Compare commits

...

2 Commits

Author SHA1 Message Date
Renovate Bot
db2e5a7111 Update dependency vite to v7.3.1 2026-01-19 17:04:24 +00:00
f3dba4c483 remove csrf 2026-01-19 17:15:34 +01:00
7 changed files with 78 additions and 220 deletions

View File

@ -1,10 +1,8 @@
use crate::auth_persistence::AuthStorage; use crate::auth_persistence::AuthStorage;
use crate::csrf::{CsrfState, set_csrf_cookie};
use crate::items; use crate::items;
use crate::proto_utils::Proto; use crate::proto_utils::Proto;
use rocket::State; use rocket::State;
use rocket::futures::lock::Mutex; use rocket::futures::lock::Mutex;
use rocket::http::CookieJar;
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
use uuid::Uuid; use uuid::Uuid;
@ -130,9 +128,7 @@ impl<'r> rocket::request::FromRequest<'r> for AdminToken {
#[post("/login", data = "<request>")] #[post("/login", data = "<request>")]
pub async fn login( pub async fn login(
state: &State<AuthState>, state: &State<AuthState>,
csrf_state: &State<CsrfState>,
user_list: &State<Mutex<Vec<crate::User>>>, user_list: &State<Mutex<Vec<crate::User>>>,
jar: &CookieJar<'_>,
request: Proto<items::LoginRequest>, request: Proto<items::LoginRequest>,
) -> items::LoginResponse { ) -> items::LoginResponse {
let req = request.into_inner(); let req = request.into_inner();
@ -148,9 +144,6 @@ pub async fn login(
tokens.insert(token.clone(), req.username.clone()); tokens.insert(token.clone(), req.username.clone());
state.storage.save_tokens(&tokens); state.storage.save_tokens(&tokens);
let csrf_token = csrf_state.generate_token();
set_csrf_cookie(jar, &csrf_token);
return items::LoginResponse { return items::LoginResponse {
token, token,
success: true, success: true,
@ -191,8 +184,6 @@ pub async fn logout(
pub async fn get_auth_status( pub async fn get_auth_status(
state: &State<AuthState>, state: &State<AuthState>,
admin_state: &State<AdminState>, admin_state: &State<AdminState>,
csrf_state: &State<CsrfState>,
jar: &CookieJar<'_>,
request: Proto<items::AuthStatusRequest>, request: Proto<items::AuthStatusRequest>,
) -> items::AuthStatusResponse { ) -> items::AuthStatusResponse {
let req = request.into_inner(); let req = request.into_inner();
@ -202,9 +193,6 @@ pub async fn get_auth_status(
let admins = admin_state.admins.lock().await; let admins = admin_state.admins.lock().await;
let is_admin = crate::store::is_admin(username, &admins); let is_admin = crate::store::is_admin(username, &admins);
let csrf_token = csrf_state.generate_token();
set_csrf_cookie(jar, &csrf_token);
items::AuthStatusResponse { items::AuthStatusResponse {
authenticated: true, authenticated: true,
username: username.clone(), username: username.clone(),

View File

@ -1,95 +0,0 @@
use rocket::Build;
use rocket::Request;
use rocket::Rocket;
use rocket::fairing::{Fairing, Info, Kind};
use rocket::http::{Cookie, CookieJar, SameSite, Status};
use rocket::request::{FromRequest, Outcome};
use std::collections::HashSet;
use std::sync::Arc;
use uuid::Uuid;
const CSRF_COOKIE_NAME: &str = "csrf_token";
const CSRF_HEADER_NAME: &str = "X-CSRF-Token";
const CSRF_EXPIRATION_HOURS: u64 = 24;
#[derive(Clone)]
pub struct CsrfToken(pub String);
#[derive(Clone)]
pub struct CsrfState {
tokens: Arc<std::sync::Mutex<HashSet<String>>>,
}
impl CsrfState {
pub fn new() -> Self {
Self {
tokens: Arc::new(std::sync::Mutex::new(HashSet::new())),
}
}
pub fn generate_token(&self) -> String {
let token = Uuid::new_v4().to_string();
self.tokens.lock().unwrap().insert(token.clone());
token
}
pub fn validate_token(&self, token: &str) -> bool {
self.tokens.lock().unwrap().remove(token)
}
}
impl Default for CsrfState {
fn default() -> Self {
Self::new()
}
}
#[rocket::async_trait]
impl<'r> FromRequest<'r> for CsrfToken {
type Error = ();
async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let header_token = request.headers().get_one(CSRF_HEADER_NAME);
let cookie_jar = request.guard::<&CookieJar<'_>>().await;
let cookie_token = match cookie_jar {
Outcome::Success(jar) => jar
.get(CSRF_COOKIE_NAME)
.map(|c: &Cookie<'_>| c.value().to_string()),
_ => None,
};
match (header_token, cookie_token) {
(Some(header), Some(cookie)) if header == cookie => {
Outcome::Success(CsrfToken(header.to_string()))
}
_ => Outcome::Error((Status::Forbidden, ())),
}
}
}
pub struct CsrfFairing;
#[rocket::async_trait]
impl Fairing for CsrfFairing {
fn info(&self) -> Info {
Info {
name: "CSRF Protection",
kind: Kind::Ignite,
}
}
async fn on_ignite(&self, rocket: Rocket<Build>) -> Result<Rocket<Build>, Rocket<Build>> {
Ok(rocket.manage(CsrfState::new()))
}
}
pub fn set_csrf_cookie(jar: &CookieJar<'_>, token: &str) {
jar.add(
Cookie::build((CSRF_COOKIE_NAME, token.to_owned()))
.http_only(true)
.same_site(SameSite::Strict)
.max_age(rocket::time::Duration::hours(CSRF_EXPIRATION_HOURS as i64))
.path("/"),
);
}

