Improved CSRF handling

2025-05-04 17:52:55 -04:00 · 2025-05-04 17:52:55 -04:00 · 1f00bacb6f
commit 1f00bacb6f
parent 2d5afc23d7
4 changed files with 74 additions and 8 deletions
--- a/src/routers/apiRouter.js
+++ b/src/routers/apiRouter.js
@ -18,14 +18,19 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
 const { Router } = require('express');

 //local imports
+const csrfUtil = require('../utils/csrfUtils');
 const accountRouter = require("./api/accountRouter");
 const channelRouter = require("./api/channelRouter");
 const adminRouter = require("./api/adminRouter");
-const csrfUtil = require('../utils/csrfUtils');
+const refreshCSRFTokenController = require("../controllers/api/refreshCSRFTokenController");

 //globals
 const router = Router();

+
+//CSRF token request controller
+router.get('/refreshToken', refreshCSRFTokenController.get);
+
 //Apply Cross-Site Request Forgery protection to API calls
 router.use(csrfUtil.csrfSynchronisedProtection);