bisco/azionelab
1
0
Fork 0
generated from bisco/codex-bootstrap
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: send csrf token for staff check-in

Browse Source
This commit is contained in:
bisco
2026-04-30 13:40:09 +02:00
parent d6d83fbb07
commit b8d2dade40
2 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/src/app/pages/check-in-placeholder-page.component.ts
View File

@@ -170,7 +170,7 @@ type BarcodeDetectorConstructor = new (options?: { formats?: string[] }) => Barc
<p class="error-message" aria-live="assertive">This reservation is already checked in.</p> <p class="error-message" aria-live="assertive">This reservation is already checked in.</p>
} }
@if (state() === 'unauthorized') { @if (state() === 'unauthorized') {
<p class="error-message" aria-live="assertive">You are not authorized. Log into <code>/admin</code> with a staff account, then retry this check-in.</p> <p class="error-message" aria-live="assertive">You are not authorized. Log into <code>/admin</code> with a staff account, let the page reload with that session, then retry this check-in.</p>
} }
@if (state() === 'error') { @if (state() === 'error') {
<p class="error-message" aria-live="assertive">Something went wrong. Please try again.</p> <p class="error-message" aria-live="assertive">Something went wrong. Please try again.</p>

31
frontend/src/app/services/shows-api.service.ts
View File

@@ -1,5 +1,5 @@
import { inject, Injectable } from '@angular/core'; import { inject, Injectable } from '@angular/core';
import { HttpClient } from '@angular/common/http'; import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable } from 'rxjs'; import { Observable } from 'rxjs';
import { API_BASE_URL } from './api-config.token'; import { API_BASE_URL } from './api-config.token';
@@ -118,7 +118,7 @@ export class ShowsApiService {
return this.http.post<CheckInPreviewResponse>( return this.http.post<CheckInPreviewResponse>(
`${this.apiBaseUrl}/check-ins/preview/`, `${this.apiBaseUrl}/check-ins/preview/`,
{ token }, { token },
{ withCredentials: true }, this.buildStaffRequestOptions(),
); );
} }
@@ -126,7 +126,32 @@ export class ShowsApiService {
return this.http.post<CheckInConfirmResponse>( return this.http.post<CheckInConfirmResponse>(
`${this.apiBaseUrl}/check-ins/confirm/`, `${this.apiBaseUrl}/check-ins/confirm/`,
{ token }, { token },
{ withCredentials: true }, this.buildStaffRequestOptions(),
); );
} }
private buildStaffRequestOptions(): { headers?: HttpHeaders; withCredentials: true } {
const csrfToken = this.readCookie('csrftoken');
return {
withCredentials: true,
headers: csrfToken ? new HttpHeaders({ 'X-CSRFToken': csrfToken }) : undefined,
};
}
private readCookie(name: string): string {
if (typeof document === 'undefined' || !document.cookie) {
return '';
}
const cookiePrefix = `${name}=`;
for (const cookie of document.cookie.split(';')) {
const trimmedCookie = cookie.trim();
if (trimmedCookie.startsWith(cookiePrefix)) {
return decodeURIComponent(trimmedCookie.slice(cookiePrefix.length));
}
}
return '';
}
} }