View File

@ -7,13 +7,11 @@ pub mod items {
pub mod auth; pub mod auth;
pub mod auth_persistence; pub mod auth_persistence;
pub mod csrf;
pub mod proto_utils; pub mod proto_utils;
pub mod security_headers; pub mod security_headers;
pub mod store; pub mod store;
pub mod validation; pub mod validation;
pub use auth::AdminState; pub use auth::AdminState;
pub use csrf::{CsrfFairing, CsrfState, CsrfToken, set_csrf_cookie};
pub use security_headers::SecurityHeaders; pub use security_headers::SecurityHeaders;
pub use store::User; pub use store::User;

View File

@ -4,7 +4,6 @@ use rocket::futures::lock::Mutex;
use backend::auth; use backend::auth;
use backend::auth::AdminState; use backend::auth::AdminState;
use backend::csrf::{CsrfFairing, CsrfToken};
use backend::items::{self, Game}; use backend::items::{self, Game};
use backend::proto_utils; use backend::proto_utils;
use backend::security_headers::SecurityHeaders; use backend::security_headers::SecurityHeaders;
@ -90,7 +89,6 @@ async fn get_games(
#[post("/game", data = "<game>", rank = 1)] #[post("/game", data = "<game>", rank = 1)]
async fn add_game( async fn add_game(
_token: auth::Token, _token: auth::Token,
_csrf: CsrfToken,
game_list: &rocket::State<Mutex<Vec<Game>>>, game_list: &rocket::State<Mutex<Vec<Game>>>,
user_list: &rocket::State<Mutex<Vec<User>>>, user_list: &rocket::State<Mutex<Vec<User>>>,
game: proto_utils::Proto<items::Game>, game: proto_utils::Proto<items::Game>,
@ -133,7 +131,6 @@ async fn add_game(
#[patch("/game", data = "<game>", rank = 1)] #[patch("/game", data = "<game>", rank = 1)]
async fn update_game( async fn update_game(
_token: auth::AdminToken, _token: auth::AdminToken,
_csrf: CsrfToken,
game_list: &rocket::State<Mutex<Vec<Game>>>, game_list: &rocket::State<Mutex<Vec<Game>>>,
user_list: &rocket::State<Mutex<Vec<User>>>, user_list: &rocket::State<Mutex<Vec<User>>>,
game: proto_utils::Proto<items::Game>, game: proto_utils::Proto<items::Game>,
@ -196,7 +193,6 @@ async fn update_game(
#[delete("/game/<title>", rank = 1)] #[delete("/game/<title>", rank = 1)]
async fn delete_game( async fn delete_game(
_token: auth::AdminToken, _token: auth::AdminToken,
_csrf: CsrfToken,
game_list: &rocket::State<Mutex<Vec<Game>>>, game_list: &rocket::State<Mutex<Vec<Game>>>,
user_list: &rocket::State<Mutex<Vec<User>>>, user_list: &rocket::State<Mutex<Vec<User>>>,
title: &str, title: &str,
@ -227,7 +223,6 @@ async fn delete_game(
#[post("/refresh", rank = 1)] #[post("/refresh", rank = 1)]
async fn refresh_state( async fn refresh_state(
_token: auth::AdminToken, _token: auth::AdminToken,
_csrf: CsrfToken,
game_list: &rocket::State<Mutex<Vec<Game>>>, game_list: &rocket::State<Mutex<Vec<Game>>>,
user_list: &rocket::State<Mutex<Vec<User>>>, user_list: &rocket::State<Mutex<Vec<User>>>,
admin_state: &rocket::State<AdminState>, admin_state: &rocket::State<AdminState>,
@ -256,7 +251,6 @@ async fn refresh_state(
#[post("/opinion", data = "<req>", rank = 1)] #[post("/opinion", data = "<req>", rank = 1)]
async fn add_opinion( async fn add_opinion(
token: auth::Token, token: auth::Token,
_csrf: CsrfToken,
game_list: &rocket::State<Mutex<Vec<Game>>>, game_list: &rocket::State<Mutex<Vec<Game>>>,
user_list: &rocket::State<Mutex<Vec<User>>>, user_list: &rocket::State<Mutex<Vec<User>>>,
req: proto_utils::Proto<items::AddOpinionRequest>, req: proto_utils::Proto<items::AddOpinionRequest>,
@ -309,7 +303,6 @@ async fn add_opinion(
#[patch("/opinion", data = "<req>", rank = 1)] #[patch("/opinion", data = "<req>", rank = 1)]
async fn remove_opinion( async fn remove_opinion(
token: auth::Token, token: auth::Token,
_csrf: CsrfToken,
game_list: &rocket::State<Mutex<Vec<Game>>>, game_list: &rocket::State<Mutex<Vec<Game>>>,
user_list: &rocket::State<Mutex<Vec<User>>>, user_list: &rocket::State<Mutex<Vec<User>>>,
req: proto_utils::Proto<items::RemoveOpinionRequest>, req: proto_utils::Proto<items::RemoveOpinionRequest>,
@ -495,7 +488,6 @@ async fn main() -> Result<(), std::io::Error> {
rocket::build() rocket::build()
.attach(SecurityHeaders) .attach(SecurityHeaders)
.attach(CsrfFairing)
.manage(Mutex::new(user_list)) .manage(Mutex::new(user_list))
.manage(auth::AuthState::new()) .manage(auth::AuthState::new())
.manage(auth::AdminState::new()) .manage(auth::AdminState::new())

