rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Added CSRF token headers to ajax calls for /api/channel routes.

Browse source
This commit is contained in:
rainbow napkin 2024-12-29 22:25:53 -05:00
parent 106b0fcddb
commit 6dd8983a48
2 changed files with 70 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/routers/api/channelRouter.js
View file

@ -66,8 +66,6 @@ router.post('/permissions', channelModel.reqPermCheck("changePerms"), checkExac
//rank
router.get('/rank', channelModel.reqPermCheck("manageChannel"), rankController.get);
router.post('/rank', channelModel.reqPermCheck("changeRank"), accountValidator.user(), channelValidator.rank(), rankController.post);
//delete
router.post('/delete', channelModel.reqPermCheck("deleteChannel"), channelValidator.name('confirm'), deleteController.post);
//ban
router.get('/ban', channelModel.reqPermCheck("manageChannel"), banController.get);
router.post('/ban', channelModel.reqPermCheck("banUser"), accountValidator.user(), body("banAlts").isBoolean(), body("expirationDays").isInt(), banController.post);
@ -80,5 +78,7 @@ router.delete('/tokeCommand', tokebotValidator.command(), channelModel.reqPermCh
router.get('/emote', channelModel.reqPermCheck("manageChannel"), emoteController.get);
router.post('/emote', channelModel.reqPermCheck("editEmotes"), emoteValidator.name('emoteName'), emoteValidator.link(), emoteController.post);
router.delete('/emote', channelModel.reqPermCheck("editEmotes"), emoteValidator.name('emoteName'), emoteController.delete);
//delete
router.post('/delete', channelModel.reqPermCheck("deleteChannel"), channelValidator.name('confirm'), deleteController.post);
module.exports = router;