mirror of
https://github.com/sasjs/server.git
synced 2025-12-08 02:42:44 +00:00
Compare commits
8 Commits
d0c7968d66
...
e51b20421a
| Author | SHA1 | Date | |
|---|---|---|---|
|
e51b20421a | ||
|
|
631e95604b | ||
|
|
198cd79354 | ||
|
|
379ea604bc | ||
|
|
9ffa403bcb | ||
|
|
6d123c3e23 | ||
|
|
dda1aadc67 | ||
|
|
d47cf15cdb |
6
.github/workflows/build.yml
vendored
6
.github/workflows/build.yml
vendored
@@ -5,7 +5,7 @@ on:
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -28,7 +28,7 @@ jobs:
|
||||
run: npm run lint-web
|
||||
|
||||
build-api:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -66,7 +66,7 @@ jobs:
|
||||
CI: true
|
||||
|
||||
build-web:
|
||||
runs-on: ubuntu-20.04
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
|
||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@@ -7,7 +7,7 @@ on:
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
|
||||
19683
api/package-lock.json
generated
19683
api/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -76,32 +76,32 @@
|
||||
"@types/cors": "^2.8.12",
|
||||
"@types/express": "^4.17.12",
|
||||
"@types/express-session": "^1.17.4",
|
||||
"@types/jest": "^26.0.24",
|
||||
"@types/jest": "^29.5.0",
|
||||
"@types/jsonwebtoken": "^8.5.5",
|
||||
"@types/ldapjs": "^2.2.4",
|
||||
"@types/morgan": "^1.9.3",
|
||||
"@types/multer": "^1.4.7",
|
||||
"@types/node": "^15.12.2",
|
||||
"@types/node": "^20.0.0",
|
||||
"@types/supertest": "^2.0.11",
|
||||
"@types/swagger-ui-express": "^4.1.3",
|
||||
"@types/unzipper": "^0.10.5",
|
||||
"adm-zip": "^0.5.9",
|
||||
"axios": "0.27.2",
|
||||
"axios": "^1.12.2",
|
||||
"csrf": "^3.1.0",
|
||||
"dotenv": "^16.0.1",
|
||||
"http-headers-validation": "^0.0.1",
|
||||
"jest": "^27.0.6",
|
||||
"jest": "^29.7.0",
|
||||
"mongodb-memory-server": "8.11.4",
|
||||
"nodejs-file-downloader": "4.10.2",
|
||||
"nodemon": "^2.0.7",
|
||||
"nodemon": "^3.0.0",
|
||||
"pkg": "5.6.0",
|
||||
"prettier": "^2.3.1",
|
||||
"prettier": "^3.0.0",
|
||||
"rimraf": "^3.0.2",
|
||||
"supertest": "^6.1.3",
|
||||
"ts-jest": "^27.0.3",
|
||||
"ts-jest": "^29.1.0",
|
||||
"ts-node": "^10.0.0",
|
||||
"tsoa": "3.14.1",
|
||||
"typescript": "^4.3.2"
|
||||
"typescript": "^5.0.0"
|
||||
},
|
||||
"nodemonConfig": {
|
||||
"ignore": [
|
||||
|
||||
@@ -234,9 +234,10 @@ const verifyAuthCode = async (
|
||||
jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
|
||||
if (err) return resolve(undefined)
|
||||
|
||||
const payload = data as InfoJWT
|
||||
const clientInfo: InfoJWT = {
|
||||
clientId: data?.clientId,
|
||||
userId: data?.userId
|
||||
clientId: payload?.clientId,
|
||||
userId: payload?.userId
|
||||
}
|
||||
if (clientInfo.clientId === clientId) {
|
||||
return resolve(clientInfo)
|
||||
|
||||
@@ -106,7 +106,10 @@ const login = async (
|
||||
const rateLimiter = RateLimiter.getInstance()
|
||||
|
||||
if (!validPass) {
|
||||
const retrySecs = await rateLimiter.consume(req.ip, user?.username)
|
||||
const retrySecs = await rateLimiter.consume(
|
||||
req.ip || 'unknown',
|
||||
user?.username
|
||||
)
|
||||
if (retrySecs > 0) throw errors.tooManyRequests(retrySecs)
|
||||
}
|
||||
|
||||
@@ -114,7 +117,7 @@ const login = async (
|
||||
if (!validPass) throw errors.invalidPassword
|
||||
|
||||
// Reset on successful authorization
|
||||
rateLimiter.resetOnSuccess(req.ip, user.username)
|
||||
rateLimiter.resetOnSuccess(req.ip || 'unknown', user.username)
|
||||
|
||||
req.session.loggedIn = true
|
||||
req.session.user = {
|
||||
|
||||
@@ -37,10 +37,10 @@ export const authenticateAccessToken: RequestHandler = async (
|
||||
if (user.isActive) {
|
||||
req.user = user
|
||||
return csrfProtection(req, res, nextFunction)
|
||||
} else return res.sendStatus(401)
|
||||
} else return res.status(401).send('Unauthorized')
|
||||
}
|
||||
}
|
||||
return res.sendStatus(401)
|
||||
return res.status(401).send('Unauthorized')
|
||||
}
|
||||
|
||||
await authenticateToken(
|
||||
@@ -118,6 +118,6 @@ const authenticateToken = async (
|
||||
return next()
|
||||
}
|
||||
|
||||
res.sendStatus(401)
|
||||
res.status(401).send('Unauthorized')
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@ import { convertSecondsToHms } from '@sasjs/utils'
|
||||
import { RateLimiter } from '../utils'
|
||||
|
||||
export const bruteForceProtection: RequestHandler = async (req, res, next) => {
|
||||
const ip = req.ip
|
||||
const ip = req.ip || 'unknown'
|
||||
const username = req.body.username
|
||||
|
||||
const rateLimiter = RateLimiter.getInstance()
|
||||
|
||||
@@ -277,7 +277,10 @@ const performLogin = async (
|
||||
.set('x-xsrf-token', csrfToken)
|
||||
.send(credentials)
|
||||
|
||||
return { authCookies: header['set-cookie'].join() }
|
||||
return {
|
||||
authCookies:
|
||||
(header['set-cookie'] as unknown as string[] | undefined)?.join() || ''
|
||||
}
|
||||
}
|
||||
|
||||
const extractCSRF = (text: string) =>
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import jwt from 'jsonwebtoken'
|
||||
import User from '../model/User'
|
||||
import { InfoJWT } from '../types/InfoJWT'
|
||||
|
||||
const isValidToken = async (
|
||||
token: string,
|
||||
@@ -11,7 +12,8 @@ const isValidToken = async (
|
||||
jwt.verify(token, key, (err, decoded) => {
|
||||
if (err) return reject(false)
|
||||
|
||||
if (decoded?.userId === userId && decoded?.clientId === clientId) {
|
||||
const payload = decoded as InfoJWT
|
||||
if (payload?.userId === userId && payload?.clientId === clientId) {
|
||||
return resolve(true)
|
||||
}
|
||||
|
||||
|
||||
12864
package-lock.json
generated
12864
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user