View File

@ -29,11 +29,11 @@
"ts-proto": "^2.10.1", "ts-proto": "^2.10.1",
"typescript": "~5.9.3", "typescript": "~5.9.3",
"typescript-eslint": "^8.53.0", "typescript-eslint": "^8.53.0",
"vite": "npm:rolldown-vite@7.2.5" "vite": "npm:rolldown-vite@7.3.1"
}, },
"pnpm": { "pnpm": {
"overrides": { "overrides": {
"vite": "npm:rolldown-vite@7.2.5" "vite": "npm:rolldown-vite@7.3.1"
} }
} }
} }

167
frontend/pnpm-lock.yaml generated
View File

@ -5,7 +5,7 @@ settings:
excludeLinksFromLockfile: false excludeLinksFromLockfile: false
overrides: overrides:
vite: npm:rolldown-vite@7.2.5 vite: npm:rolldown-vite@7.3.1
importers: importers:
@ -38,7 +38,7 @@ importers:
version: 19.2.3(@types/react@19.2.8) version: 19.2.3(@types/react@19.2.8)
'@vitejs/plugin-react': '@vitejs/plugin-react':
specifier: ^5.1.2 specifier: ^5.1.2
version: 5.1.2(rolldown-vite@7.2.5(@types/node@24.10.7)) version: 5.1.2(rolldown-vite@7.3.1(@types/node@24.10.7))
eslint: eslint:
specifier: ^9.39.2 specifier: ^9.39.2
version: 9.39.2 version: 9.39.2
@ -61,8 +61,8 @@ importers:
specifier: ^8.53.0 specifier: ^8.53.0
version: 8.53.0(eslint@9.39.2)(typescript@5.9.3) version: 8.53.0(eslint@9.39.2)(typescript@5.9.3)
vite: vite:
specifier: npm:rolldown-vite@7.2.5 specifier: npm:rolldown-vite@7.3.1
version: rolldown-vite@7.2.5(@types/node@24.10.7) version: rolldown-vite@7.3.1(@types/node@24.10.7)
packages: packages:
@ -234,99 +234,90 @@ packages:
'@napi-rs/wasm-runtime@1.1.1': '@napi-rs/wasm-runtime@1.1.1':
resolution: {integrity: sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A==} resolution: {integrity: sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A==}
'@oxc-project/runtime@0.97.0': '@oxc-project/runtime@0.101.0':
resolution: {integrity: sha512-yH0zw7z+jEws4dZ4IUKoix5Lh3yhqIJWF9Dc8PWvhpo7U7O+lJrv7ZZL4BeRO0la8LBQFwcCewtLBnVV7hPe/w==} resolution: {integrity: sha512-t3qpfVZIqSiLQ5Kqt/MC4Ge/WCOGrrcagAdzTcDaggupjiGxUx4nJF2v6wUCXWSzWHn5Ns7XLv13fCJEwCOERQ==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
'@oxc-project/types@0.97.0': '@oxc-project/types@0.101.0':
resolution: {integrity: sha512-lxmZK4xFrdvU0yZiDwgVQTCvh2gHWBJCBk5ALsrtsBWhs0uDIi+FTOnXRQeQfs304imdvTdaakT/lqwQ8hkOXQ==} resolution: {integrity: sha512-nuFhqlUzJX+gVIPPfuE6xurd4lST3mdcWOhyK/rZO0B9XWMKm79SuszIQEnSMmmDhq1DC8WWVYGVd+6F93o1gQ==}
'@rolldown/binding-android-arm64@1.0.0-beta.50': '@rolldown/binding-android-arm64@1.0.0-beta.53':
resolution: {integrity: sha512-XlEkrOIHLyGT3avOgzfTFSjG+f+dZMw+/qd+Y3HLN86wlndrB/gSimrJCk4gOhr1XtRtEKfszpadI3Md4Z4/Ag==} resolution: {integrity: sha512-Ok9V8o7o6YfSdTTYA/uHH30r3YtOxLD6G3wih/U9DO0ucBBFq8WPt/DslU53OgfteLRHITZny9N/qCUxMf9kjQ==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm64] cpu: [arm64]
os: [android] os: [android]
'@rolldown/binding-darwin-arm64@1.0.0-beta.50': '@rolldown/binding-darwin-arm64@1.0.0-beta.53':
