klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-03-10 07:17:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1038 from ae-utbm/ninja-csrf

Browse Source 
Enable csrf tokens on API routes
This commit is contained in:
Bartuccio Antoine 2025-03-03 13:39:47 +01:00 committed by GitHub
commit 2c9b72fe1d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 49 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openapi-csrf.ts Normal file
View File

@ -0,0 +1,9 @@
import Cookies from "js-cookie";
import type { CreateClientConfig } from "#openapi";
export const createClientConfig: CreateClientConfig = (config) => ({
...config,
headers: {
"X-CSRFToken": Cookies.get("csrftoken"),
},
});

15
openapi-ts.config.ts
View File

@ -4,7 +4,18 @@ import { defineConfig } from "@hey-api/openapi-ts";
// biome-ignore lint/style/noDefaultExport: needed for openapi-ts // biome-ignore lint/style/noDefaultExport: needed for openapi-ts
export default defineConfig({ export default defineConfig({
client: "@hey-api/client-fetch",
input: resolve(__dirname, "./staticfiles/generated/openapi/schema.json"), input: resolve(__dirname, "./staticfiles/generated/openapi/schema.json"),
output: resolve(__dirname, "./staticfiles/generated/openapi"), output: {
lint: "biome",
format: "biome",
path: resolve(__dirname, "./staticfiles/generated/openapi"),
},
plugins: [
{
name: "@hey-api/client-fetch",
baseUrl: false,
runtimeConfigPath: "./openapi-csrf.ts",
exportFromIndex: true,
},
],
}); });

36
package-lock.json generated
View File

@ -16,7 +16,7 @@
"@fullcalendar/daygrid": "^6.1.15", "@fullcalendar/daygrid": "^6.1.15",
"@fullcalendar/icalendar": "^6.1.15", "@fullcalendar/icalendar": "^6.1.15",
"@fullcalendar/list": "^6.1.15", "@fullcalendar/list": "^6.1.15",
"@hey-api/client-fetch": "^0.6.0", "@hey-api/client-fetch": "^0.8.2",
"@sentry/browser": "^8.34.0", "@sentry/browser": "^8.34.0",
"@zip.js/zip.js": "^2.7.52", "@zip.js/zip.js": "^2.7.52",
"3d-force-graph": "^1.73.4", "3d-force-graph": "^1.73.4",
@ -31,6 +31,7 @@
"htmx.org": "^2.0.3", "htmx.org": "^2.0.3",
"jquery": "^3.7.1", "jquery": "^3.7.1",
"jquery-ui": "^1.14.0", "jquery-ui": "^1.14.0",
"js-cookie": "^3.0.5",
"native-file-system-adapter": "^3.0.1", "native-file-system-adapter": "^3.0.1",
"three": "^0.172.0", "three": "^0.172.0",
"three-spritetext": "^1.9.0", "three-spritetext": "^1.9.0",
@ -40,7 +41,7 @@
"@babel/core": "^7.25.2", "@babel/core": "^7.25.2",
"@babel/preset-env": "^7.25.4", "@babel/preset-env": "^7.25.4",
"@biomejs/biome": "1.9.4", "@biomejs/biome": "1.9.4",
"@hey-api/openapi-ts": "^0.61.3", "@hey-api/openapi-ts": "^0.64.0",
"@rollup/plugin-inject": "^5.0.5", "@rollup/plugin-inject": "^5.0.5",
"@types/alpinejs": "^3.13.10", "@types/alpinejs": "^3.13.10",
"@types/jquery": "^3.5.31", "@types/jquery": "^3.5.31",
@ -2207,18 +2208,18 @@
} }
}, },
"node_modules/@hey-api/client-fetch": { "node_modules/@hey-api/client-fetch": {
"version": "0.6.0", "version": "0.8.2",
"resolved": "https://registry.npmjs.org/@hey-api/client-fetch/-/client-fetch-0.6.0.tgz", "resolved": "https://registry.npmjs.org/@hey-api/client-fetch/-/client-fetch-0.8.2.tgz",
"integrity": "sha512-FlhFsVeH8RxJe/nq8xUzxNbiOpe+GadxlD2pfvDyOyLdCTU4o/LRv46ZVWstaW7DgF4nxhI328chy3+AulwVXw==", "integrity": "sha512-61T4UGfAzY5345vMxWDX8qnSTNRJcOpWuZyvNu3vNebCTLPwMQAM85mhEuBoACdWeRtLhNoUjU0UR5liRyD1bA==",
"license": "MIT", "license": "MIT",
"funding": { "funding": {
"url": "https://github.com/sponsors/hey-api" "url": "https://github.com/sponsors/hey-api"
} }
}, },
"node_modules/@hey-api/json-schema-ref-parser": { "node_modules/@hey-api/json-schema-ref-parser": {
"version": "1.0.1", "version": "1.0.2",
"resolved": "https://registry.npmjs.org/@hey-api/json-schema-ref-parser/-/json-schema-ref-parser-1.0.1.tgz", "resolved": "https://registry.npmjs.org/@hey-api/json-schema-ref-parser/-/json-schema-ref-parser-1.0.2.tgz",
"integrity": "sha512-dBt0A7op9kf4BcK++x6HBYDmvCvnJUZEGe5QytghPFHnMXPyKwDKomwL/v5e9ERk6E0e1GzL/e/y6pWUso9zrQ==", "integrity": "sha512-F6LSkttZcT/XiX3ydeDqTY3uRN3BLJMwyMTk4kg/ichZlKUp3+3Odv0WokSmXGSoZGTW/N66FROMYAm5NPdJlA==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -2234,13 +2235,13 @@
} }
}, },
"node_modules/@hey-api/openapi-ts": { "node_modules/@hey-api/openapi-ts": {
"version": "0.61.3", "version": "0.64.8",
"resolved": "https://registry.npmjs.org/@hey-api/openapi-ts/-/openapi-ts-0.61.3.tgz", "resolved": "https://registry.npmjs.org/@hey-api/openapi-ts/-/openapi-ts-0.64.8.tgz",
"integrity": "sha512-Ls9MBRa5+vg7UHw6fIcfdgcCyZ9vKtRw63nWxwF9zjJIPlzVOZO6xKuzGmDc6o0Pb6XCdTz6lPV5hcV0R4b/ag==", "integrity": "sha512-ytPt/k+ecK7zcpxVocPWzD1bKn98a+9WDK8eJITvbOEkvYsWlozAPO63tQg+65Qpl2pr37025fEo8YcX+DPhBQ==",
"dev": true, "dev": true,
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@hey-api/json-schema-ref-parser": "1.0.1", "@hey-api/json-schema-ref-parser": "1.0.2",
"c12": "2.0.1", "c12": "2.0.1",
"commander": "13.0.0", "commander": "13.0.0",
"handlebars": "4.7.8" "handlebars": "4.7.8"
@ -2249,7 +2250,7 @@
"openapi-ts": "bin/index.cjs" "openapi-ts": "bin/index.cjs"
}, },
"engines": { "engines": {
"node": "^18.20.5 || ^20.11.1 || >=22.11.0" "node": "^18.18.0 || ^20.9.0 || >=22.10.0"
}, },
"funding": { "funding": {
"url": "https://github.com/sponsors/hey-api" "url": "https://github.com/sponsors/hey-api"
@ -4295,6 +4296,15 @@
"jquery": ">=1.12.0 <5.0.0" "jquery": ">=1.12.0 <5.0.0"
} }
}, },
"node_modules/js-cookie": {
"version": "3.0.5",
"resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz",
"integrity": "sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==",
"license": "MIT",
"engines": {
"node": ">=14"
}
},
"node_modules/js-tokens": { "node_modules/js-tokens": {
"version": "4.0.0", "version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",

