rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Added CSRF token headers to ajax calls for /api/admin routes.

Browse source
This commit is contained in:
rainbow napkin 2024-12-29 22:40:20 -05:00
parent 6dd8983a48
commit 6c379321f7
1 changed files with 53 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
www/js/adminPanel.js
View file

@ -73,46 +73,12 @@ class canopyAdminUtils{
}
//Methods
async setUserRank(user, rank){
var response = await fetch(`/api/admin/changeRank`,{
method: "POST",
headers: {
"Content-Type": "application/json"
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({user, rank})
});
if(response.status == 200){
return await response.json();
}else{
utils.ux.displayResponseError(await response.json());
}
}
async genPasswordResetLink(user){
var response = await fetch(`/api/admin/genPasswordReset`,{
method: "POST",
headers: {
"Content-Type": "application/json"
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({user})
});
if(response.status == 200){
return await response.json();
}else{
utils.ux.displayResponseError(await response.json());
}
}
async setPermission(permMap){
var response = await fetch(`/api/admin/permissions`,{
method: "POST",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({permissionsMap: Object.fromEntries(permMap)})
@ -129,7 +95,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/permissions`,{
method: "POST",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({channelPermissionsMap: Object.fromEntries(permMap)})
@ -142,6 +109,24 @@ class canopyAdminUtils{
}
}
async setUserRank(user, rank){
var response = await fetch(`/api/admin/changeRank`,{
method: "POST",
headers: {
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({user, rank})
});
if(response.status == 200){
return await response.json();
}else{
utils.ux.displayResponseError(await response.json());
}
}
async getBans(){
var response = await fetch(`/api/admin/ban`,{
method: "GET"
@ -158,7 +143,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/ban`,{
method: "POST",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({user, permanent, expirationDays})
@ -175,7 +161,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/ban`,{
method: "DELETE",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({user})
@ -204,7 +191,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/tokeCommands`,{
method: "POST",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({command})
@ -221,7 +209,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/tokeCommands`,{
method: "DELETE",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({command})
@ -250,7 +239,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/emote`,{
method: "POST",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({name, link})
@ -267,7 +257,8 @@ class canopyAdminUtils{
var response = await fetch(`/api/admin/emote`,{
method: "DELETE",
headers: {
"Content-Type": "application/json"
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({name})
@ -279,6 +270,25 @@ class canopyAdminUtils{
utils.ux.displayResponseError(await response.json());
}
}
async genPasswordResetLink(user){
var response = await fetch(`/api/admin/genPasswordReset`,{
method: "POST",
headers: {
"Content-Type": "application/json",
"x-csrf-token": utils.ajax.getCSRFToken()
},
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
body: JSON.stringify({user})
});
if(response.status == 200){
return await response.json();
}else{
utils.ux.displayResponseError(await response.json());
}
}
}
class adminUserList{