ob/sprint
1
0
Fork 0
mirror of https://github.com/hex248/sprint.git synced 2026-02-08 02:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

CSRF implementation on server helpers

Browse Source
This commit is contained in:
Oliver Bryan
2026-01-09 05:34:48 +00:00
parent f7d4d6212d
commit e074500a77
13 changed files with 66 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/frontend/src/lib/server/issue/byProject.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function byProject({ export async function byProject({
@@ -12,7 +12,7 @@ export async function byProject({
url.searchParams.set("projectId", `${projectId}`); url.searchParams.set("projectId", `${projectId}`);
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/issue/create.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function create({ export async function create({
@@ -20,8 +20,13 @@ export async function create({
if (description.trim() !== "") url.searchParams.set("description", description.trim()); if (description.trim() !== "") url.searchParams.set("description", description.trim());
if (assigneeId != null) url.searchParams.set("assigneeId", `${assigneeId}`); if (assigneeId != null) url.searchParams.set("assigneeId", `${assigneeId}`);
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/issue/update.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function update({ export async function update({
@@ -22,8 +22,13 @@ export async function update({
url.searchParams.set("assigneeId", assigneeId === null ? "null" : `${assigneeId}`); url.searchParams.set("assigneeId", assigneeId === null ? "null" : `${assigneeId}`);
} }
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/organisation/addMember.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function addMember({ export async function addMember({
@@ -17,9 +17,14 @@ export async function addMember({
url.searchParams.set("userId", `${userId}`); url.searchParams.set("userId", `${userId}`);
url.searchParams.set("role", role); url.searchParams.set("role", role);
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
method: "POST", method: "POST",
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

4
packages/frontend/src/lib/server/organisation/byUser.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function byUser({ export async function byUser({
@@ -12,7 +12,7 @@ export async function byUser({
url.searchParams.set("userId", `${userId}`); url.searchParams.set("userId", `${userId}`);
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/organisation/create.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function create({ export async function create({
@@ -20,8 +20,13 @@ export async function create({
url.searchParams.set("userId", `${userId}`); url.searchParams.set("userId", `${userId}`);
if (description.trim() !== "") url.searchParams.set("description", description.trim()); if (description.trim() !== "") url.searchParams.set("description", description.trim());
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

4
packages/frontend/src/lib/server/organisation/members.ts
View File

@@ -1,5 +1,5 @@
import type { OrganisationMemberResponse } from "@issue/shared"; import type { OrganisationMemberResponse } from "@issue/shared";
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function members({ export async function members({
@@ -13,7 +13,7 @@ export async function members({
url.searchParams.set("organisationId", `${organisationId}`); url.searchParams.set("organisationId", `${organisationId}`);
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/organisation/removeMember.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function removeMember({ export async function removeMember({
@@ -14,9 +14,14 @@ export async function removeMember({
url.searchParams.set("organisationId", `${organisationId}`); url.searchParams.set("organisationId", `${organisationId}`);
url.searchParams.set("userId", `${userId}`); url.searchParams.set("userId", `${userId}`);
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
method: "POST", method: "POST",
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

4
packages/frontend/src/lib/server/project/byOrganisation.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function byOrganisation({ export async function byOrganisation({
@@ -12,7 +12,7 @@ export async function byOrganisation({
url.searchParams.set("organisationId", `${organisationId}`); url.searchParams.set("organisationId", `${organisationId}`);
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/project/create.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function create({ export async function create({
@@ -20,8 +20,13 @@ export async function create({
url.searchParams.set("creatorId", `${creatorId}`); url.searchParams.set("creatorId", `${creatorId}`);
url.searchParams.set("organisationId", `${organisationId}`); url.searchParams.set("organisationId", `${organisationId}`);
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

4
packages/frontend/src/lib/server/user/byUsername.ts
View File

@@ -1,5 +1,5 @@
import type { UserRecord } from "@issue/shared"; import type { UserRecord } from "@issue/shared";
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function byUsername({ export async function byUsername({
@@ -13,7 +13,7 @@ export async function byUsername({
url.searchParams.set("username", username); url.searchParams.set("username", username);
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/user/update.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function update({ export async function update({
@@ -20,8 +20,13 @@ export async function update({
url.searchParams.set("password", password.trim()); url.searchParams.set("password", password.trim());
url.searchParams.set("avatarURL", avatarURL || "null"); url.searchParams.set("avatarURL", avatarURL || "null");
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(url.toString(), { const res = await fetch(url.toString(), {
headers: getAuthHeaders(), headers,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {

9
packages/frontend/src/lib/server/user/uploadAvatar.ts
View File

@@ -1,4 +1,4 @@
import { getAuthHeaders, getServerURL } from "@/lib/utils"; import { getCsrfToken, getServerURL } from "@/lib/utils";
import type { ServerQueryInput } from ".."; import type { ServerQueryInput } from "..";
export async function uploadAvatar({ export async function uploadAvatar({
@@ -24,10 +24,15 @@ export async function uploadAvatar({
const formData = new FormData(); const formData = new FormData();
formData.append("file", file); formData.append("file", file);
const csrfToken = getCsrfToken();
const headers: HeadersInit = {};
if (csrfToken) headers["X-CSRF-Token"] = csrfToken;
const res = await fetch(`${getServerURL()}/user/upload-avatar`, { const res = await fetch(`${getServerURL()}/user/upload-avatar`, {
method: "POST", method: "POST",
headers: getAuthHeaders(), headers,
body: formData, body: formData,
credentials: "include",
}); });
if (!res.ok) { if (!res.ok) {