Harden auth, CSRF, and email log UX

admin-frontend/src/api/client.js

@@ -12,12 +12,30 @@ function toastErrorOnce(key, message, minIntervalMs = 1500) {
   ElMessage.error(message)
 }
 
+function getCookie(name) {
+  const escaped = String(name || '').replace(/([.*+?^${}()|[\]\\])/g, '\\$1')
+  const match = document.cookie.match(new RegExp(`(?:^|; )${escaped}=([^;]*)`))
+  return match ? decodeURIComponent(match[1]) : ''
+}
+
 export const api = axios.create({
   baseURL: '/yuyx/api',
   timeout: 30_000,
   withCredentials: true,
 })
 
+api.interceptors.request.use((config) => {
+  const method = String(config?.method || 'GET').toUpperCase()
+  if (!['GET', 'HEAD', 'OPTIONS'].includes(method)) {
+    const token = getCookie('csrf_token')
+    if (token) {
+      config.headers = config.headers || {}
+      config.headers['X-CSRF-Token'] = token
+    }
+  }
+  return config
+})
+
 api.interceptors.response.use(
   (response) => response,
   (error) => {