juice-shop
37 строк · 1.1 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5import { type Request, type Response, type NextFunction } from 'express'
6import { UserModel } from '../models/user'
7import { decode } from 'jsonwebtoken'
8import * as security from '../lib/insecurity'
9
10async function retrieveUserList (req: Request, res: Response, next: NextFunction) {
11try {
12const users = await UserModel.findAll()
13
14res.json({
15status: 'success',
16data: users.map((user) => {
17const userToken = security.authenticatedUsers.tokenOf(user)
18let lastLoginTime: number | null = null
19if (userToken) {
20const parsedToken = decode(userToken, { json: true })
21lastLoginTime = parsedToken ? Math.floor(new Date(parsedToken?.iat ?? 0 * 1000).getTime()) : null
22}
23
24return {
25...user.dataValues,
26password: user.password?.replace(/./g, '*'),
27totpSecret: user.totpSecret?.replace(/./g, '*'),
28lastLoginTime
29}
30})
31})
32} catch (error) {
33next(error)
34}
35}
36
37export default () => retrieveUserList
38