mirror of
https://github.com/sasjs/server.git
synced 2025-12-10 11:24:35 +00:00
Compare commits
8 Commits
d0c7968d66
...
e51b20421a
| Author | SHA1 | Date | |
|---|---|---|---|
|
e51b20421a | ||
|
|
631e95604b | ||
|
|
198cd79354 | ||
|
|
379ea604bc | ||
|
|
9ffa403bcb | ||
|
|
6d123c3e23 | ||
|
|
dda1aadc67 | ||
|
|
d47cf15cdb |
6
.github/workflows/build.yml
vendored
6
.github/workflows/build.yml
vendored
@@ -5,7 +5,7 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
@@ -28,7 +28,7 @@ jobs:
|
|||||||
run: npm run lint-web
|
run: npm run lint-web
|
||||||
|
|
||||||
build-api:
|
build-api:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
@@ -66,7 +66,7 @@ jobs:
|
|||||||
CI: true
|
CI: true
|
||||||
|
|
||||||
build-web:
|
build-web:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
|
|||||||
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@@ -7,7 +7,7 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
|
|||||||
19683
api/package-lock.json
generated
19683
api/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -76,32 +76,32 @@
|
|||||||
"@types/cors": "^2.8.12",
|
"@types/cors": "^2.8.12",
|
||||||
"@types/express": "^4.17.12",
|
"@types/express": "^4.17.12",
|
||||||
"@types/express-session": "^1.17.4",
|
"@types/express-session": "^1.17.4",
|
||||||
"@types/jest": "^26.0.24",
|
"@types/jest": "^29.5.0",
|
||||||
"@types/jsonwebtoken": "^8.5.5",
|
"@types/jsonwebtoken": "^8.5.5",
|
||||||
"@types/ldapjs": "^2.2.4",
|
"@types/ldapjs": "^2.2.4",
|
||||||
"@types/morgan": "^1.9.3",
|
"@types/morgan": "^1.9.3",
|
||||||
"@types/multer": "^1.4.7",
|
"@types/multer": "^1.4.7",
|
||||||
"@types/node": "^15.12.2",
|
"@types/node": "^20.0.0",
|
||||||
"@types/supertest": "^2.0.11",
|
"@types/supertest": "^2.0.11",
|
||||||
"@types/swagger-ui-express": "^4.1.3",
|
"@types/swagger-ui-express": "^4.1.3",
|
||||||
"@types/unzipper": "^0.10.5",
|
"@types/unzipper": "^0.10.5",
|
||||||
"adm-zip": "^0.5.9",
|
"adm-zip": "^0.5.9",
|
||||||
"axios": "0.27.2",
|
"axios": "^1.12.2",
|
||||||
"csrf": "^3.1.0",
|
"csrf": "^3.1.0",
|
||||||
"dotenv": "^16.0.1",
|
"dotenv": "^16.0.1",
|
||||||
"http-headers-validation": "^0.0.1",
|
"http-headers-validation": "^0.0.1",
|
||||||
"jest": "^27.0.6",
|
"jest": "^29.7.0",
|
||||||
"mongodb-memory-server": "8.11.4",
|
"mongodb-memory-server": "8.11.4",
|
||||||
"nodejs-file-downloader": "4.10.2",
|
"nodejs-file-downloader": "4.10.2",
|
||||||
"nodemon": "^2.0.7",
|
"nodemon": "^3.0.0",
|
||||||
"pkg": "5.6.0",
|
"pkg": "5.6.0",
|
||||||
"prettier": "^2.3.1",
|
"prettier": "^3.0.0",
|
||||||
"rimraf": "^3.0.2",
|
"rimraf": "^3.0.2",
|
||||||
"supertest": "^6.1.3",
|
"supertest": "^6.1.3",
|
||||||
"ts-jest": "^27.0.3",
|
"ts-jest": "^29.1.0",
|
||||||
"ts-node": "^10.0.0",
|
"ts-node": "^10.0.0",
|
||||||
"tsoa": "3.14.1",
|
"tsoa": "3.14.1",
|
||||||
"typescript": "^4.3.2"
|
"typescript": "^5.0.0"
|
||||||
},
|
},
|
||||||
"nodemonConfig": {
|
"nodemonConfig": {
|
||||||
"ignore": [
|
"ignore": [
|
||||||
|
|||||||
@@ -234,9 +234,10 @@ const verifyAuthCode = async (
|
|||||||
jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
|
jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
|
||||||
if (err) return resolve(undefined)
|
if (err) return resolve(undefined)
|
||||||
|
|
||||||
|
const payload = data as InfoJWT
|
||||||
const clientInfo: InfoJWT = {
|
const clientInfo: InfoJWT = {
|
||||||
clientId: data?.clientId,
|
clientId: payload?.clientId,
|
||||||
userId: data?.userId
|
userId: payload?.userId
|
||||||
}
|
}
|
||||||
if (clientInfo.clientId === clientId) {
|
if (clientInfo.clientId === clientId) {
|
||||||
return resolve(clientInfo)
|
return resolve(clientInfo)
|
||||||
|
|||||||
@@ -106,7 +106,10 @@ const login = async (
|
|||||||
const rateLimiter = RateLimiter.getInstance()
|
const rateLimiter = RateLimiter.getInstance()
|
||||||
|
|
