feat: csrf tokens handling

api/schemas/JWTAuth.yaml

@@ -0,0 +1,7 @@
+# type: apiKey
+# in: cookie
+# name: access_token
+# scheme: bearer
+# bearerFormat: JWT
+# description: |
+#   JWT access token sent in `Cookie: access_token=...`.

api/schemas/_index.yaml

@@ -24,3 +24,5 @@ User:
   $ref: "./User.yaml"
 UserTitle:
   $ref: "./UserTitle.yaml"
+# JwtAuth:
+#   $ref: "./JWTAuth.yaml"