Added CSRF protection to all API calls. /api/account AJAX calls updated.

src/controllers/404Controller.js

@@ -0,0 +1,30 @@
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024-2025 Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+
+//Config
+const config = require('../../config.json');
+
+//Local Imports
+const csrfUtils = require('../utils/csrfUtils');
+
+//register page functions
+module.exports = async function(req, res, next){
+    //set status
+    res.status(404);
+
+    //Render page
+    return res.render('404', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req)});
+}

src/controllers/api/account/logoutController.js

@@ -18,7 +18,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
 const accountUtils = require('../../../utils/sessionUtils');
 const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
 
-module.exports.get = async function(req, res){
+module.exports.post = async function(req, res){
     if(req.session.user){
         try{
             accountUtils.killSession(req.session);