juice-shop
32 строки · 1.1 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import challengeUtils = require('../lib/challengeUtils')7import { type Request, type Response } from 'express'8
9const security = require('../lib/insecurity')10const cache = require('../data/datacache')11const challenges = cache.challenges12
13module.exports = function retrieveLoggedInUser () {14return (req: Request, res: Response) => {15let user16try {17if (security.verify(req.cookies.token)) {18user = security.authenticatedUsers.get(req.cookies.token)19}20} catch (err) {21user = undefined22} finally {23const response = { user: { id: (user?.data ? user.data.id : undefined), email: (user?.data ? user.data.email : undefined), lastLoginIp: (user?.data ? user.data.lastLoginIp : undefined), profileImage: (user?.data ? user.data.profileImage : undefined) } }24if (req.query.callback === undefined) {25res.json(response)26} else {27challengeUtils.solveIf(challenges.emailLeakChallenge, () => { return true })28res.jsonp(response)29}30}31}32}
33