Fixed csrf token error in cert upload ui

- Fixed csrf token error in cert upload interface - Added system wide logger into tls cert manager
2025-08-11 23:55:24 +02:00 · 2024-07-29 12:28:21 +08:00
parent ca37bfbfa6
commit fd1439f746
6 changed files with 60 additions and 71 deletions
--- a/src/web/components/cert.html
+++ b/src/web/components/cert.html
@@ -423,6 +423,8 @@
        }
        if (uploadPendingPublicKey && uploadPendingPrivateKey && typeof uploadPendingPublicKey === 'object' && typeof uploadPendingPrivateKey === 'object') {
            const publicKeyForm = new FormData();
+            const csrfToken = document.querySelector('meta[name="zoraxy.csrf.Token"]').getAttribute("content");
+
            publicKeyForm.append('file', uploadPendingPublicKey, 'publicKey');

            const privateKeyForm = new FormData();
@@ -430,6 +432,7 @@

            const publicKeyRequest = new XMLHttpRequest();
            publicKeyRequest.open('POST', '/api/cert/upload?ktype=pub&domain=' + domain);
+            publicKeyRequest.setRequestHeader('X-CSRF-Token', csrfToken);
            publicKeyRequest.onreadystatechange = function() {
            if (publicKeyRequest.readyState === XMLHttpRequest.DONE) {
                if (publicKeyRequest.status !== 200) {
@@ -446,6 +449,7 @@

            const privateKeyRequest = new XMLHttpRequest();
            privateKeyRequest.open('POST', '/api/cert/upload?ktype=pri&domain=' + domain);
+            privateKeyRequest.setRequestHeader('X-CSRF-Token', csrfToken);
            privateKeyRequest.onreadystatechange = function() {
            if (privateKeyRequest.readyState === XMLHttpRequest.DONE) {
                if (privateKeyRequest.status !== 200) {
@@ -466,15 +470,11 @@
    //ktype = {"pub" / "pri"}
    function handleFileSelect(event, ktype="pub") {
        const file = event.target.files[0];
-        //const fileNameInput = document.getElementById('selected-file-name');
        if (ktype == "pub"){
            uploadPendingPublicKey = file;
        }else if (ktype == "pri"){
            uploadPendingPrivateKey = file;
        }
-        
-        
-        //fileNameInput.value = file.name;
    }

    //Check if the default keypairs exists
@@ -497,14 +497,18 @@
        input.addEventListener('change', () => {
            // create form data object
            const formData = new FormData();
-            
+            const csrfToken = document.querySelector('meta[name="zoraxy.csrf.Token"]').getAttribute("content");
+
            // add selected file to form data
            formData.append('file', input.files[0]);

            // send form data to server
            fetch('/api/cert/upload?ktype=pri', {
                method: 'POST',
-                body: formData
+                body: formData,
+                headers: {
+                    'X-CSRF-Token': csrfToken
+                }
            })
            .then(response => {
                initDefaultKeypairCheck();
@@ -531,6 +535,7 @@
    function uploadPublicKey() {
        // create file input element
        const input = document.createElement('input');
+        const csrfToken = document.querySelector('meta[name="zoraxy.csrf.Token"]').getAttribute("content");
        input.type = 'file';
        
        // add change listener to file input
@@ -544,7 +549,10 @@
            // send form data to server
            fetch('/api/cert/upload?ktype=pub', {
                method: 'POST',
-                body: formData
+                body: formData,
+                headers: {
+                    'X-CSRF-Token': csrfToken
+                }
            })
            .then(response => {
                if (response.ok) {