|
||||||
|
/**
|
||||||
|
* Check Encryption Keys
|
||||||
|
*
|
||||||
|
* @description Check Encryption Keys
|
||||||
|
*/
|
||||||
|
if (!encryptionKey?.match(/./))
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "Encryption Key Required",
|
||||||
|
};
|
||||||
|
|
||||||
|
if (!encryptionSalt?.match(/./))
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "Encryption Salt Required",
|
||||||
|
};
|
||||||
|
|
||||||
|
if (encryptionKey.length < 24)
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "Encryption Key must be at least 24 characters",
|
||||||
|
};
|
||||||
|
|
||||||
|
if (encryptionSalt.length < 8)
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "Encryption Salt must be at least 8 characters",
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make https request
|
||||||
|
*
|
||||||
|
* @description make a request to datasquirel.com
|
||||||
|
*/
|
||||||
|
const httpResponse = await new Promise((resolve, reject) => {
|
||||||
|
https
|
||||||
|
.request(
|
||||||
|
{
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
Authorization: key,
|
||||||
|
},
|
||||||
|
port: 443,
|
||||||
|
hostname: "datasquirel.com",
|
||||||
|
path: `/api/user/login-user`,
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Callback Function
|
||||||
|
*
|
||||||
|
* @description https request callback
|
||||||
|
*/
|
||||||
|
(response) => {
|
||||||
|
var str = "";
|
||||||
|
|
||||||
|
response.on("data", function (chunk) {
|
||||||
|
str += chunk;
|
||||||
|
});
|
||||||
|
|
||||||
|
response.on("end", function () {
|
||||||
|
resolve(JSON.parse(str));
|
||||||
|
});
|
||||||
|
|
||||||
|
response.on("error", (err) => {
|
||||||
|
reject(err);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
)
|
||||||
|
.write({
|
||||||
|
payload,
|
||||||
|
database,
|
||||||
|
})
|
||||||
|
.end();
|
||||||
|
});
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/**
|
||||||
|
* Make https request
|
||||||
|
*
|
||||||
|
* @description make a request to datasquirel.com
|
||||||
|
*/
|
||||||
|
if (httpResponse?.success) {
|
||||||
|
let encryptedPayload = encrypt({
|
||||||
|
data: JSON.stringify(httpResponse.payload),
|
||||||
|
encryptionKey,
|
||||||
|
encryptionSalt,
|
||||||
|
});
|
||||||
|
|
||||||
|
response.setHeader("Set-Cookie", [`datasquirelAuthKey=${encryptedPayload};samesite=strict;path=/;HttpOnly=true;Secure=true`, `csrf=${httpResponse.csrf};samesite=strict;path=/;HttpOnly=true`]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
return httpResponse;
|
||||||
|
};
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
40
users/logout-user.js
Normal file
40
users/logout-user.js
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Imports
|
||||||
|
* ==============================================================================
|
||||||
|
*/
|
||||||
|
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Main Function
|
||||||
|
* ==============================================================================
|
||||||
|
* @param {Object} response - Http response object
|
||||||
|
*/
|
||||||
|
module.exports = async function ({ response }) {
|
||||||
|
/**
|
||||||
|
* Check Encryption Keys
|
||||||
|
*
|
||||||
|
* @description Check Encryption Keys
|
||||||
|
*/
|
||||||
|
response.setHeader("Set-Cookie", ["datasquirelAuthKey=none;max-age=0", "usertype=none;max-age=0", `refresh_properties=1;Max-Age=7000`]);
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
return {
|
||||||
|
success: true,
|
||||||
|
payload: "User Logged Out",
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
97
users/user-auth.js
Normal file
97
users/user-auth.js
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Imports
|
||||||
|
* ==============================================================================
|
||||||
|
*/
|
||||||
|
const decrypt = require("../functions/decrypt");
|
||||||
|
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
/** ****************************************************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ==============================================================================
|
||||||
|
* Main Function
|
||||||
|
* ==============================================================================
|
||||||
|
* @param {Object} request - Http request object
|
||||||
|
* @param {String} encryptionKey - Encryption Key
|
||||||
|
* @param {String} encryptionSalt - Encryption Salt
|
||||||
|
*/
|
||||||
|
module.exports = async function ({ request, encryptionKey, encryptionSalt }) {
|
||||||
|
/**
|
||||||
|
* Grab the payload
|
||||||
|
*
|
||||||
|
* @description Grab the payload
|
||||||
|
*/
|
||||||
|
let userPayload = decrypt({
|
||||||
|
encryptedString: request.cookies.datasquirelAuthKey,
|
||||||
|
encryptionKey,
|
||||||
|
encryptionSalt,
|
||||||
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Grab the payload
|
||||||
|
*
|
||||||
|
* @description Grab the payload
|
||||||
|
*/
|
||||||
|
if (!userPayload) {
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "Couldn't Decrypt cookie",
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Grab the payload
|
||||||
|
*
|
||||||
|
* @description Grab the payload
|
||||||
|
*/
|
||||||
|
let userObject = JSON.parse(userPayload);
|
||||||
|
|
||||||
|
if (!userObject.csrf_k) {
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "No CSRF_K in decrypted payload",
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Grab the payload
|
||||||
|
*
|
||||||
|
* @description Grab the payload
|
||||||
|
*/
|
||||||
|
if (csrf && !req.headers["x-csrf-auth"]?.match(new RegExp(`${userObject.csrf_k}`))) {
|
||||||
|
return {
|
||||||
|
success: false,
|
||||||
|
payload: null,
|
||||||
|
msg: "CSRF_K requested but does not match payload",
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return User Object
|
||||||
|
*
|
||||||
|
* @description Return User Object
|
||||||
|
*/
|
||||||
|
return {
|
||||||
|
success: true,
|
||||||
|
payload: userObject,
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
||||||
|
/** ********************************************** */
|
Loading…
Reference in New Issue
Block a user