resolution: {integrity: sha512-+JRqKJhoFlt5r9q+DecAGPLZ5PxeLva+wCMtAuoFMWPoZzgcYrr599KQ+Ix0jwll4B4HGP43avu9My8KtSOR+w==} resolution: {integrity: sha512-yIsKqMz0CtRnVa6x3Pa+mzTihr4Ty+Z6HfPbZ7RVbk1Uxnco4+CUn7Qbm/5SBol1JD/7nvY8rphAgyAi7Lj6Vg==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm64] cpu: [arm64]
os: [darwin] os: [darwin]
'@rolldown/binding-darwin-x64@1.0.0-beta.50': '@rolldown/binding-darwin-x64@1.0.0-beta.53':
resolution: {integrity: sha512-fFXDjXnuX7/gQZQm/1FoivVtRcyAzdjSik7Eo+9iwPQ9EgtA5/nB2+jmbzaKtMGG3q+BnZbdKHCtOacmNrkIDA==} resolution: {integrity: sha512-GTXe+mxsCGUnJOFMhfGWmefP7Q9TpYUseHvhAhr21nCTgdS8jPsvirb0tJwM3lN0/u/cg7bpFNa16fQrjKrCjQ==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [x64] cpu: [x64]
os: [darwin] os: [darwin]
'@rolldown/binding-freebsd-x64@1.0.0-beta.50': '@rolldown/binding-freebsd-x64@1.0.0-beta.53':
resolution: {integrity: sha512-F1b6vARy49tjmT/hbloplzgJS7GIvwWZqt+tAHEstCh0JIh9sa8FAMVqEmYxDviqKBaAI8iVvUREm/Kh/PD26Q==} resolution: {integrity: sha512-9Tmp7bBvKqyDkMcL4e089pH3RsjD3SUungjmqWtyhNOxoQMh0fSmINTyYV8KXtE+JkxYMPWvnEt+/mfpVCkk8w==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [x64] cpu: [x64]
os: [freebsd] os: [freebsd]
'@rolldown/binding-linux-arm-gnueabihf@1.0.0-beta.50': '@rolldown/binding-linux-arm-gnueabihf@1.0.0-beta.53':
resolution: {integrity: sha512-U6cR76N8T8M6lHj7EZrQ3xunLPxSvYYxA8vJsBKZiFZkT8YV4kjgCO3KwMJL0NOjQCPGKyiXO07U+KmJzdPGRw==} resolution: {integrity: sha512-a1y5fiB0iovuzdbjUxa7+Zcvgv+mTmlGGC4XydVIsyl48eoxgaYkA3l9079hyTyhECsPq+mbr0gVQsFU11OJAQ==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm] cpu: [arm]
os: [linux] os: [linux]
'@rolldown/binding-linux-arm64-gnu@1.0.0-beta.50': '@rolldown/binding-linux-arm64-gnu@1.0.0-beta.53':
resolution: {integrity: sha512-ONgyjofCrrE3bnh5GZb8EINSFyR/hmwTzZ7oVuyUB170lboza1VMCnb8jgE6MsyyRgHYmN8Lb59i3NKGrxrYjw==} resolution: {integrity: sha512-bpIGX+ov9PhJYV+wHNXl9rzq4F0QvILiURn0y0oepbQx+7stmQsKA0DhPGwmhfvF856wq+gbM8L92SAa/CBcLg==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm64] cpu: [arm64]
os: [linux] os: [linux]
'@rolldown/binding-linux-arm64-musl@1.0.0-beta.50': '@rolldown/binding-linux-arm64-musl@1.0.0-beta.53':
resolution: {integrity: sha512-L0zRdH2oDPkmB+wvuTl+dJbXCsx62SkqcEqdM+79LOcB+PxbAxxjzHU14BuZIQdXcAVDzfpMfaHWzZuwhhBTcw==} resolution: {integrity: sha512-bGe5EBB8FVjHBR1mOLOPEFg1Lp3//7geqWkU5NIhxe+yH0W8FVrQ6WRYOap4SUTKdklD/dC4qPLREkMMQ855FA==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm64] cpu: [arm64]
os: [linux] os: [linux]
'@rolldown/binding-linux-x64-gnu@1.0.0-beta.50': '@rolldown/binding-linux-x64-gnu@1.0.0-beta.53':
resolution: {integrity: sha512-gyoI8o/TGpQd3OzkJnh1M2kxy1Bisg8qJ5Gci0sXm9yLFzEXIFdtc4EAzepxGvrT2ri99ar5rdsmNG0zP0SbIg==} resolution: {integrity: sha512-qL+63WKVQs1CMvFedlPt0U9PiEKJOAL/bsHMKUDS6Vp2Q+YAv/QLPu8rcvkfIMvQ0FPU2WL0aX4eWwF6e/GAnA==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [x64] cpu: [x64]
