fix: csrf (#353)

* fix: csrf * fix: testing * fix: testing * fix: update url * fix: testing * fix: testing * fix: cleanup * fix: update to latest website
TradeTrust · Jan 28, 2025 · 3d9df49 · 3d9df49
1 parent 6a4392d
commit 3d9df49
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 3 deletions.
diff --git a/src/common/API/storageAPI.tsx b/src/common/API/storageAPI.tsx
@@ -3,7 +3,29 @@ import axios, { AxiosResponse, AxiosHeaders } from "axios";
 import { DocumentStorage, WrappedDocument } from "../../types";
 import { decodeQrCode } from "../utils";
 
-const getHeaders = (documentStorage: DocumentStorage): AxiosHeaders => {
+// Function to get the CSRF token from /csrf-token route
+const fetchCsrfToken = async (documentStorage: DocumentStorage): Promise<string> => {
+  try {
+    const url = `${documentStorage.url}/csrf-token`;
+
+    const response = await axios({
+      method: "get",
+      url: url,
+      withCredentials: true,
+    });
+
+    const csrfToken = response.data.csrfToken;
+    if (!csrfToken) {
+      throw new Error("CSRF token not found in response");
+    }
+    return csrfToken;
+  } catch (error) {
+    console.error("Error fetching CSRF token", error);
+    throw error; // Rethrow or handle as needed
+  }
+};
+
+const getHeaders = (documentStorage: DocumentStorage, csrfToken?: string): AxiosHeaders => {
   const headers = new AxiosHeaders({
     "Content-Type": "application/json",
   });
@@ -17,6 +39,10 @@ const getHeaders = (documentStorage: DocumentStorage): AxiosHeaders => {
     headers.set(xApiKey, apiKey);
   }
 
+  if (csrfToken) {
+    headers.set("X-CSRF-Token", csrfToken); // Set CSRF token if passed
+  }
+
   return headers;
 };
 
@@ -38,12 +64,15 @@ export const uploadToStorage = async (
   const qrCodeObj = decodeQrCode(links.self.href);
   const uri = qrCodeObj.payload.uri;
 
+  const csrfToken = await fetchCsrfToken(documentStorage); // Fetch the CSRF token
+
   return axios({
     method: "post",
     url: uri,
-    headers: getHeaders(documentStorage),
+    headers: getHeaders(documentStorage, csrfToken), // Add CSRF token to headers
     data: {
       document: doc.wrappedDocument,
     },
+    withCredentials: true,
   });
 };
diff --git a/src/common/hook/useQueue/utils/publish.tsx b/src/common/hook/useQueue/utils/publish.tsx
@@ -21,7 +21,7 @@ import { encodeQrCode, getDataV3, getDocumentNetwork } from "../../../utils";
 import { ChainInfo, supportedMainnet } from "../../../../constants/chainInfo";
 
 const redirectUrl = (network: Network) => {
-  if (supportedMainnet.includes(network)) return "https://tradetrust.io/";
+  if (supportedMainnet.includes(network)) return "https://ref.tradetrust.io/";
   return "https://dev.tradetrust.io/";
 };