Merge pull request #1301 from thunderstore-io/01-20-remove_csrftoken_…

…from_session_and_api_fetches Remove csrftoken from Session and api fetches
thunderstore-io · Jan 20, 2025 · 79d2e2d · 79d2e2d
2 parents c7b6e83 + c479e8d
commit 79d2e2d
Show file tree

Hide file tree

Showing 11 changed files with 5 additions and 33 deletions.
diff --git a/apps/cyberstorm-remix/app/c/community.tsx b/apps/cyberstorm-remix/app/c/community.tsx
@@ -31,7 +31,6 @@ export async function loader({ request, params }: LoaderFunctionArgs) {
         return {
           apiHost: process.env.PUBLIC_API_URL,
           sessionId: undefined,
-          csrfToken: undefined,
         };
       });
       const searchParams = new URL(request.url).searchParams;

diff --git a/apps/cyberstorm-remix/app/communities/communities.tsx b/apps/cyberstorm-remix/app/communities/communities.tsx
@@ -73,7 +73,6 @@ export async function loader({ request }: LoaderFunctionArgs) {
     return {
       apiHost: process.env.PUBLIC_API_URL,
       sessionId: undefined,
-      csrfToken: undefined,
     };
   });
   return await dapper.getCommunities(page, order ?? "", search ?? "");

diff --git a/apps/cyberstorm-remix/app/p/packageListing.tsx b/apps/cyberstorm-remix/app/p/packageListing.tsx
@@ -67,7 +67,6 @@ export async function loader({ params }: LoaderFunctionArgs) {
         return {
           apiHost: process.env.PUBLIC_API_URL,
           sessionId: undefined,
-          csrfToken: undefined,
         };
       });
       return {

diff --git a/apps/cyberstorm-remix/app/p/tabs/Changelog/Changelog.tsx b/apps/cyberstorm-remix/app/p/tabs/Changelog/Changelog.tsx
@@ -11,7 +11,6 @@ export async function loader({ params }: LoaderFunctionArgs) {
         return {
           apiHost: process.env.PUBLIC_API_URL,
           sessionId: undefined,
-          csrfToken: undefined,
         };
       });
       return {

diff --git a/apps/cyberstorm-remix/app/p/tabs/Readme/Readme.tsx b/apps/cyberstorm-remix/app/p/tabs/Readme/Readme.tsx
@@ -11,7 +11,6 @@ export async function loader({ params }: LoaderFunctionArgs) {
         return {
           apiHost: process.env.PUBLIC_API_URL,
           sessionId: undefined,
-          csrfToken: undefined,
         };
       });
       return {

diff --git a/apps/cyberstorm-remix/app/p/tabs/Required/Required.tsx b/apps/cyberstorm-remix/app/p/tabs/Required/Required.tsx
@@ -13,7 +13,6 @@ export async function loader({ params }: LoaderFunctionArgs) {
         return {
           apiHost: process.env.PUBLIC_API_URL,
           sessionId: undefined,
-          csrfToken: undefined,
         };
       });
       return {

diff --git a/apps/cyberstorm-remix/app/p/tabs/Versions/Versions.tsx b/apps/cyberstorm-remix/app/p/tabs/Versions/Versions.tsx
@@ -26,7 +26,6 @@ export async function loader({ params }: LoaderFunctionArgs) {
         return {
           apiHost: process.env.PUBLIC_API_URL,
           sessionId: undefined,
-          csrfToken: undefined,
         };
       });
       return {

diff --git a/apps/cyberstorm-remix/cyberstorm/dapper/sessionUtils.ts b/apps/cyberstorm-remix/cyberstorm/dapper/sessionUtils.ts
@@ -19,7 +19,6 @@ export function getDapper(isClient = false) {
       return {
         apiHost: process.env.PUBLIC_API_URL,
         sessionId: undefined,
-        csrfToken: undefined,
       };
     });
   }

diff --git a/packages/thunderstore-api/src/apiFetch.ts b/packages/thunderstore-api/src/apiFetch.ts
@@ -48,7 +48,6 @@ export async function apiFetch2(args: apiFetchArgs) {
     ? config()
     : {
         apiHost: config().apiHost,
-        csrfToken: undefined,
         sessionId: undefined,
       };
   const url = getUrl(usedConfig, path, query);
@@ -91,7 +90,6 @@ function getAuthHeaders(config: RequestConfig): RequestInit["headers"] {
   return config.sessionId
     ? {
         Authorization: `Session ${config.sessionId}`,
-        "X-Csrftoken": config.csrfToken ? config.csrfToken : "",
       }
     : {};
 }

