Added CSRF protection to all API calls. /api/account AJAX calls updated.

src/routers/api/accountRouter.js

@@ -35,7 +35,7 @@ const router = Router();
 //login
 router.post('/login', accountValidator.user(), accountValidator.pass(), loginController.post);
 //logout
-router.get('/logout', logoutController.get);
+router.post('/logout', logoutController.post);
 //register
 router.post('/register', accountValidator.user(),
     accountValidator.securePass(),

src/routers/apiRouter.js

@@ -21,10 +21,14 @@ const { Router } = require('express');
 const accountRouter = require("./api/accountRouter");
 const channelRouter = require("./api/channelRouter");
 const adminRouter = require("./api/adminRouter");
+const csrfUtil = require('../utils/csrfUtils');
 
 //globals
 const router = Router();
 
+//Apply Cross-Site Request Forgery protection to API calls
+router.use(csrfUtil.csrfSynchronisedProtection);
+
 //routing functions
 router.use('/account', accountRouter);
 router.use('/channel', channelRouter);