mirror of
https://github.com/jiojciojsioe3/a3cjroijsiojiorj.git
synced 2024-11-15 15:31:51 +08:00
Request a csrftoken before every request
This commit is contained in:
parent
841e9d37d1
commit
2232c36182
@ -397,38 +397,45 @@ class Account{
|
||||
}
|
||||
request(url, obj, get){
|
||||
this.lock(true)
|
||||
return new Promise((resolve, reject) => {
|
||||
var request = new XMLHttpRequest()
|
||||
request.open(get ? "GET" : "POST", "api/" + url)
|
||||
pageEvents.load(request).then(() => {
|
||||
this.lock(false)
|
||||
if(request.status !== 200){
|
||||
var doRequest = token => {
|
||||
return new Promise((resolve, reject) => {
|
||||
var request = new XMLHttpRequest()
|
||||
request.open(get ? "GET" : "POST", "api/" + url)
|
||||
pageEvents.load(request).then(() => {
|
||||
this.lock(false)
|
||||
if(request.status !== 200){
|
||||
reject()
|
||||
return
|
||||
}
|
||||
try{
|
||||
var json = JSON.parse(request.response)
|
||||
}catch(e){
|
||||
reject()
|
||||
return
|
||||
}
|
||||
if(json.status === "ok"){
|
||||
resolve(json)
|
||||
}else{
|
||||
reject(json)
|
||||
}
|
||||
}, () => {
|
||||
this.lock(false)
|
||||
reject()
|
||||
return
|
||||
}
|
||||
try{
|
||||
var json = JSON.parse(request.response)
|
||||
}catch(e){
|
||||
reject()
|
||||
return
|
||||
}
|
||||
if(json.status === "ok"){
|
||||
resolve(json)
|
||||
})
|
||||
if(obj){
|
||||
request.setRequestHeader("Content-Type", "application/json;charset=UTF-8")
|
||||
request.setRequestHeader("X-CSRFToken", token)
|
||||
request.send(JSON.stringify(obj))
|
||||
}else{
|
||||
reject(json)
|
||||
request.send()
|
||||
}
|
||||
}, () => {
|
||||
this.lock(false)
|
||||
reject()
|
||||
})
|
||||
if(obj){
|
||||
request.setRequestHeader("Content-Type", "application/json;charset=UTF-8")
|
||||
request.setRequestHeader("X-CSRFToken", gameConfig._csrf_token)
|
||||
request.send(JSON.stringify(obj))
|
||||
}else{
|
||||
request.send()
|
||||
}
|
||||
})
|
||||
}
|
||||
if(get){
|
||||
return doRequest()
|
||||
}else{
|
||||
return loader.getCsrfToken().then(doRequest)
|
||||
}
|
||||
}
|
||||
lock(isLocked){
|
||||
this.locked = isLocked
|
||||
|
@ -396,6 +396,16 @@ class Loader{
|
||||
request.send()
|
||||
})
|
||||
}
|
||||
getCsrfToken(){
|
||||
return this.ajax("api/csrftoken").then(response => {
|
||||
var json = JSON.parse(response)
|
||||
if(json.status === "ok"){
|
||||
return Promise.resolve(json.token)
|
||||
}else{
|
||||
return Promise.reject()
|
||||
}
|
||||
})
|
||||
}
|
||||
clean(error){
|
||||
var fontDetectDiv = document.getElementById("fontdetectHelper")
|
||||
if(fontDetectDiv){
|
||||
|
@ -272,32 +272,35 @@ class ScoreStorage{
|
||||
}
|
||||
sendToServer(obj, retry){
|
||||
if(account.loggedIn){
|
||||
var request = new XMLHttpRequest()
|
||||
request.open("POST", "api/scores/save")
|
||||
var promise = pageEvents.load(request).then(response => {
|
||||
if(request.status !== 200){
|
||||
return Promise.reject()
|
||||
}
|
||||
}).catch(() => {
|
||||
if(retry){
|
||||
this.scoreSaveFailed = true
|
||||
account.loggedIn = false
|
||||
delete account.username
|
||||
delete account.displayName
|
||||
this.load()
|
||||
pageEvents.send("logout")
|
||||
return Promise.reject()
|
||||
}else{
|
||||
return new Promise(resolve => {
|
||||
setTimeout(() => {
|
||||
resolve()
|
||||
}, 3000)
|
||||
}).then(() => this.sendToServer(obj, true))
|
||||
}
|
||||
return loader.getCsrfToken().then(token => {
|
||||
var request = new XMLHttpRequest()
|
||||
request.open("POST", "api/scores/save")
|
||||
var promise = pageEvents.load(request).then(response => {
|
||||
if(request.status !== 200){
|
||||
return Promise.reject()
|
||||
}
|
||||
}).catch(() => {
|
||||
if(retry){
|
||||
this.scoreSaveFailed = true
|
||||
account.loggedIn = false
|
||||
delete account.username
|
||||
delete account.displayName
|
||||
this.load()
|
||||
pageEvents.send("logout")
|
||||
return Promise.reject()
|
||||
}else{
|
||||
return new Promise(resolve => {
|
||||
setTimeout(() => {
|
||||
resolve()
|
||||
}, 3000)
|
||||
}).then(() => this.sendToServer(obj, true))
|
||||
}
|
||||
})
|
||||
request.setRequestHeader("Content-Type", "application/json;charset=UTF-8")
|
||||
request.setRequestHeader("X-CSRFToken", token)
|
||||
request.send(JSON.stringify(obj))
|
||||
return promise
|
||||
})
|
||||
request.setRequestHeader("Content-Type", "application/json;charset=UTF-8")
|
||||
request.send(JSON.stringify(obj))
|
||||
return promise
|
||||
}else{
|
||||
return Promise.resolve()
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user