nihonium/nyanimedb
1
0
Fork 1
Code Issues 11 Pull requests Releases Packages 3 Activity Actions

feat: send xsrf_token header
Some checks failed
Build and Deploy Go App / build (push) Has been cancelled
Details
Build and Deploy Go App / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
nihonium 2025-12-04 07:17:31 +03:00
parent b79a6b9117
commit 1bbfa338d9
Signed by: nihonium
GPG key ID: 0251623741027CFC
15 changed files with 151 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

53
modules/frontend/package-lock.json generated
View file

@ -13,6 +13,7 @@
"@tailwindcss/vite": "^4.1.17",
"axios": "^1.12.2",
"react": "^19.1.1",
"react-cookie": "^8.0.1",
"react-dom": "^19.1.1",
"react-router-dom": "^7.9.4",
"tailwindcss": "^4.1.17"
@ -1868,6 +1869,18 @@
"integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
"license": "MIT"
},
"node_modules/@types/hoist-non-react-statics": {
"version": "3.3.7",
"resolved": "https://registry.npmjs.org/@types/hoist-non-react-statics/-/hoist-non-react-statics-3.3.7.tgz",
"integrity": "sha512-PQTyIulDkIDro8P+IHbKCsw7U2xxBYflVzW/FgWdCAePD9xGSidgA76/GeJ6lBKoblyhf9pBY763gbrN+1dI8g==",
"license": "MIT",
"dependencies": {
"hoist-non-react-statics": "^3.3.0"
},
"peerDependencies": {
"@types/react": "*"
}
},
"node_modules/@types/json-schema": {
"version": "7.0.15",
"resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
@ -1890,7 +1903,6 @@
"version": "19.2.2",
"resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.2.tgz",
"integrity": "sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
@ -2524,7 +2536,6 @@
"version": "3.1.3",
"resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz",
"integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==",
"dev": true,
"license": "MIT"
},
"node_modules/debug": {
@ -3260,6 +3271,15 @@
"node": ">= 0.4"
}
},
"node_modules/hoist-non-react-statics": {
"version": "3.3.2",
"resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz",
"integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==",
"license": "BSD-3-Clause",
"dependencies": {
"react-is": "^16.7.0"
}
},
"node_modules/ignore": {
"version": "5.3.2",
"resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
@ -4068,6 +4088,20 @@
"node": ">=0.10.0"
}
},
"node_modules/react-cookie": {
"version": "8.0.1",
"resolved": "https://registry.npmjs.org/react-cookie/-/react-cookie-8.0.1.tgz",
"integrity": "sha512-QNdAd0MLuAiDiLcDU/2s/eyKmmfMHtjPUKJ2dZ/5CcQ9QKUium4B3o61/haq6PQl/YWFqC5PO8GvxeHKhy3GFA==",
"license": "MIT",
"dependencies": {
"@types/hoist-non-react-statics": "^3.3.6",
"hoist-non-react-statics": "^3.3.2",
"universal-cookie": "^8.0.0"
},
"peerDependencies": {
"react": ">= 16.3.0"
}
},
"node_modules/react-dom": {
"version": "19.2.0",
"resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz",
@ -4081,6 +4115,12 @@
"react": "^19.2.0"
}
},
"node_modules/react-is": {
"version": "16.13.1",
"resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
"integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==",
"license": "MIT"
},
"node_modules/react-refresh": {
"version": "0.17.0",
"resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.17.0.tgz",
@ -4481,6 +4521,15 @@
"devOptional": true,
"license": "MIT"
},
"node_modules/universal-cookie": {
"version": "8.0.1",
"resolved": "https://registry.npmjs.org/universal-cookie/-/universal-cookie-8.0.1.tgz",
"integrity": "sha512-B6ks9FLLnP1UbPPcveOidfvB9pHjP+wekP2uRYB9YDfKVpvcjKgy1W5Zj+cEXJ9KTPnqOKGfVDQBmn8/YCQfRg==",
"license": "MIT",
"dependencies": {
"cookie": "^1.0.2"
}
},
"node_modules/universalify": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",