os: [linux] os: [linux]
'@rolldown/binding-linux-x64-musl@1.0.0-beta.50': '@rolldown/binding-linux-x64-musl@1.0.0-beta.53':
resolution: {integrity: sha512-zti8A7M+xFDpKlghpcCAzyOi+e5nfUl3QhU023ce5NCgUxRG5zGP2GR9LTydQ1rnIPwZUVBWd4o7NjZDaQxaXA==} resolution: {integrity: sha512-VGl9JIGjoJh3H8Mb+7xnVqODajBmrdOOb9lxWXdcmxyI+zjB2sux69br0hZJDTyLJfvBoYm439zPACYbCjGRmw==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [x64] cpu: [x64]
os: [linux] os: [linux]
'@rolldown/binding-openharmony-arm64@1.0.0-beta.50': '@rolldown/binding-openharmony-arm64@1.0.0-beta.53':
resolution: {integrity: sha512-eZUssog7qljrrRU9Mi0eqYEPm3Ch0UwB+qlWPMKSUXHNqhm3TvDZarJQdTevGEfu3EHAXJvBIe0YFYr0TPVaMA==} resolution: {integrity: sha512-B4iIserJXuSnNzA5xBLFUIjTfhNy7d9sq4FUMQY3GhQWGVhS2RWWzzDnkSU6MUt7/aHUrep0CdQfXUJI9D3W7A==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm64] cpu: [arm64]
os: [openharmony] os: [openharmony]
'@rolldown/binding-wasm32-wasi@1.0.0-beta.50': '@rolldown/binding-wasm32-wasi@1.0.0-beta.53':
resolution: {integrity: sha512-nmCN0nIdeUnmgeDXiQ+2HU6FT162o+rxnF7WMkBm4M5Ds8qTU7Dzv2Wrf22bo4ftnlrb2hKK6FSwAJSAe2FWLg==} resolution: {integrity: sha512-BUjAEgpABEJXilGq/BPh7jeU3WAJ5o15c1ZEgHaDWSz3LB881LQZnbNJHmUiM4d1JQWMYYyR1Y490IBHi2FPJg==}
engines: {node: '>=14.0.0'} engines: {node: '>=14.0.0'}
cpu: [wasm32] cpu: [wasm32]
'@rolldown/binding-win32-arm64-msvc@1.0.0-beta.50': '@rolldown/binding-win32-arm64-msvc@1.0.0-beta.53':
resolution: {integrity: sha512-7kcNLi7Ua59JTTLvbe1dYb028QEPaJPJQHqkmSZ5q3tJueUeb6yjRtx8mw4uIqgWZcnQHAR3PrLN4XRJxvgIkA==} resolution: {integrity: sha512-s27uU7tpCWSjHBnxyVXHt3rMrQdJq5MHNv3BzsewCIroIw3DJFjMH1dzCPPMUFxnh1r52Nf9IJ/eWp6LDoyGcw==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [arm64] cpu: [arm64]
os: [win32] os: [win32]
'@rolldown/binding-win32-ia32-msvc@1.0.0-beta.50': '@rolldown/binding-win32-x64-msvc@1.0.0-beta.53':
resolution: {integrity: sha512-lL70VTNvSCdSZkDPPVMwWn/M2yQiYvSoXw9hTLgdIWdUfC3g72UaruezusR6ceRuwHCY1Ayu2LtKqXkBO5LIwg==} resolution: {integrity: sha512-cjWL/USPJ1g0en2htb4ssMjIycc36RvdQAx1WlXnS6DpULswiUTVXPDesTifSKYSyvx24E0YqQkEm0K/M2Z/AA==}
engines: {node: ^20.19.0 || >=22.12.0}
cpu: [ia32]
os: [win32]
'@rolldown/binding-win32-x64-msvc@1.0.0-beta.50':
resolution: {integrity: sha512-4qU4x5DXWB4JPjyTne/wBNPqkbQU8J45bl21geERBKtEittleonioACBL1R0PsBu0Aq21SwMK5a9zdBkWSlQtQ==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
cpu: [x64] cpu: [x64]
os: [win32] os: [win32]
'@rolldown/pluginutils@1.0.0-beta.50':
resolution: {integrity: sha512-5e76wQiQVeL1ICOZVUg4LSOVYg9jyhGCin+icYozhsUzM+fHE7kddi1bdiE0jwVqTfkjba3jUFbEkoC9WkdvyA==}
'@rolldown/pluginutils@1.0.0-beta.53': '@rolldown/pluginutils@1.0.0-beta.53':