5
package.json
View File

@ -26,7 +26,7 @@
"@babel/core": "^7.25.2", "@babel/core": "^7.25.2",
"@babel/preset-env": "^7.25.4", "@babel/preset-env": "^7.25.4",
"@biomejs/biome": "1.9.4", "@biomejs/biome": "1.9.4",
"@hey-api/openapi-ts": "^0.61.3", "@hey-api/openapi-ts": "^0.64.0",
"@rollup/plugin-inject": "^5.0.5", "@rollup/plugin-inject": "^5.0.5",
"@types/alpinejs": "^3.13.10", "@types/alpinejs": "^3.13.10",
"@types/jquery": "^3.5.31", "@types/jquery": "^3.5.31",
@ -42,7 +42,7 @@
"@fullcalendar/daygrid": "^6.1.15", "@fullcalendar/daygrid": "^6.1.15",
"@fullcalendar/icalendar": "^6.1.15", "@fullcalendar/icalendar": "^6.1.15",
"@fullcalendar/list": "^6.1.15", "@fullcalendar/list": "^6.1.15",
"@hey-api/client-fetch": "^0.6.0", "@hey-api/client-fetch": "^0.8.2",
"@sentry/browser": "^8.34.0", "@sentry/browser": "^8.34.0",
"@zip.js/zip.js": "^2.7.52", "@zip.js/zip.js": "^2.7.52",
"3d-force-graph": "^1.73.4", "3d-force-graph": "^1.73.4",
@ -57,6 +57,7 @@
"htmx.org": "^2.0.3", "htmx.org": "^2.0.3",
"jquery": "^3.7.1", "jquery": "^3.7.1",
"jquery-ui": "^1.14.0", "jquery-ui": "^1.14.0",
"js-cookie": "^3.0.5",
"native-file-system-adapter": "^3.0.1", "native-file-system-adapter": "^3.0.1",
"three": "^0.172.0", "three": "^0.172.0",
"three-spritetext": "^1.9.0", "three-spritetext": "^1.9.0",

2
sith/urls.py
View File

@ -27,7 +27,7 @@ handler403 = "core.views.forbidden"
handler404 = "core.views.not_found" handler404 = "core.views.not_found"
handler500 = "core.views.internal_servor_error" handler500 = "core.views.internal_servor_error"
api = NinjaExtraAPI(version="0.2.0", urls_namespace="api") api = NinjaExtraAPI(version="0.2.0", urls_namespace="api", csrf=True)
api.auto_discover_controllers() api.auto_discover_controllers()
urlpatterns = [ urlpatterns = [