diff --git a/packages/thunderstore-api/src/index.ts b/packages/thunderstore-api/src/index.ts
@@ -4,7 +4,6 @@ export interface RequestConfig {
   // TODO: This should not be explicitly bound to a session ID but rather just
   //       accept any authorization header. Noting as currently out of scope.
   sessionId?: string;
-  csrfToken?: string;
 }
 
 export * from "./fetch/dynamicHTML";

diff --git a/packages/ts-api-react/src/SessionContext.tsx b/packages/ts-api-react/src/SessionContext.tsx
@@ -40,12 +40,10 @@ interface SessionData {
   apiHost: string;
   sessionId: string;
   username: string;
-  csrfToken?: string;
 }
 
 const SessionContext = createContext<ContextInterface | null>(null);
 const ID_KEY = "id";
-const CSRF_TOKEN_KEY = "csrftoken";
 const USERNAME_KEY = "username";
 const API_HOST_KEY = "apiHost";
 
@@ -70,12 +68,10 @@ export function SessionProvider(props: Props) {
 
   useEffect(() => {
     const sessionidCookie = getCookie("sessionid");
-    const csrftokenCookie = getCookie("csrftoken");
 
-    if (sessionidCookie && csrftokenCookie) {
+    if (sessionidCookie) {
       setSession({
         sessionId: sessionidCookie,
-        csrfToken: csrftokenCookie,
         username: "",
         apiHost: props.apiHost,
       });
@@ -88,53 +84,41 @@ export function SessionProvider(props: Props) {
   const setSession = (sessionData: SessionData) => {
     _storage.setValue(API_HOST_KEY, sessionData.apiHost);
     _storage.setValue(ID_KEY, sessionData.sessionId);
-    if (sessionData.csrfToken) {
-      _storage.setValue(CSRF_TOKEN_KEY, sessionData.csrfToken);
-    }
     _storage.setValue(USERNAME_KEY, sessionData.username);
   };
 
   const clearSession = () => {
     _storage.removeValue(ID_KEY);
-    _storage.removeValue(CSRF_TOKEN_KEY);
     _storage.removeValue(USERNAME_KEY);
     _storage.removeValue(API_HOST_KEY);
   };
 
   const clearCookies = () => {
     deleteCookie("sessionid");
-    deleteCookie("csrftoken");
   };
 
   const getConfig = (): RequestConfig => {
     const apiHost = _storage.safeGetValue(API_HOST_KEY);
     const sessionId = _storage.safeGetValue(ID_KEY);
-    const csrfToken = _storage.safeGetValue(CSRF_TOKEN_KEY);
     return {
       // THIS IS NOT KOSHER
       apiHost: apiHost ?? "",
       sessionId: sessionId ?? "",
-      csrfToken: csrfToken ?? "",
     };
   };
 
   // Check current session and try to fix it if cookies are not the same as storage
   const sessionValid = (): boolean => {
     const sessionidCookie = getCookie("sessionid");
-    const csrftokenCookie = getCookie("csrftoken");
     const storedSessionId = _storage.safeGetValue(ID_KEY);
-    const storedCsrfToken = _storage.safeGetValue(CSRF_TOKEN_KEY);
     const storedUsername = _storage.safeGetValue(USERNAME_KEY);
     const storedApiHost = _storage.safeGetValue(API_HOST_KEY);
 
-    if (storedSessionId && storedCsrfToken) {
+    if (storedSessionId) {
       // Has storage values
-      if (sessionidCookie && csrftokenCookie) {
+      if (sessionidCookie) {
         // Has cookies
-        if (
-          sessionidCookie === storedSessionId &&
-          csrftokenCookie === storedCsrfToken
-        ) {
+        if (sessionidCookie === storedSessionId) {
           // cookies match to storage yes
           return true;
         } else {
@@ -147,10 +131,9 @@ export function SessionProvider(props: Props) {
       }
     } else {
       // No storage values but cookies
-      if (sessionidCookie && csrftokenCookie) {
+      if (sessionidCookie) {
         setSession({
           sessionId: sessionidCookie,
-          csrfToken: csrftokenCookie,
           username: storedUsername ?? "",
           apiHost: storedApiHost ?? "",
         });