resolution: {integrity: sha512-vENRlFU4YbrwVqNDZ7fLvy+JR1CRkyr01jhSiDpE1u6py3OMzQfztQU2jxykW3ALNxO4kSlqIDeYyD0Y9RcQeQ==} resolution: {integrity: sha512-vENRlFU4YbrwVqNDZ7fLvy+JR1CRkyr01jhSiDpE1u6py3OMzQfztQU2jxykW3ALNxO4kSlqIDeYyD0Y9RcQeQ==}
@ -425,7 +416,7 @@ packages:
resolution: {integrity: sha512-EcA07pHJouywpzsoTUqNh5NwGayl2PPVEJKUSinGGSxFGYn+shYbqMGBg6FXDqgXum9Ou/ecb+411ssw8HImJQ==} resolution: {integrity: sha512-EcA07pHJouywpzsoTUqNh5NwGayl2PPVEJKUSinGGSxFGYn+shYbqMGBg6FXDqgXum9Ou/ecb+411ssw8HImJQ==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
peerDependencies: peerDependencies:
vite: ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 vite: npm:rolldown-vite@7.3.1
acorn-jsx@5.3.2: acorn-jsx@5.3.2:
resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==} resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
@ -894,13 +885,13 @@ packages:
resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==} resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
engines: {node: '>=4'} engines: {node: '>=4'}
rolldown-vite@7.2.5: rolldown-vite@7.3.1:
resolution: {integrity: sha512-u09tdk/huMiN8xwoiBbig197jKdCamQTtOruSalOzbqGje3jdHiV0njQlAW0YvzoahkirFePNQ4RYlfnRQpXZA==} resolution: {integrity: sha512-LYzdNAjRHhF2yA4JUQm/QyARyi216N2rpJ0lJZb8E9FU2y5v6Vk+xq/U4XBOxMefpWixT5H3TslmAHm1rqIq2w==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
hasBin: true hasBin: true
peerDependencies: peerDependencies:
'@types/node': ^20.19.0 || >=22.12.0 '@types/node': ^20.19.0 || >=22.12.0
esbuild: ^0.25.0 esbuild: ^0.27.0
jiti: '>=1.21.0' jiti: '>=1.21.0'
less: ^4.0.0 less: ^4.0.0
sass: ^1.70.0 sass: ^1.70.0
@ -934,8 +925,8 @@ packages:
yaml: yaml:
optional: true optional: true
rolldown@1.0.0-beta.50: rolldown@1.0.0-beta.53:
resolution: {integrity: sha512-JFULvCNl/anKn99eKjOSEubi0lLmNqQDAjyEMME2T4CwezUDL0i6t1O9xZsu2OMehPnV2caNefWpGF+8TnzB6A==} resolution: {integrity: sha512-Qd9c2p0XKZdgT5AYd+KgAMggJ8ZmCs3JnS9PTMWkyUfteKlfmKtxJbWTHkVakxwXs1Ub7jrRYVeFeF7N0sQxyw==}
engines: {node: ^20.19.0 || >=22.12.0} engines: {node: ^20.19.0 || >=22.12.0}
hasBin: true hasBin: true
@ -1265,56 +1256,51 @@ snapshots:
'@tybys/wasm-util': 0.10.1 '@tybys/wasm-util': 0.10.1
optional: true optional: true
'@oxc-project/runtime@0.97.0': {} '@oxc-project/runtime@0.101.0': {}
'@oxc-project/types@0.97.0': {} '@oxc-project/types@0.101.0': {}
'@rolldown/binding-android-arm64@1.0.0-beta.50': '@rolldown/binding-android-arm64@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-darwin-arm64@1.0.0-beta.50': '@rolldown/binding-darwin-arm64@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-darwin-x64@1.0.0-beta.50': '@rolldown/binding-darwin-x64@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-freebsd-x64@1.0.0-beta.50': '@rolldown/binding-freebsd-x64@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