||||||
if (!validPass) {
|
if (!validPass) {
|
||||||
const retrySecs = await rateLimiter.consume(req.ip, user?.username)
|
const retrySecs = await rateLimiter.consume(
|
||||||
|
req.ip || 'unknown',
|
||||||
|
user?.username
|
||||||
|
)
|
||||||
if (retrySecs > 0) throw errors.tooManyRequests(retrySecs)
|
if (retrySecs > 0) throw errors.tooManyRequests(retrySecs)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -114,7 +117,7 @@ const login = async (
|
|||||||
if (!validPass) throw errors.invalidPassword
|
if (!validPass) throw errors.invalidPassword
|
||||||
|
|
||||||
// Reset on successful authorization
|
// Reset on successful authorization
|
||||||
rateLimiter.resetOnSuccess(req.ip, user.username)
|
rateLimiter.resetOnSuccess(req.ip || 'unknown', user.username)
|
||||||
|
|
||||||
req.session.loggedIn = true
|
req.session.loggedIn = true
|
||||||
req.session.user = {
|
req.session.user = {
|
||||||
|
|||||||
@@ -37,10 +37,10 @@ export const authenticateAccessToken: RequestHandler = async (
|
|||||||
if (user.isActive) {
|
if (user.isActive) {
|
||||||
req.user = user
|
req.user = user
|
||||||
return csrfProtection(req, res, nextFunction)
|
return csrfProtection(req, res, nextFunction)
|
||||||
} else return res.sendStatus(401)
|
} else return res.status(401).send('Unauthorized')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return res.sendStatus(401)
|
return res.status(401).send('Unauthorized')
|
||||||
}
|
}
|
||||||
|
|
||||||
await authenticateToken(
|
await authenticateToken(
|
||||||
@@ -118,6 +118,6 @@ const authenticateToken = async (
|
|||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
|
|
||||||
res.sendStatus(401)
|
res.status(401).send('Unauthorized')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ import { convertSecondsToHms } from '@sasjs/utils'
|
|||||||
import { RateLimiter } from '../utils'
|
import { RateLimiter } from '../utils'
|
||||||
|
|
||||||
export const bruteForceProtection: RequestHandler = async (req, res, next) => {
|
export const bruteForceProtection: RequestHandler = async (req, res, next) => {
|
||||||
const ip = req.ip
|
const ip = req.ip || 'unknown'
|
||||||
const username = req.body.username
|
const username = req.body.username
|
||||||
|
|
||||||
const rateLimiter = RateLimiter.getInstance()
|
const rateLimiter = RateLimiter.getInstance()
|
||||||
|
|||||||
@@ -277,7 +277,10 @@ const performLogin = async (
|
|||||||
.set('x-xsrf-token', csrfToken)
|
.set('x-xsrf-token', csrfToken)
|
||||||
.send(credentials)
|
.send(credentials)
|
||||||
|
|
||||||
return { authCookies: header['set-cookie'].join() }
|
return {
|
||||||
|
authCookies:
|
||||||
|
(header['set-cookie'] as unknown as string[] | undefined)?.join() || ''
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const extractCSRF = (text: string) =>
|
const extractCSRF = (text: string) =>
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
import jwt from 'jsonwebtoken'
|
import jwt from 'jsonwebtoken'
|
||||||
import User from '../model/User'
|
import User from '../model/User'
|
||||||
|
import { InfoJWT } from '../types/InfoJWT'
|
||||||
|
|
||||||
const isValidToken = async (
|
const isValidToken = async (
|
||||||
token: string,
|
token: string,
|
||||||
@@ -11,7 +12,8 @@ const isValidToken = async (
|
|||||||
jwt.verify(token, key, (err, decoded) => {
|
jwt.verify(token, key, (err, decoded) => {
|
||||||
if (err) return reject(false)
|
if (err) return reject(false)
|
||||||
|
|
||||||
if (decoded?.userId === userId && decoded?.clientId === clientId) {
|
const payload = decoded as InfoJWT
|
||||||
|
if (payload?.userId === userId && payload?.clientId === clientId) {
|
||||||
return resolve(true)
|
return resolve(true)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
12864
package-lock.json
generated
12864
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user