From 2436ff143f2b90d3af05e116642ca67e60753593 Mon Sep 17 00:00:00 2001 From: Jonas Winkler Date: Wed, 11 Nov 2020 20:19:57 +0100 Subject: [PATCH] Frontend: CSRF support --- src-ui/package-lock.json | 8 +++++ src-ui/package.json | 1 + src-ui/src/app/app.module.ts | 9 +++++- .../app/interceptors/csrf.interceptor.spec.ts | 16 ++++++++++ .../src/app/interceptors/csrf.interceptor.ts | 30 +++++++++++++++++++ 5 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 src-ui/src/app/interceptors/csrf.interceptor.spec.ts create mode 100644 src-ui/src/app/interceptors/csrf.interceptor.ts diff --git a/src-ui/package-lock.json b/src-ui/package-lock.json index 45b1d2d6d..b6b66e1c6 100644 --- a/src-ui/package-lock.json +++ b/src-ui/package-lock.json @@ -8260,6 +8260,14 @@ "moment": "2.18.1" } }, + "ngx-cookie-service": { + "version": "10.1.1", + "resolved": "https://registry.npmjs.org/ngx-cookie-service/-/ngx-cookie-service-10.1.1.tgz", + "integrity": "sha512-HvBrYHdxMN1NvFJGEIF/8EuAg2fjxj8QwqTv9h6qZGqNLU+lUba8Pb2zRPw1YA+gqKkJawOy5dYNeH0kyPyipw==", + "requires": { + "tslib": "^2.0.0" + } + }, "ngx-file-drop": { "version": "10.0.0", "resolved": "https://registry.npmjs.org/ngx-file-drop/-/ngx-file-drop-10.0.0.tgz", diff --git a/src-ui/package.json b/src-ui/package.json index a9e909155..af3334db9 100644 --- a/src-ui/package.json +++ b/src-ui/package.json @@ -23,6 +23,7 @@ "@ng-bootstrap/ng-bootstrap": "^8.0.0", "bootstrap": "^4.5.0", "ng-bootstrap": "^1.6.3", + "ngx-cookie-service": "^10.1.1", "ngx-file-drop": "^10.0.0", "ngx-infinite-scroll": "^9.1.0", "rxjs": "~6.6.0", diff --git a/src-ui/src/app/app.module.ts b/src-ui/src/app/app.module.ts index dad57280d..014279cc5 100644 --- a/src-ui/src/app/app.module.ts +++ b/src-ui/src/app/app.module.ts @@ -39,6 +39,8 @@ import { InfiniteScrollModule } from 'ngx-infinite-scroll'; import { DateTimeComponent } from './components/common/input/date-time/date-time.component'; import { TagsComponent } from './components/common/input/tags/tags.component'; import { SortableDirective } from './directives/sortable.directive'; +import { CookieService } from 'ngx-cookie-service'; +import { CsrfInterceptor } from './interceptors/csrf.interceptor'; @NgModule({ declarations: [ @@ -85,7 +87,12 @@ import { SortableDirective } from './directives/sortable.directive'; InfiniteScrollModule ], providers: [ - DatePipe + DatePipe, + CookieService, { + provide: HTTP_INTERCEPTORS, + useClass: CsrfInterceptor, + multi: true + } ], bootstrap: [AppComponent] }) diff --git a/src-ui/src/app/interceptors/csrf.interceptor.spec.ts b/src-ui/src/app/interceptors/csrf.interceptor.spec.ts new file mode 100644 index 000000000..64e20c110 --- /dev/null +++ b/src-ui/src/app/interceptors/csrf.interceptor.spec.ts @@ -0,0 +1,16 @@ +import { TestBed } from '@angular/core/testing'; + +import { CsrfInterceptor } from './csrf.interceptor'; + +describe('CsrfInterceptor', () => { + beforeEach(() => TestBed.configureTestingModule({ + providers: [ + CsrfInterceptor + ] + })); + + it('should be created', () => { + const interceptor: CsrfInterceptor = TestBed.inject(CsrfInterceptor); + expect(interceptor).toBeTruthy(); + }); +}); diff --git a/src-ui/src/app/interceptors/csrf.interceptor.ts b/src-ui/src/app/interceptors/csrf.interceptor.ts new file mode 100644 index 000000000..32f3e99dc --- /dev/null +++ b/src-ui/src/app/interceptors/csrf.interceptor.ts @@ -0,0 +1,30 @@ +import { Injectable } from '@angular/core'; +import { + HttpRequest, + HttpHandler, + HttpEvent, + HttpInterceptor +} from '@angular/common/http'; +import { Observable } from 'rxjs'; +import { CookieService } from 'ngx-cookie-service'; + +@Injectable() +export class CsrfInterceptor implements HttpInterceptor { + + constructor(private cookieService: CookieService) { + + } + + intercept(request: HttpRequest, next: HttpHandler): Observable> { + let csrfToken = this.cookieService.get('csrftoken') + if (csrfToken) { + request = request.clone({ + setHeaders: { + 'X-CSRFToken': csrfToken + } + }) + } + + return next.handle(request); + } +}