-linux-arm-gnueabihf@1.0.0-beta.50': '@rolldown/binding-linux-arm-gnueabihf@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-linux-arm64-gnu@1.0.0-beta.50': '@rolldown/binding-linux-arm64-gnu@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-linux-arm64-musl@1.0.0-beta.50': '@rolldown/binding-linux-arm64-musl@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-linux-x64-gnu@1.0.0-beta.50': '@rolldown/binding-linux-x64-gnu@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-linux-x64-musl@1.0.0-beta.50': '@rolldown/binding-linux-x64-musl@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-openharmony-arm64@1.0.0-beta.50': '@rolldown/binding-openharmony-arm64@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-wasm32-wasi@1.0.0-beta.50': '@rolldown/binding-wasm32-wasi@1.0.0-beta.53':
dependencies: dependencies:
'@napi-rs/wasm-runtime': 1.1.1 '@napi-rs/wasm-runtime': 1.1.1
optional: true optional: true
'@rolldown/binding-win32-arm64-msvc@1.0.0-beta.50': '@rolldown/binding-win32-arm64-msvc@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-win32-ia32-msvc@1.0.0-beta.50': '@rolldown/binding-win32-x64-msvc@1.0.0-beta.53':
optional: true optional: true
'@rolldown/binding-win32-x64-msvc@1.0.0-beta.50':
optional: true
'@rolldown/pluginutils@1.0.0-beta.50': {}
'@rolldown/pluginutils@1.0.0-beta.53': {} '@rolldown/pluginutils@1.0.0-beta.53': {}
'@tybys/wasm-util@0.10.1': '@tybys/wasm-util@0.10.1':
@ -1450,7 +1436,7 @@ snapshots:
'@typescript-eslint/types': 8.53.0 '@typescript-eslint/types': 8.53.0
eslint-visitor-keys: 4.2.1 eslint-visitor-keys: 4.2.1
'@vitejs/plugin-react@5.1.2(rolldown-vite@7.2.5(@types/node@24.10.7))': '@vitejs/plugin-react@5.1.2(rolldown-vite@7.3.1(@types/node@24.10.7))':
dependencies: dependencies:
'@babel/core': 7.28.6 '@babel/core': 7.28.6
'@babel/plugin-transform-react-jsx-self': 7.27.1(@babel/core@7.28.6) '@babel/plugin-transform-react-jsx-self': 7.27.1(@babel/core@7.28.6)
@ -1458,7 +1444,7 @@ snapshots:
'@rolldown/pluginutils': 1.0.0-beta.53 '@rolldown/pluginutils': 1.0.0-beta.53
'@types/babel__core': 7.20.5 '@types/babel__core': 7.20.5
react-refresh: 0.18.0 react-refresh: 0.18.0
vite: rolldown-vite@7.2.5(@types/node@24.10.7) vite: rolldown-vite@7.3.1(@types/node@24.10.7)
transitivePeerDependencies: transitivePeerDependencies:
- supports-color - supports-color
@ -1864,38 +1850,37 @@ snapshots:
resolve-from@4.0.0: {} resolve-from@4.0.0: {}
rolldown-vite@7.2.5(@types/node@24.10.7): rolldown-vite@7.3.1(@types/node@24.10.7):
dependencies: dependencies:
'@oxc-project/runtime': 0.97.0 '@oxc-project/runtime': 0.101.0
fdir: 6.5.0(picomatch@4.0.3) fdir: 6.5.0(picomatch@4.0.3)
lightningcss: 1.30.2 lightningcss: 1.30.2
picomatch: 4.0.3 picomatch: 4.0.3
postcss: 8.5.6 postcss: 8.5.6
rolldown: 1.0.0-beta.50 rolldown: 1.0.0-beta.53
