From 4693589b67cb8ad9640a57fa5d004ecede4f505f Mon Sep 17 00:00:00 2001
From: Abner Tudtud <114082473+enjinabner@users.noreply.github.com>
Date: Wed, 26 Jun 2024 15:24:21 +0800
Subject: [PATCH] Revert "[PLA-1864] Remove csrf cookie meta and use cookie
 instead (#127)"

This reverts commit e4226d352e67231a9671410ce2ce4e774ef65631.
---
 resources/js/api/index.ts                  | 7 ++++++-
 resources/js/components/pages/Settings.vue | 2 ++
 resources/js/store/index.ts                | 2 ++
 resources/views/app.blade.php              | 3 ++-
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/resources/js/api/index.ts b/resources/js/api/index.ts
index 1166e6f..272b4a3 100644
--- a/resources/js/api/index.ts
+++ b/resources/js/api/index.ts
@@ -38,6 +38,7 @@ export class ApiService {
     }): Promise<any> {
         let body: string | null = null;
         const fullUrl = url;
+        const csrf = document.head.querySelector('meta[name="csrf-token"]')?.getAttribute('content');
 
         if (Object.keys(data).length > 0) {
             body = JSON.stringify(data);
@@ -45,6 +46,8 @@ export class ApiService {
 
         if (!useAppStore().isMultiTenant) {
             headers.Authorization = useAppStore().config.authorization_token;
+        } else {
+            headers['X-CSRF-TOKEN'] = csrf;
         }
 
         const resp = await fetch(fullUrl, {
@@ -60,7 +63,9 @@ export class ApiService {
         });
 
         if (resp.status === 419 && nest && useAppStore().isMultiTenant) {
-            return this.request({ url, method, data, headers });
+            if (await this.reloadCsrf()) {
+                return this.request({ url, method, data, headers });
+            }
         }
 
         if (resp.status === 204) {
diff --git a/resources/js/components/pages/Settings.vue b/resources/js/components/pages/Settings.vue
index bf73b28..66b9367 100644
--- a/resources/js/components/pages/Settings.vue
+++ b/resources/js/components/pages/Settings.vue
@@ -103,6 +103,7 @@ import CollapseCard from '../CollapseCard.vue';
 import Tooltip from '../Tooltip.vue';
 import { AuthApi } from '~/api/auth';
 import ConfirmModal from '../ConfirmModal.vue';
+import { ApiService } from '~/api';
 import SettingsChangeEmail from './SettingsChangeEmail.vue';
 import VerifyPasswordModal from './VerifyPasswordModal.vue';
 
@@ -136,6 +137,7 @@ const formatName = (name: string) => {
 const deleteAccount = async (password) => {
     await AuthApi.deleteAccount(password);
     appStore.clearLogin();
+    await ApiService.reloadCsrf();
 };
 
 watch(
diff --git a/resources/js/store/index.ts b/resources/js/store/index.ts
index 767f1f3..e9965cb 100644
--- a/resources/js/store/index.ts
+++ b/resources/js/store/index.ts
@@ -216,6 +216,7 @@ export const useAppStore = defineStore('app', {
                 throw [{ field: 'Login error', message: 'Invalid credentials' }];
             }
 
+            await ApiService.reloadCsrf();
             if (this.config.tenant) {
                 await this.getUser();
                 if (!this.user.isVerified) {
@@ -232,6 +233,7 @@ export const useAppStore = defineStore('app', {
             this.loggedIn = false;
             await AuthApi.logout();
             this.clearLogin();
+            await ApiService.reloadCsrf();
         },
         clearLogin() {
             this.user = null;
diff --git a/resources/views/app.blade.php b/resources/views/app.blade.php
index 97cae7a..ac3db3c 100644
--- a/resources/views/app.blade.php
+++ b/resources/views/app.blade.php
@@ -3,7 +3,8 @@
 <head>
 	<meta charset="utf-8">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Enjin Platform</title>
+    <meta name="csrf-token" content="{{ csrf_token() }}">
+	<title>Enjin Platform</title>
     <link href="/vendor/platform-ui/favicon.png" rel="shortcut icon" type="image/x-icon" />
 
 	@vite('resources/css/app.css', 'vendor/platform-ui/build')