v0.9.2: PR #33

Alanimdeo · Aug 10, 2023 · c95477e · c95477e
2 parents 01d98f6 + cffa303
commit c95477e
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 3 deletions.
diff --git a/backend/package.json b/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@conveyor/backend",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "author": "Alanimdeo <[email protected]>",
   "license": "MIT",
   "private": false,
@@ -23,6 +23,7 @@
     "express-rate-limit": "^6.9.0",
     "express-session": "^1.17.3",
     "http-errors": "^2.0.0",
+    "lusca": "^1.7.0",
     "luxon": "^3.3.0",
     "memorystore": "^1.6.7",
     "morgan": "~1.10.0",
@@ -35,6 +36,7 @@
     "@types/express": "^4.17.17",
     "@types/express-session": "^1.17.7",
     "@types/http-errors": "^2.0.1",
+    "@types/lusca": "^1.7.1",
     "@types/luxon": "^3.3.0",
     "@types/morgan": "^1.9.4",
     "@types/node": "^20.2.5",

diff --git a/backend/src/index.ts b/backend/src/index.ts
@@ -5,6 +5,7 @@ import dotenv from "dotenv";
 import express from "express";
 import session from "express-session";
 import rateLimit from "express-rate-limit";
+import { csrf } from "lusca";
 import createError from "http-errors";
 import createMemoryStore from "memorystore";
 import logger from "morgan";
@@ -46,6 +47,14 @@ async function main() {
     })
   );
 
+  server.use(
+    csrf({
+      cookie: {
+        name: "_csrf",
+      },
+    })
+  );
+
   const rateLimiter = rateLimit({
     windowMs: 60 * 1000,
     max: 100,

diff --git a/frontend/package.json b/frontend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@conveyor/frontend",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "author": "Alanimdeo <[email protected]>",
   "license": "MIT",
   "private": false,

diff --git a/frontend/src/App.vue b/frontend/src/App.vue
@@ -15,6 +15,18 @@ fetchInterceptor.register({
       config.headers = {};
     }
     config.headers["Cookie"] = document.cookie;
+
+    if (config.method !== "GET" && config.headers["Content-Type"] === "application/json") {
+      const body = JSON.parse(config.body);
+
+      const cookie = decodeURIComponent(document.cookie);
+      const csrfToken = cookie.replace(/.*_csrf=(.{38})(;.*|$)/, "$1");
+
+      body["_csrf"] = csrfToken;
+      document.cookie = "_csrf=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;";
+
+      config.body = JSON.stringify(body);
+    }
     return [url, config];
   },
   response(response) {

diff --git a/frontend/src/components/PresetDialog.vue b/frontend/src/components/PresetDialog.vue
@@ -13,6 +13,9 @@
         {{ preset.name || "이름 없는 프리셋 " + preset.id }}
       </ElButton>
     </div>
+
+    <ElEmpty v-if="presets.length === 0" description="프리셋이 없습니다. 프리셋 탭에서 추가해 보세요!" />
+
     <div class="end">
       <ElButton @click="opened = false">취소</ElButton>
     </div>

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "conveyor",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "author": "Alanimdeo <[email protected]>",
   "private": true,
   "license": "MIT",

diff --git a/yarn.lock b/yarn.lock
@@ -770,6 +770,13 @@
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.196.tgz#a7c3d6fc52d8d71328b764e28e080b4169ec7a95"
   integrity sha512-22y3o88f4a94mKljsZcanlNWPzO0uBsBdzLAngf2tp533LzZcQzb6+eZPJ+vCTt+bqF2XnvT9gejTLsAcJAJyQ==
 
+"@types/lusca@^1.7.1":
+  version "1.7.1"
+  resolved "https://registry.yarnpkg.com/@types/lusca/-/lusca-1.7.1.tgz#63ac2df1d169994e4ca2b73cb523143eb5bef038"
+  integrity sha512-tBm6OaEVK/DHxVPfwe7PsZv0zVyOB7bPTdn3FKFRSBZ6NY5Tqis4fLfYHxgsbMO5TvTG2XrGnboIleW11tOzkw==
+  dependencies:
+    "@types/express" "*"
+
 "@types/luxon@^3.3.0":
   version "3.3.1"
   resolved "https://registry.yarnpkg.com/@types/luxon/-/luxon-3.3.1.tgz#08727da7d81ee6a6c702b9dc6c8f86be010eb4dc"
@@ -2896,6 +2903,13 @@ lru-cache@^7.4.4, lru-cache@^7.5.1, lru-cache@^7.7.1:
   resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.0.0.tgz#b9e2a6a72a129d81ab317202d93c7691df727e61"
   integrity sha512-svTf/fzsKHffP42sujkO/Rjs37BCIsQVRCeNYIm9WN8rgT7ffoUnRtZCqU+6BqcSBdv8gwJeTz8knJpgACeQMw==
 
+lusca@^1.7.0:
+  version "1.7.0"
+  resolved "https://registry.yarnpkg.com/lusca/-/lusca-1.7.0.tgz#a5d979f1b51776e60d41e0ca98f886f1b8b95502"
+  integrity sha512-msnrplCfY7zaqlZBDEloCIKld+RUeMZVeWzSPaGUKeRXFlruNSdKg2XxCyR+zj6BqzcXhXlRnvcvx6rAGgsvMA==
+  dependencies:
+    tsscmp "^1.0.5"
+
 luxon@^3.3.0:
   version "3.4.0"
   resolved "https://registry.yarnpkg.com/luxon/-/luxon-3.4.0.tgz#17cb754efecbf76994f05b2a3f1f91fad7ddfde7"
@@ -4418,6 +4432,11 @@ tsconfig-paths@^4.2.0:
     minimist "^1.2.6"
     strip-bom "^3.0.0"
 
+tsscmp@^1.0.5:
+  version "1.0.6"
+  resolved "https://registry.yarnpkg.com/tsscmp/-/tsscmp-1.0.6.tgz#85b99583ac3589ec4bfef825b5000aa911d605eb"
+  integrity sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==
+
 tuf-js@^1.1.7:
   version "1.1.7"
   resolved "https://registry.yarnpkg.com/tuf-js/-/tuf-js-1.1.7.tgz#21b7ae92a9373015be77dfe0cb282a80ec3bbe43"