csrf token only fetch, for API and will be added to jschan-docs

2 years ago · 5e15e5cdd5
parent 4f5e996cc6
commit 5e15e5cdd5
4 changed files with 13 additions and 2 deletions
--- a/configs/nginx/snippets/jschan_common_routes.conf
+++ b/configs/nginx/snippets/jschan_common_routes.conf
@ -29,7 +29,7 @@ location /captcha {
 }

 # authed, no cache pages
-location ~* ^/((\w+/manage/.*|globalmanage/(reports|bans|recent|boards|globallogs|news|accounts|settings))|account|create)\.(html|json)$ {
+location ~* ^/((\w+/manage/.*|globalmanage/(reports|bans|recent|boards|globallogs|news|accounts|settings))|account|create|csrf)\.(html|json)$ {
        expires 0;
        try_files /dev/null @backend-private;
 }
--- a/controllers/pages.js
+++ b/controllers/pages.js
@ -22,7 +22,7 @@ const express  = require('express')
 		globalManageRecent, globalManageAccounts, globalManageNews, globalManageLogs } = require(__dirname+'/../models/pages/globalmanage/')
 	, { changePassword, blockBypass, home, register, login, create,
 		board, catalog, banners, randombanner, news, captchaPage, overboard, overboardCatalog,
-		captcha, thread, modlog, modloglist, account, boardlist, customPage } = require(__dirname+'/../models/pages/')
+		captcha, thread, modlog, modloglist, account, boardlist, customPage, csrfPage } = require(__dirname+'/../models/pages/')
 	, threadParamConverter = paramConverter({ processThreadIdParam: true })
 	, logParamConverter = paramConverter({ processDateParam: true })
 	, newsParamConverter = paramConverter({ objectIdParams: ['newsid'] })
@ -90,5 +90,6 @@ router.get('/login.html', login);
 router.get('/register.html', register);
 router.get('/changepassword.html', changePassword);
 router.get('/create.html', useSession, sessionRefresh, isLoggedIn, create); //create new board
+router.get('/csrf.json', useSession, sessionRefresh, isLoggedIn, csrf, csrfPage); //just the token, for 3rd party stuff posting

 module.exports = router;
--- a/models/pages/csrf.js
+++ b/models/pages/csrf.js
@ -0,0 +1,9 @@
+'use strict';
+
+module.exports = async (req, res, next) => {
+
+	res.json({
+		token: req.csrfToken(),
+	});
+
+}
--- a/models/pages/index.js
+++ b/models/pages/index.js
@ -12,6 +12,7 @@ module.exports = {
 	catalog: require(__dirname+'/catalog.js'),
 	banners: require(__dirname+'/banners.js'),
 	customPage: require(__dirname+'/custompage.js'),
+	csrfPage: require(__dirname+'/csrf.js'),
 	randombanner: require(__dirname+'/randombanner.js'),
 	news: require(__dirname+'/news.js'),
 	captchaPage: require(__dirname+'/captchapage.js'),