Harden auth, CSRF, and email log UX

2025-12-26 19:05:20 +08:00
parent 3214cbbd91
commit f90b0a4f11
47 changed files with 583 additions and 198 deletions
--- a/templates/index.html
+++ b/templates/index.html
@@ -2151,6 +2151,23 @@
            return div.innerHTML;
        }

+        function getCsrfToken() {
+            const match = document.cookie.match(/(?:^|; )csrf_token=([^;]+)/);
+            return match ? decodeURIComponent(match[1]) : '';
+        }
+
+        const originalFetch = window.fetch.bind(window);
+        window.fetch = (input, init = {}) => {
+            const method = String(init.method || 'GET').toUpperCase();
+            if (!['GET', 'HEAD', 'OPTIONS'].includes(method)) {
+                const headers = new Headers(init.headers || {});
+                const token = getCsrfToken();
+                if (token) headers.set('X-CSRF-Token', token);
+                init = { ...init, headers };
+            }
+            return originalFetch(input, init);
+        };
+
        function logout() {
            try {
                for (let i = sessionStorage.length - 1; i >= 0; i--) {