Added CSRF token headers to ajax calls for /api/admin routes.
This commit is contained in:
parent
6dd8983a48
commit
6c379321f7
|
|
@ -73,46 +73,12 @@ class canopyAdminUtils{
|
||||||
}
|
}
|
||||||
|
|
||||||
//Methods
|
//Methods
|
||||||
async setUserRank(user, rank){
|
|
||||||
var response = await fetch(`/api/admin/changeRank`,{
|
|
||||||
method: "POST",
|
|
||||||
headers: {
|
|
||||||
"Content-Type": "application/json"
|
|
||||||
},
|
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
|
||||||
body: JSON.stringify({user, rank})
|
|
||||||
});
|
|
||||||
|
|
||||||
if(response.status == 200){
|
|
||||||
return await response.json();
|
|
||||||
}else{
|
|
||||||
utils.ux.displayResponseError(await response.json());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async genPasswordResetLink(user){
|
|
||||||
var response = await fetch(`/api/admin/genPasswordReset`,{
|
|
||||||
method: "POST",
|
|
||||||
headers: {
|
|
||||||
"Content-Type": "application/json"
|
|
||||||
},
|
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
|
||||||
body: JSON.stringify({user})
|
|
||||||
});
|
|
||||||
|
|
||||||
if(response.status == 200){
|
|
||||||
return await response.json();
|
|
||||||
}else{
|
|
||||||
utils.ux.displayResponseError(await response.json());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
async setPermission(permMap){
|
async setPermission(permMap){
|
||||||
var response = await fetch(`/api/admin/permissions`,{
|
var response = await fetch(`/api/admin/permissions`,{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({permissionsMap: Object.fromEntries(permMap)})
|
body: JSON.stringify({permissionsMap: Object.fromEntries(permMap)})
|
||||||
|
|
@ -129,7 +95,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/permissions`,{
|
var response = await fetch(`/api/admin/permissions`,{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({channelPermissionsMap: Object.fromEntries(permMap)})
|
body: JSON.stringify({channelPermissionsMap: Object.fromEntries(permMap)})
|
||||||
|
|
@ -142,6 +109,24 @@ class canopyAdminUtils{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async setUserRank(user, rank){
|
||||||
|
var response = await fetch(`/api/admin/changeRank`,{
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
|
},
|
||||||
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
|
body: JSON.stringify({user, rank})
|
||||||
|
});
|
||||||
|
|
||||||
|
if(response.status == 200){
|
||||||
|
return await response.json();
|
||||||
|
}else{
|
||||||
|
utils.ux.displayResponseError(await response.json());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
async getBans(){
|
async getBans(){
|
||||||
var response = await fetch(`/api/admin/ban`,{
|
var response = await fetch(`/api/admin/ban`,{
|
||||||
method: "GET"
|
method: "GET"
|
||||||
|
|
@ -158,7 +143,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/ban`,{
|
var response = await fetch(`/api/admin/ban`,{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({user, permanent, expirationDays})
|
body: JSON.stringify({user, permanent, expirationDays})
|
||||||
|
|
@ -175,7 +161,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/ban`,{
|
var response = await fetch(`/api/admin/ban`,{
|
||||||
method: "DELETE",
|
method: "DELETE",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({user})
|
body: JSON.stringify({user})
|
||||||
|
|
@ -204,7 +191,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/tokeCommands`,{
|
var response = await fetch(`/api/admin/tokeCommands`,{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({command})
|
body: JSON.stringify({command})
|
||||||
|
|
@ -221,7 +209,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/tokeCommands`,{
|
var response = await fetch(`/api/admin/tokeCommands`,{
|
||||||
method: "DELETE",
|
method: "DELETE",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({command})
|
body: JSON.stringify({command})
|
||||||
|
|
@ -250,7 +239,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/emote`,{
|
var response = await fetch(`/api/admin/emote`,{
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({name, link})
|
body: JSON.stringify({name, link})
|
||||||
|
|
@ -267,7 +257,8 @@ class canopyAdminUtils{
|
||||||
var response = await fetch(`/api/admin/emote`,{
|
var response = await fetch(`/api/admin/emote`,{
|
||||||
method: "DELETE",
|
method: "DELETE",
|
||||||
headers: {
|
headers: {
|
||||||
"Content-Type": "application/json"
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
},
|
},
|
||||||
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
body: JSON.stringify({name})
|
body: JSON.stringify({name})
|
||||||
|
|
@ -279,6 +270,25 @@ class canopyAdminUtils{
|
||||||
utils.ux.displayResponseError(await response.json());
|
utils.ux.displayResponseError(await response.json());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async genPasswordResetLink(user){
|
||||||
|
var response = await fetch(`/api/admin/genPasswordReset`,{
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
"x-csrf-token": utils.ajax.getCSRFToken()
|
||||||
|
},
|
||||||
|
//Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible...
|
||||||
|
body: JSON.stringify({user})
|
||||||
|
});
|
||||||
|
|
||||||
|
if(response.status == 200){
|
||||||
|
return await response.json();
|
||||||
|
}else{
|
||||||
|
utils.ux.displayResponseError(await response.json());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class adminUserList{
|
class adminUserList{
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue