[DPCP-71]: CSRF Fix (#30)

* ar(fix) pro cache * ar(fix) [DPCP-71]: CSRF Fix * ar(fix) [DPCP-71]: CSRF Fix * ar(fix) [DPCP-71]: CSRF Fix --------- Signed-off-by: Angelo Reale <[email protected]>
dreampipcom · Aug 7, 2024 · a91bbaa · a91bbaa
1 parent d7b2b9b
commit a91bbaa
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -20,4 +20,3 @@ License: HPL3-ECO-AND-ANC 2021—Present
 Purizu di Angelo Reale Caldeira de Lemos dba DreamPip
 
 IT02925300903
-
diff --git a/lib/auth/constants.ts b/lib/auth/constants.ts
@@ -49,6 +49,7 @@ const methods = {
           Cookie: params?.cookies,
         },
         credentials: 'include',
+        cache: 'no-store',
       });
       const session = await response?.json();
       return session;

diff --git a/src/app/components/client/elements/signup-view.tsx b/src/app/components/client/elements/signup-view.tsx
@@ -5,7 +5,7 @@ import { useContext, useEffect, useRef, useState } from 'react';
 import { signIn, signOut, getCsrf } from "@auth";
 import { AuthContext } from '@state';
 import { ALogIn, ALogOut } from '@actions';
-import { navigate } from '@gateway';
+import { navigate, setCookie } from '@gateway';
 import { Button, TextInput, Logo, Typography  } from "@dreampipcom/oneiros";
 
 interface IAuthProvider {
@@ -54,7 +54,12 @@ export const VSignUp = ({ providers, user }: VSignUpProps) => {
   const coercedName = name || user?.name || user?.email || "Young Padawan";
 
   useEffect(() => {
-    if(!csrf) getCsrf().then((_csrf) => setCsrf(_csrf));
+      if(!csrf) {
+        getCsrf().then((_csrf) => {
+          setCsrf(_csrf);
+          setCookie({ name: '__Host-authjs.csrf-token', value: _csrf });
+        });
+     }
   }, [csrf]);
 
   useEffect(() => {

diff --git a/src/app/gateway/client/actions.ts b/src/app/gateway/client/actions.ts
@@ -1,7 +1,13 @@
 // actions.ts
 'use server';
 import { redirect } from 'next/navigation';
+import { cookies } from 'next/headers';
 
 export async function navigate(url: string) {
   redirect(url);
 }
+
+export async function setCookie({ name, value }: { name: string; value: string }) {
+  // Set cookie
+  cookies().set(name, value);
+}
diff --git a/src/app/gateway/index.ts b/src/app/gateway/index.ts
@@ -1,7 +1,7 @@
 // index.ts
 
 // client
-export { navigate } from './client/actions';
+export { navigate, setCookie } from './client/actions';
 
 // server
 export { getUser, loadChars, reloadChars, getChars } from './server/actions';
Original file line number	Diff line number	Diff line change
Expand Up		@@ -20,4 +20,3 @@ License: HPL3-ECO-AND-ANC 2021—Present
		Purizu di Angelo Reale Caldeira de Lemos dba DreamPip

		IT02925300903