tinyglobby: 0.2.15 tinyglobby: 0.2.15
optionalDependencies: optionalDependencies:
'@types/node': 24.10.7 '@types/node': 24.10.7
fsevents: 2.3.3 fsevents: 2.3.3
rolldown@1.0.0-beta.50: rolldown@1.0.0-beta.53:
dependencies: dependencies:
'@oxc-project/types': 0.97.0 '@oxc-project/types': 0.101.0
'@rolldown/pluginutils': 1.0.0-beta.50 '@rolldown/pluginutils': 1.0.0-beta.53
optionalDependencies: optionalDependencies:
'@rolldown/binding-android-arm64': 1.0.0-beta.50 '@rolldown/binding-android-arm64': 1.0.0-beta.53
'@rolldown/binding-darwin-arm64': 1.0.0-beta.50 '@rolldown/binding-darwin-arm64': 1.0.0-beta.53
'@rolldown/binding-darwin-x64': 1.0.0-beta.50 '@rolldown/binding-darwin-x64': 1.0.0-beta.53
'@rolldown/binding-freebsd-x64': 1.0.0-beta.50 '@rolldown/binding-freebsd-x64': 1.0.0-beta.53
'@rolldown/binding-linux-arm-gnueabihf': 1.0.0-beta.50 '@rolldown/binding-linux-arm-gnueabihf': 1.0.0-beta.53
'@rolldown/binding-linux-arm64-gnu': 1.0.0-beta.50 '@rolldown/binding-linux-arm64-gnu': 1.0.0-beta.53
'@rolldown/binding-linux-arm64-musl': 1.0.0-beta.50 '@rolldown/binding-linux-arm64-musl': 1.0.0-beta.53
'@rolldown/binding-linux-x64-gnu': 1.0.0-beta.50 '@rolldown/binding-linux-x64-gnu': 1.0.0-beta.53
'@rolldown/binding-linux-x64-musl': 1.0.0-beta.50 '@rolldown/binding-linux-x64-musl': 1.0.0-beta.53
'@rolldown/binding-openharmony-arm64': 1.0.0-beta.50 '@rolldown/binding-openharmony-arm64': 1.0.0-beta.53
'@rolldown/binding-wasm32-wasi': 1.0.0-beta.50 '@rolldown/binding-wasm32-wasi': 1.0.0-beta.53
'@rolldown/binding-win32-arm64-msvc': 1.0.0-beta.50 '@rolldown/binding-win32-arm64-msvc': 1.0.0-beta.53
'@rolldown/binding-win32-ia32-msvc': 1.0.0-beta.50 '@rolldown/binding-win32-x64-msvc': 1.0.0-beta.53
'@rolldown/binding-win32-x64-msvc': 1.0.0-beta.50
scheduler@0.27.0: {} scheduler@0.27.0: {}

View File

@ -1,26 +1,16 @@
import { AuthStatusRequest, AuthStatusResponse } from "../items"; import { AuthStatusRequest, AuthStatusResponse } from "../items";
export const getCsrfToken = (): string | null => {
const match = document.cookie.match(/csrf_token=([^;]+)/);
return match ? decodeURIComponent(match[1]) : null;
};
export const apiFetch = async ( export const apiFetch = async (
url: string, url: string,
options: RequestInit = {} options: RequestInit = {}
): Promise<Response> => { ): Promise<Response> => {
const token = localStorage.getItem("token"); const token = localStorage.getItem("token");
const csrfToken = getCsrfToken();
const headers = new Headers(options.headers); const headers = new Headers(options.headers);
if (token) { if (token) {
headers.set("Authorization", `Bearer ${token}`); headers.set("Authorization", `Bearer ${token}`);
} }
if (csrfToken) {
headers.set("X-CSRF-Token", csrfToken);
}
const config = { const config = {
...options, ...options,
headers, headers,