juice-shop

1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5

6
import challengeUtils = require('../lib/challengeUtils')
7
import { type Request, type Response } from 'express'
8

9
const security = require('../lib/insecurity')
10
const cache = require('../data/datacache')
11
const challenges = cache.challenges
12

13
module.exports = function retrieveLoggedInUser () {
14
  return (req: Request, res: Response) => {
15
    let user
16
    try {
17
      if (security.verify(req.cookies.token)) {
18
        user = security.authenticatedUsers.get(req.cookies.token)
19
      }
20
    } catch (err) {
21
      user = undefined
22
    } finally {
23
      const response = { user: { id: (user?.data ? user.data.id : undefined), email: (user?.data ? user.data.email : undefined), lastLoginIp: (user?.data ? user.data.lastLoginIp : undefined), profileImage: (user?.data ? user.data.profileImage : undefined) } }
24
      if (req.query.callback === undefined) {
25
        res.json(response)
26
      } else {
27
        challengeUtils.solveIf(challenges.emailLeakChallenge, () => { return true })
28
        res.jsonp(response)
29
      }
30
    }
31
  }
32
}
33