From a91bbaa2bf56d528e66c320a0b1631482ee94968 Mon Sep 17 00:00:00 2001
From: Angelo Reale <12191809+angeloreale@users.noreply.github.com>
Date: Wed, 7 Aug 2024 11:54:50 +0100
Subject: [PATCH] [DPCP-71]: CSRF Fix (#30)

* ar(fix) pro cache

* ar(fix) [DPCP-71]: CSRF Fix

* ar(fix) [DPCP-71]: CSRF Fix

* ar(fix) [DPCP-71]: CSRF Fix

---------

Signed-off-by: Angelo Reale <12191809+angeloreale@users.noreply.github.com>
---
 README.md                                          | 1 -
 lib/auth/constants.ts                              | 1 +
 src/app/components/client/elements/signup-view.tsx | 9 +++++++--
 src/app/gateway/client/actions.ts                  | 6 ++++++
 src/app/gateway/index.ts                           | 2 +-
 5 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 0935839e..869398a5 100644
--- a/README.md
+++ b/README.md
@@ -20,4 +20,3 @@ License: HPL3-ECO-AND-ANC 2021—Present
 Purizu di Angelo Reale Caldeira de Lemos dba DreamPip
 
 IT02925300903
-
diff --git a/lib/auth/constants.ts b/lib/auth/constants.ts
index 2e0f49ee..422dd651 100644
--- a/lib/auth/constants.ts
+++ b/lib/auth/constants.ts
@@ -49,6 +49,7 @@ const methods = {
           Cookie: params?.cookies,
         },
         credentials: 'include',
+        cache: 'no-store',
       });
       const session = await response?.json();
       return session;
diff --git a/src/app/components/client/elements/signup-view.tsx b/src/app/components/client/elements/signup-view.tsx
index 970fed7c..0ac02e0b 100644
--- a/src/app/components/client/elements/signup-view.tsx
+++ b/src/app/components/client/elements/signup-view.tsx
@@ -5,7 +5,7 @@ import { useContext, useEffect, useRef, useState } from 'react';
 import { signIn, signOut, getCsrf } from "@auth";
 import { AuthContext } from '@state';
 import { ALogIn, ALogOut } from '@actions';
-import { navigate } from '@gateway';
+import { navigate, setCookie } from '@gateway';
 import { Button, TextInput, Logo, Typography  } from "@dreampipcom/oneiros";
 
 interface IAuthProvider {
@@ -54,7 +54,12 @@ export const VSignUp = ({ providers, user }: VSignUpProps) => {
   const coercedName = name || user?.name || user?.email || "Young Padawan";
 
   useEffect(() => {
-    if(!csrf) getCsrf().then((_csrf) => setCsrf(_csrf));
+      if(!csrf) {
+        getCsrf().then((_csrf) => {
+          setCsrf(_csrf);
+          setCookie({ name: '__Host-authjs.csrf-token', value: _csrf });
+        });
+     }
   }, [csrf]);
 
   useEffect(() => {
diff --git a/src/app/gateway/client/actions.ts b/src/app/gateway/client/actions.ts
index 70264975..56ba2cfa 100644
--- a/src/app/gateway/client/actions.ts
+++ b/src/app/gateway/client/actions.ts
@@ -1,7 +1,13 @@
 // actions.ts
 'use server';
 import { redirect } from 'next/navigation';
+import { cookies } from 'next/headers';
 
 export async function navigate(url: string) {
   redirect(url);
 }
+
+export async function setCookie({ name, value }: { name: string; value: string }) {
+  // Set cookie
+  cookies().set(name, value);
+}
diff --git a/src/app/gateway/index.ts b/src/app/gateway/index.ts
index bc437106..a3a182b7 100644
--- a/src/app/gateway/index.ts
+++ b/src/app/gateway/index.ts
@@ -1,7 +1,7 @@
 // index.ts
 
 // client
-export { navigate } from './client/actions';
+export { navigate, setCookie } from './client/actions';
 
 // server
 export { getUser, loadChars, reloadChars, getChars } from './server/actions';