148 lines
4.6 KiB
JavaScript
148 lines
4.6 KiB
JavaScript
// @ts-check
|
|
|
|
/**
|
|
* ==============================================================================
|
|
* Imports
|
|
* ==============================================================================
|
|
*/
|
|
const http = require("http");
|
|
const decrypt = require("../functions/decrypt");
|
|
const parseCookies = require("../utils/functions/parseCookies");
|
|
|
|
/** ****************************************************************************** */
|
|
/** ****************************************************************************** */
|
|
/** ****************************************************************************** */
|
|
/** ****************************************************************************** */
|
|
/** ****************************************************************************** */
|
|
/** ****************************************************************************** */
|
|
|
|
/**
|
|
* Authenticate User from request
|
|
* ==============================================================================
|
|
* @description This Function takes in a request object and returns a user object
|
|
* with the user's data
|
|
*
|
|
* @param {Object} params - Arg
|
|
* @param {http.IncomingMessage} params.request - Http request object
|
|
* @param {string} params.encryptionKey - Encryption Key
|
|
* @param {string} params.encryptionSalt - Encryption Salt
|
|
* @param {("deep" | "normal")} [params.level] - Optional. "Deep" value indicates an extra layer of security
|
|
* @param {string} params.database - Database Name
|
|
* @param {string} [params.token] - access token to use instead of getting from cookie header
|
|
*
|
|
* @returns { import("@/package-shared/types").AuthenticatedUser }
|
|
*/
|
|
function userAuth({
|
|
request,
|
|
encryptionKey,
|
|
encryptionSalt,
|
|
level,
|
|
database,
|
|
token,
|
|
}) {
|
|
try {
|
|
/**
|
|
* Grab the payload
|
|
*
|
|
* @description Grab the payload
|
|
*/
|
|
const cookies = parseCookies({ request });
|
|
const dsqluid = cookies.dsqluid;
|
|
const authKeyName = `datasquirel_${dsqluid}_${database}_auth_key`;
|
|
const csrfName = `datasquirel_${dsqluid}_${database}_csrf`;
|
|
|
|
const key = token ? token : cookies[authKeyName];
|
|
const csrf = cookies[csrfName];
|
|
|
|
/**
|
|
* Grab the payload
|
|
*
|
|
* @description Grab the payload
|
|
*/
|
|
let userPayload = decrypt({
|
|
encryptedString: key,
|
|
encryptionKey,
|
|
encryptionSalt,
|
|
});
|
|
|
|
/**
|
|
* Grab the payload
|
|
*
|
|
* @description Grab the payload
|
|
*/
|
|
if (!userPayload) {
|
|
return {
|
|
success: false,
|
|
payload: null,
|
|
msg: "Couldn't Decrypt cookie",
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Grab the payload
|
|
*
|
|
* @description Grab the payload
|
|
*/
|
|
let userObject = JSON.parse(userPayload);
|
|
|
|
if (!userObject.csrf_k) {
|
|
return {
|
|
success: false,
|
|
payload: null,
|
|
msg: "No CSRF_K in decrypted payload",
|
|
};
|
|
}
|
|
|
|
/** ********************************************** */
|
|
/** ********************************************** */
|
|
/** ********************************************** */
|
|
|
|
/**
|
|
* Grab the payload
|
|
*
|
|
* @description Grab the payload
|
|
*/
|
|
if (
|
|
level?.match(/deep/i) &&
|
|
!csrf?.match(new RegExp(`${userObject.csrf_k}`))
|
|
) {
|
|
return {
|
|
success: false,
|
|
payload: null,
|
|
msg: "CSRF_K requested but does not match payload",
|
|
};
|
|
}
|
|
|
|
/** ********************************************** */
|
|
/** ********************************************** */
|
|
/** ********************************************** */
|
|
|
|
/**
|
|
* Return User Object
|
|
*
|
|
* @description Return User Object
|
|
*/
|
|
return {
|
|
success: true,
|
|
payload: userObject,
|
|
};
|
|
} catch (/** @type {any} */ error) {
|
|
/**
|
|
* Return User Object
|
|
*
|
|
* @description Return User Object
|
|
*/
|
|
return {
|
|
success: false,
|
|
payload: null,
|
|
msg: error.message,
|
|
};
|
|
}
|
|
}
|
|
|
|
/** ********************************************** */
|
|
/** ********************************************** */
|
|
/** ********************************************** */
|
|
|
|
module.exports = userAuth;
|