nihonium/nyanimedb
1
0
Fork 1
Code Issues 11 Pull requests Releases Packages 3 Activity Actions

feat: csrf tokens handling

Browse source
This commit is contained in:
Iron_Felix 2025-12-04 06:13:03 +03:00
parent ab29c33f5b
commit 6995ce58f6
12 changed files with 233 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

72
api/api.gen.go
View file

@ -16,6 +16,10 @@ import (
openapi_types "github.com/oapi-codegen/runtime/types"
)
const (
JwtAuthCookiesScopes = "JwtAuthCookies.Scopes"
)
// Defines values for ReleaseSeason.
const (
Fall ReleaseSeason = "fall"
@ -170,6 +174,12 @@ type UserTitleMini struct {
// UserTitleStatus User's title status
type UserTitleStatus string
// AccessToken defines model for accessToken.
type AccessToken = string
// CsrfToken defines model for csrfToken.
type CsrfToken = string
// Cursor defines model for cursor.
type Cursor = string
@ -219,6 +229,17 @@ type UpdateUserJSONBody struct {
UserDesc *string `json:"user_desc,omitempty"`
}
// UpdateUserParams defines parameters for UpdateUser.
type UpdateUserParams struct {
// AccessToken JWT access token.
AccessToken AccessToken `form:"access_token" json:"access_token"`
// XSRFTOKEN Anti-CSRF token (Double Submit Cookie pattern).
// Stored in non-HttpOnly cookie, readable by JavaScript.
// Must be echoed in `X-XSRF-TOKEN` header for state-changing requests (POST/PUT/PATCH/DELETE).
XSRFTOKEN CsrfToken `form:"XSRF-TOKEN" json:"XSRF-TOKEN"`
}
// GetUserTitlesParams defines parameters for GetUserTitles.
type GetUserTitlesParams struct {
Cursor *Cursor `form:"cursor,omitempty" json:"cursor,omitempty"`
@ -276,7 +297,7 @@ type ServerInterface interface {
GetUsersId(c *gin.Context, userId string, params GetUsersIdParams)
// Partially update a user account
// (PATCH /users/{user_id})
UpdateUser(c *gin.Context, userId int64)
UpdateUser(c *gin.Context, userId int64, params UpdateUserParams)
// Get user titles
// (GET /users/{user_id}/titles)
GetUserTitles(c *gin.Context, userId string, params GetUserTitlesParams)
@ -431,6 +452,8 @@ func (siw *ServerInterfaceWrapper) GetTitle(c *gin.Context) {
return
}
c.Set(JwtAuthCookiesScopes, []string{})
// Parameter object where we will unmarshal all parameters from the context
var params GetTitleParams
@ -501,6 +524,47 @@ func (siw *ServerInterfaceWrapper) UpdateUser(c *gin.Context) {
return
}
c.Set(JwtAuthCookiesScopes, []string{})
// Parameter object where we will unmarshal all parameters from the context
var params UpdateUserParams
{
var cookie string
if cookie, err = c.Cookie("access_token"); err == nil {
var value AccessToken
err = runtime.BindStyledParameterWithOptions("simple", "access_token", cookie, &value, runtime.BindStyledParameterOptions{Explode: true, Required: true})
if err != nil {
siw.ErrorHandler(c, fmt.Errorf("Invalid format for parameter access_token: %w", err), http.StatusBadRequest)
return
}
params.AccessToken = value
} else {
siw.ErrorHandler(c, fmt.Errorf("Query argument access_token is required, but not found"), http.StatusBadRequest)
return
}
}
{
var cookie string
if cookie, err = c.Cookie("XSRF-TOKEN"); err == nil {
var value CsrfToken
err = runtime.BindStyledParameterWithOptions("simple", "XSRF-TOKEN", cookie, &value, runtime.BindStyledParameterOptions{Explode: true, Required: true})
if err != nil {
siw.ErrorHandler(c, fmt.Errorf("Invalid format for parameter XSRF-TOKEN: %w", err), http.StatusBadRequest)
return
}
params.XSRFTOKEN = value
} else {
siw.ErrorHandler(c, fmt.Errorf("Query argument XSRF-TOKEN is required, but not found"), http.StatusBadRequest)
return
}
}
for _, middleware := range siw.HandlerMiddlewares {
middleware(c)
if c.IsAborted() {
@ -508,7 +572,7 @@ func (siw *ServerInterfaceWrapper) UpdateUser(c *gin.Context) {
}
}
siw.Handler.UpdateUser(c, userId)
siw.Handler.UpdateUser(c, userId, params)
}
// GetUserTitles operation middleware
@ -935,6 +999,7 @@ func (response GetUsersId500Response) VisitGetUsersIdResponse(w http.ResponseWri
type UpdateUserRequestObject struct {
UserId int64 `json:"user_id"`
Params UpdateUserParams
Body *UpdateUserJSONRequestBody
}
@ -1411,10 +1476,11 @@ func (sh *strictHandler) GetUsersId(ctx *gin.Context, userId string, params GetU
}
// UpdateUser operation middleware
func (sh *strictHandler) UpdateUser(ctx *gin.Context, userId int64) {
func (sh *strictHandler) UpdateUser(ctx *gin.Context, userId int64, params UpdateUserParams) {
var request UpdateUserRequestObject
request.UserId = userId
request.Params = params
var body UpdateUserJSONRequestBody
if err := ctx.ShouldBindJSON(&body); err != nil {