1
modules/frontend/package.json
View file

@ -15,6 +15,7 @@
"@tailwindcss/vite": "^4.1.17",
"axios": "^1.12.2",
"react": "^19.1.1",
"react-cookie": "^8.0.1",
"react-dom": "^19.1.1",
"react-router-dom": "^7.9.4",
"tailwindcss": "^4.1.17"

3
modules/frontend/src/api/index.ts
View file

@ -7,6 +7,9 @@ export { CancelablePromise, CancelError } from './core/CancelablePromise';
export { OpenAPI } from './core/OpenAPI';
export type { OpenAPIConfig } from './core/OpenAPI';
export type { accessToken } from './models/accessToken';
export type { csrfToken } from './models/csrfToken';
export type { csrfTokenHeader } from './models/csrfTokenHeader';
export type { cursor } from './models/cursor';
export type { CursorObj } from './models/CursorObj';
export type { Image } from './models/Image';

9
modules/frontend/src/api/models/accessToken.ts Normal file
View file

@ -0,0 +1,9 @@
/* generated using openapi-typescript-codegen -- do not edit */
/* istanbul ignore file */
/* tslint:disable */
/* eslint-disable */
/**
* JWT access token.
*
*/
export type accessToken = string;

11
modules/frontend/src/api/models/csrfToken.ts Normal file
View file

@ -0,0 +1,11 @@
/* generated using openapi-typescript-codegen -- do not edit */
/* istanbul ignore file */
/* tslint:disable */
/* eslint-disable */
/**
* Anti-CSRF token (Double Submit Cookie pattern).
* Stored in non-HttpOnly cookie, readable by JavaScript.
* Must be echoed in `X-XSRF-TOKEN` header for state-changing requests (POST/PUT/PATCH/DELETE).
*
*/
export type csrfToken = string;

10
modules/frontend/src/api/models/csrfTokenHeader.ts Normal file
View file

@ -0,0 +1,10 @@
/* generated using openapi-typescript-codegen -- do not edit */
/* istanbul ignore file */
/* tslint:disable */
/* eslint-disable */
/**
* Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
* Required for all state-changing requests (POST/PUT/PATCH/DELETE).
*
*/
export type csrfTokenHeader = string;

21
modules/frontend/src/api/services/DefaultService.ts
View file

@ -135,12 +135,16 @@ export class DefaultService {
* Password updates must be done via the dedicated auth-service (`/auth/`).
* Fields not provided in the request body remain unchanged.
*
* @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
* Required for all state-changing requests (POST/PUT/PATCH/DELETE).
*
* @param userId User ID (primary key)
* @param requestBody
* @returns User User updated successfully. Returns updated user representation (excluding sensitive fields).
* @throws ApiError
*/
public static updateUser(
xXsrfToken: string,
userId: number,
requestBody: {
/**
@ -171,6 +175,9 @@ export class DefaultService {
path: {
'user_id': userId,
},
headers: {
'X-XSRF-TOKEN': xXsrfToken,
},
body: requestBody,
mediaType: 'application/json',
errors: {
@ -309,6 +316,9 @@ export class DefaultService {
/**
* Update a usertitle
* User updating title list of watched
* @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
* Required for all state-changing requests (POST/PUT/PATCH/DELETE).
*
* @param userId
* @param titleId
* @param requestBody
@ -316,6 +326,7 @@ export class DefaultService {
* @throws ApiError
*/
public static updateUserTitle(
xXsrfToken: string,
userId: number,
titleId: number,
requestBody: {
@ -330,6 +341,9 @@ export class DefaultService {
'user_id': userId,
'title_id': titleId,
},
headers: {
'X-XSRF-TOKEN': xXsrfToken,
},
body: requestBody,
mediaType: 'application/json',
errors: {
@ -344,12 +358,16 @@ export class DefaultService {
/**
* Delete a usertitle
* User deleting title from list of watched
* @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
* Required for all state-changing requests (POST/PUT/PATCH/DELETE).
*
* @param userId
* @param titleId
* @returns any Title successfully deleted
* @throws ApiError
*/
public static deleteUserTitle(
xXsrfToken: string,
userId: number,
titleId: number,
): CancelablePromise<any> {
@ -360,6 +378,9 @@ export class DefaultService {
'user_id': userId,
'title_id': titleId,
},
headers: {
'X-XSRF-TOKEN': xXsrfToken,
},
errors: {
401: `Unauthorized — missing or invalid auth token`,
403: `Forbidden — user not allowed to delete title`,

