diff --git a/src/routers/api/channelRouter.js b/src/routers/api/channelRouter.js index b49714e..d703816 100644 --- a/src/routers/api/channelRouter.js +++ b/src/routers/api/channelRouter.js @@ -66,8 +66,6 @@ router.post('/permissions', channelModel.reqPermCheck("changePerms"), checkExac //rank router.get('/rank', channelModel.reqPermCheck("manageChannel"), rankController.get); router.post('/rank', channelModel.reqPermCheck("changeRank"), accountValidator.user(), channelValidator.rank(), rankController.post); -//delete -router.post('/delete', channelModel.reqPermCheck("deleteChannel"), channelValidator.name('confirm'), deleteController.post); //ban router.get('/ban', channelModel.reqPermCheck("manageChannel"), banController.get); router.post('/ban', channelModel.reqPermCheck("banUser"), accountValidator.user(), body("banAlts").isBoolean(), body("expirationDays").isInt(), banController.post); @@ -80,5 +78,7 @@ router.delete('/tokeCommand', tokebotValidator.command(), channelModel.reqPermCh router.get('/emote', channelModel.reqPermCheck("manageChannel"), emoteController.get); router.post('/emote', channelModel.reqPermCheck("editEmotes"), emoteValidator.name('emoteName'), emoteValidator.link(), emoteController.post); router.delete('/emote', channelModel.reqPermCheck("editEmotes"), emoteValidator.name('emoteName'), emoteController.delete); +//delete +router.post('/delete', channelModel.reqPermCheck("deleteChannel"), channelValidator.name('confirm'), deleteController.post); module.exports = router; \ No newline at end of file diff --git a/www/js/utils.js b/www/js/utils.js index 9852fe7..c07fdc1 100644 --- a/www/js/utils.js +++ b/www/js/utils.js @@ -391,6 +391,7 @@ class canopyAjaxUtils{ } + //Account async register(user, pass, passConfirm, email, verification){ var response = await fetch(`/api/account/register`,{ method: "POST", @@ -533,11 +534,13 @@ class canopyAjaxUtils{ } } + //Channel async newChannel(name, description, thumbnail, verification){ var response = await fetch(`/api/channel/register`,{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify(thumbnail ? {name, description, thumbnail, verification} : {name, description, verification}) }); @@ -553,7 +556,8 @@ class canopyAjaxUtils{ var response = await fetch(`/api/channel/settings`,{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, //Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible... body: JSON.stringify({chanName, settingsMap: Object.fromEntries(settingsMap)}) @@ -570,7 +574,8 @@ class canopyAjaxUtils{ var response = await fetch(`/api/channel/permissions`,{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, //Unfortunately JSON doesn't natively handle ES6 maps, and god forbid someone update the standard in a way that's backwards compatible... body: JSON.stringify({chanName, channelPermissionsMap: Object.fromEntries(permissionsMap)}) @@ -599,7 +604,8 @@ class canopyAjaxUtils{ var response = await fetch(`/api/channel/rank`,{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify({chanName, user, rank}) }); @@ -611,46 +617,6 @@ class canopyAjaxUtils{ } } - async deleteChannel(chanName, confirm){ - var response = await fetch(`/api/channel/delete`,{ - method: "POST", - headers: { - "Content-Type": "application/json" - }, - body: JSON.stringify({chanName, confirm}) - }); - - if(response.status == 200){ - location = "/"; - }else{ - utils.ux.displayResponseError(await response.json()); - } - } - - async getPopup(popup){ - var response = await fetch(`/popup/${popup}`,{ - method: "GET" - }); - - if(response.status == 200){ - return (await response.text()) - }else{ - utils.ux.displayResponseError(await response.json()); - } - } - - async getTooltip(tooltip){ - var response = await fetch(`/tooltip/${tooltip}`,{ - method: "GET" - }); - - if(response.status == 200){ - return (await response.text()) - }else{ - utils.ux.displayResponseError(await response.json()); - } - } - async getChanBans(chanName){ var response = await fetch(`/api/channel/ban?chanName=${chanName}`,{ method: "GET", @@ -670,7 +636,8 @@ class canopyAjaxUtils{ var response = await fetch(`/api/channel/ban`,{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify({chanName, user, expirationDays, banAlts}) }); @@ -686,7 +653,8 @@ class canopyAjaxUtils{ var response = await fetch(`/api/channel/ban`,{ method: "DELETE", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify({chanName, user}) }); @@ -717,7 +685,9 @@ class canopyAjaxUtils{ var response = await fetch('/api/channel/tokeCommand',{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() + }, body: JSON.stringify({chanName, command}) }); @@ -733,7 +703,8 @@ class canopyAjaxUtils{ var response = await fetch('/api/channel/tokeCommand',{ method: "DELETE", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify({chanName, command}) }); @@ -764,7 +735,8 @@ class canopyAjaxUtils{ var response = await fetch('/api/channel/emote',{ method: "POST", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify({chanName, emoteName, link}) }); @@ -780,7 +752,8 @@ class canopyAjaxUtils{ var response = await fetch('/api/channel/emote',{ method: "DELETE", headers: { - "Content-Type": "application/json" + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() }, body: JSON.stringify({chanName, emoteName}) }); @@ -792,6 +765,51 @@ class canopyAjaxUtils{ } } + async deleteChannel(chanName, confirm){ + var response = await fetch(`/api/channel/delete`,{ + method: "POST", + headers: { + "Content-Type": "application/json", + "x-csrf-token": utils.ajax.getCSRFToken() + }, + body: JSON.stringify({chanName, confirm}) + }); + + if(response.status == 200){ + location = "/"; + }else{ + utils.ux.displayResponseError(await response.json()); + } + } + + + //Popup + async getPopup(popup){ + var response = await fetch(`/popup/${popup}`,{ + method: "GET" + }); + + if(response.status == 200){ + return (await response.text()) + }else{ + utils.ux.displayResponseError(await response.json()); + } + } + + //Tooltip + async getTooltip(tooltip){ + var response = await fetch(`/tooltip/${tooltip}`,{ + method: "GET" + }); + + if(response.status == 200){ + return (await response.text()) + }else{ + utils.ux.displayResponseError(await response.json()); + } + } + + //Syntatic sugar getCSRFToken(){ return document.querySelector("[name='csrf-token']").content;