fix: reworked csrf

modules/frontend/src/api/index.ts

@@ -7,9 +7,6 @@ export { CancelablePromise, CancelError } from './core/CancelablePromise';
 export { OpenAPI } from './core/OpenAPI';
 export type { OpenAPIConfig } from './core/OpenAPI';
 
-export type { accessToken } from './models/accessToken';
-export type { csrfToken } from './models/csrfToken';
-export type { csrfTokenHeader } from './models/csrfTokenHeader';
 export type { cursor } from './models/cursor';
 export type { CursorObj } from './models/CursorObj';
 export type { Image } from './models/Image';

modules/frontend/src/api/models/accessToken.ts

@@ -1,9 +0,0 @@
-/* generated using openapi-typescript-codegen -- do not edit */
-/* istanbul ignore file */
-/* tslint:disable */
-/* eslint-disable */
-/**
- * JWT access token.
- *
- */
-export type accessToken = string;

modules/frontend/src/api/models/csrfToken.ts

@@ -1,11 +0,0 @@
-/* generated using openapi-typescript-codegen -- do not edit */
-/* istanbul ignore file */
-/* tslint:disable */
-/* eslint-disable */
-/**
- * Anti-CSRF token (Double Submit Cookie pattern).
- * Stored in non-HttpOnly cookie, readable by JavaScript.
- * Must be echoed in `X-XSRF-TOKEN` header for state-changing requests (POST/PUT/PATCH/DELETE).
- *
- */
-export type csrfToken = string;

modules/frontend/src/api/models/csrfTokenHeader.ts

@@ -1,10 +0,0 @@
-/* generated using openapi-typescript-codegen -- do not edit */
-/* istanbul ignore file */
-/* tslint:disable */
-/* eslint-disable */
-/**
- * Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
- * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
- *
- */
-export type csrfTokenHeader = string;

modules/frontend/src/api/services/DefaultService.ts

@@ -135,16 +135,12 @@ export class DefaultService {
      * Password updates must be done via the dedicated auth-service (`/auth/`).
      * Fields not provided in the request body remain unchanged.
      *
-     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-     *
      * @param userId User ID (primary key)
      * @param requestBody
      * @returns User User updated successfully. Returns updated user representation (excluding sensitive fields).
      * @throws ApiError
      */
     public static updateUser(
-        xXsrfToken: string,
         userId: number,
         requestBody: {
             /**
@@ -175,9 +171,6 @@ export class DefaultService {
             path: {
                 'user_id': userId,
             },
-            headers: {
-                'X-XSRF-TOKEN': xXsrfToken,
-            },
             body: requestBody,
             mediaType: 'application/json',
             errors: {
@@ -316,9 +309,6 @@ export class DefaultService {
     /**
      * Update a usertitle
      * User updating title list of watched
-     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-     *
      * @param userId
      * @param titleId
      * @param requestBody
@@ -326,7 +316,6 @@ export class DefaultService {
      * @throws ApiError
      */
     public static updateUserTitle(
-        xXsrfToken: string,
         userId: number,
         titleId: number,
         requestBody: {
@@ -341,9 +330,6 @@ export class DefaultService {
                 'user_id': userId,
                 'title_id': titleId,
             },
-            headers: {
-                'X-XSRF-TOKEN': xXsrfToken,
-            },
             body: requestBody,
             mediaType: 'application/json',
             errors: {
@@ -358,16 +344,12 @@ export class DefaultService {
     /**
      * Delete a usertitle
      * User deleting title from list of watched
-     * @param xXsrfToken Anti-CSRF token. Must match the `XSRF-TOKEN` cookie.
-     * Required for all state-changing requests (POST/PUT/PATCH/DELETE).
-     *
      * @param userId
      * @param titleId
      * @returns any Title successfully deleted
      * @throws ApiError
      */
     public static deleteUserTitle(
-        xXsrfToken: string,
         userId: number,
         titleId: number,
     ): CancelablePromise<any> {
@@ -378,9 +360,6 @@ export class DefaultService {
                 'user_id': userId,
                 'title_id': titleId,
             },
-            headers: {
-                'X-XSRF-TOKEN': xXsrfToken,
-            },
             errors: {
                 401: `Unauthorized — missing or invalid auth token`,
                 403: `Forbidden — user not allowed to delete title`,