17
modules/frontend/src/auth/services/AuthService.ts
View file

@ -12,19 +12,17 @@ export class AuthService {
* @returns any Sign-up result
* @throws ApiError
*/
public static postAuthSignUp(
public static postSignUp(
requestBody: {
nickname: string;
pass: string;
},
): CancelablePromise<{
success?: boolean;
error?: string | null;
user_id?: string | null;
user_id: number;
}> {
return __request(OpenAPI, {
method: 'POST',
url: '/auth/sign-up',
url: '/sign-up',
body: requestBody,
mediaType: 'application/json',
});
@ -35,19 +33,18 @@ export class AuthService {
* @returns any Sign-in result with JWT
* @throws ApiError
*/
public static postAuthSignIn(
public static postSignIn(
requestBody: {
nickname: string;
pass: string;
},
): CancelablePromise<{
error?: string | null;
user_id?: string | null;
user_name?: string | null;
user_id: number;
user_name: string;
}> {
return __request(OpenAPI, {
method: 'POST',
url: '/auth/sign-in',
url: '/sign-in',
body: requestBody,
mediaType: 'application/json',
errors: {

9
modules/frontend/src/components/TitleStatusControls/TitleStatusControls.tsx
View file

@ -1,6 +1,8 @@
import { useEffect, useState } from "react";
import { DefaultService } from "../../api";
import type { UserTitleStatus } from "../../api";
import { useCookies } from 'react-cookie';
import {
ClockIcon,
CheckCircleIcon,
@ -17,6 +19,9 @@ const STATUS_BUTTONS: { status: UserTitleStatus; icon: React.ReactNode; label: s
];
export function TitleStatusControls({ titleId }: { titleId: number }) {
const [cookies] = useCookies(['xsrf_token']);
const xsrfToken = cookies['xsrf_token'] || null;
const [currentStatus, setCurrentStatus] = useState<UserTitleStatus | null>(null);
const [loading, setLoading] = useState(false);
@ -41,7 +46,7 @@ export function TitleStatusControls({ titleId }: { titleId: number }) {
try {
// 1) Если кликнули на текущий статус — DELETE
if (currentStatus === status) {
await DefaultService.deleteUserTitle(userId, titleId);
await DefaultService.deleteUserTitle(xsrfToken, userId, titleId);
setCurrentStatus(null);
return;
}
@ -56,7 +61,7 @@ export function TitleStatusControls({ titleId }: { titleId: number }) {
setCurrentStatus(added.status);
} else {
// уже есть запись — PATCH
const updated = await DefaultService.updateUserTitle(userId, titleId, { status });
const updated = await DefaultService.updateUserTitle(xsrfToken, userId, titleId, { status });
setCurrentStatus(updated.status);
}
} finally {

10
modules/frontend/src/pages/LoginPage/LoginPage.tsx
View file

@ -17,23 +17,23 @@ export const LoginPage: React.FC = () => {
try {
if (isLogin) {
const res = await AuthService.postAuthSignIn({ nickname, pass: password });
const res = await AuthService.postSignIn({ nickname, pass: password });
if (res.user_id && res.user_name) {
// Сохраняем user_id и username в localStorage
localStorage.setItem("userId", res.user_id);
localStorage.setItem("userId", res.user_id.toString());
localStorage.setItem("username", res.user_name);
navigate("/profile"); // редирект на профиль
} else {
setError(res.error || "Login failed");
setError("Login failed");
}
} else {
// SignUp оставляем без сохранения данных
const res = await AuthService.postAuthSignUp({ nickname, pass: password });
const res = await AuthService.postSignUp({ nickname, pass: password });
if (res.user_id) {
setIsLogin(true); // переключаемся на login после регистрации
} else {
setError(res.error || "Sign up failed");
setError("Sign up failed");
}
}
} catch (err: any) {