/** * Client-side CSRF protection utilities */ const CSRF_HEADER_NAME = 'x-csrf-token'; const CSRF_COOKIE_NAME = 'csrf-token'; /** * Get CSRF token from cookie */ export function getCSRFCookie(): string | null { if (typeof document === 'undefined') return null; const cookies = document.cookie.split(';'); for (const cookie of cookies) { const [name, value] = cookie.trim().split('='); if (name === CSRF_COOKIE_NAME) { return value; } } return null; } /** * Fetch a new CSRF token from the server * This should be called after authentication */ export async function fetchCSRFToken(): Promise { try { const response = await fetch('/api/auth/csrf', { method: 'GET', credentials: 'include', // Include cookies }); if (!response.ok) { console.error('Failed to fetch CSRF token:', response.status); return null; } const data = await response.json(); return data.token || null; } catch (error) { console.error('Error fetching CSRF token:', error); return null; } } /** * Add CSRF token to fetch options */ export function withCSRFToken(options: RequestInit = {}): RequestInit { const token = getCSRFCookie(); if (!token) { console.warn('No CSRF token found in cookies'); return options; } return { ...options, headers: { ...options.headers, [CSRF_HEADER_NAME]: token, }, }; } /** * Enhanced fetch with CSRF protection */ export async function csrfFetch(input: RequestInfo | URL, options?: RequestInit): Promise { const enhancedOptions = withCSRFToken(options); return fetch(input, enhancedOptions); } /** * Add CSRF token to form data */ export function addCSRFTokenToFormData(formData: FormData): FormData { const token = getCSRFCookie(); if (token) { formData.append('csrf_token', token); } else { console.warn('No CSRF token found in cookies'); } return formData; } /** * Initialize CSRF token after authentication * Call this after successful login/signup */ export async function initializeCSRF(): Promise { const token = await fetchCSRFToken(); return token !== null; }