Skip to content

Commit

Permalink
chore(updates): csrf token
Browse files Browse the repository at this point in the history
  • Loading branch information
ndu committed Aug 20, 2024
2 parents 9e7dd84 + 4ab4a99 commit 0dd4500
Show file tree
Hide file tree
Showing 12 changed files with 84 additions and 135 deletions.
1 change: 1 addition & 0 deletions client/src/components/Utils/Config.js
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
export const backendBaseUrl = "http://127.0.0.1:8000";
export const apiUrl = `${backendBaseUrl}/api/articles/`;

2 changes: 1 addition & 1 deletion research/src/components/layout/BaseHead.astro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ const { title, description, ogImage } = Astro.props;
line-height: 1.7;
}

.dark {
.dak {
body {
background: black;
color: white;
Expand Down
121 changes: 62 additions & 59 deletions research/src/layouts/Footer.astro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@
</p>
</div>
<form
action="http://127.0.0.1:8000/newsletter/subscribe/"
action="https://cms.2077.xyz/newsletter/subscribe/"
method="post"
id="subscribe-form"
class="flex justify-center"
Expand All @@ -132,65 +132,68 @@
</div>

<script>
document.addEventListener('DOMContentLoaded', function() {
const form = document.getElementById('subscribe-form');

// Fetch CSRF token from Django backend and handle form submission
if (form) {
fetch('http://127.0.0.1:8000/get-csrf-token/')
.then(response => response.json())
.then(data => {
const csrfToken = data.csrfToken;

// Add CSRF token as a hidden input field
const input = document.createElement('input');
input.type = 'hidden';
input.name = 'csrfmiddlewaretoken';
input.value = csrfToken;
form.appendChild(input);

// Handle form submission
form.addEventListener('submit', function(event) {
event.preventDefault();

const formData = new FormData(form);

fetch(form.action, {
method: 'POST',
body: formData,
headers: {
'X-CSRFToken': csrfToken,
},
})
.then(response => {
if (response.ok) {
return response.json();
} else {
return response.json().then(data => {
throw new Error(data.message || 'An error occurred');
});
}
})
.then(data => {
const messageElement = document.getElementById('response-message');
messageElement.textContent = 'Subscription successful!';
messageElement.style.color = 'green';
})
.catch(error => {
const messageElement = document.getElementById('response-message');
messageElement.textContent = error.message || 'An error occurred. Please try again.';
messageElement.style.color = 'red';
});
});
})
.catch(error => {
console.error('Error fetching CSRF token:', error);
const messageElement = document.getElementById('response-message');
messageElement.textContent = 'An error occurred while fetching the CSRF token. Please try again.';
messageElement.style.color = 'red';
});
}
document.addEventListener('DOMContentLoaded', () => {
const form = document.getElementById('subscribe-form') as HTMLFormElement;

if (form) {
fetch('https://cms.2077.xyz/get-csrf-token/')
.then(response => response.json())
.then((data: { csrfToken: string }) => {
const csrfToken = data.csrfToken;

const input = document.createElement('input');
input.type = 'hidden';
input.name = 'csrfmiddlewaretoken';
input.value = csrfToken;
form.appendChild(input);

form.addEventListener('submit', (event) => {
event.preventDefault();

const formData = new FormData(form);

fetch(form.action, {
method: 'POST',
body: formData,
headers: {
'X-CSRFToken': csrfToken,
},
})
.then(response => {
if (response.ok) {
return response.json();
} else {
return response.json().then((data: { message: string }) => {
throw new Error(data.message || 'An error occurred');
});
}
})
.then(() => {
const messageElement = document.getElementById('response-message') as HTMLElement;
if (messageElement) {
messageElement.textContent = 'Subscription successful!';
messageElement.style.color = 'green';
}
})
.catch((error: Error) => {
const messageElement = document.getElementById('response-message') as HTMLElement;
if (messageElement) {
messageElement.textContent = error.message || 'An error occurred. Please try again.';
messageElement.style.color = 'red';
}
});
});
})
.catch((error: Error) => {
console.error('Error fetching CSRF token:', error);
const messageElement = document.getElementById('response-message') as HTMLElement;
if (messageElement) {
messageElement.textContent = 'An error occurred while fetching the CSRF token. Please try again.';
messageElement.style.color = 'red';
}
});
}
});
</script>
</div>

Expand Down
6 changes: 3 additions & 3 deletions research/src/layouts/Header.astro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
<nav class="flex justify-between">

<div>
<a href="/" class="logo block light dark:hidden">
<a href="/" class="logo block light">
<img src="/logo-black.webp" alt="" width="197" height="58" />
</a>
<a href="/" class="logo hidden dark dark:block">
<a href="/" class="logo hidden">
<img src="/logo-white.webp" alt="" width="197" height="58" />
</a>
</div>
Expand Down Expand Up @@ -180,7 +180,7 @@
>
<a
href="#subscribe"
class="bg-green text-white dark:bg-greenLm dark:text-black px-8 py-2 rounded font-bold"
class="bg-greenLm text-black px-8 py-2 rounded font-bold"
>
Subscribe
</a>
Expand Down
66 changes: 0 additions & 66 deletions research/src/layouts/m.astro
View file

This file was deleted.

2 changes: 1 addition & 1 deletion research/src/pages/[categories]/[category].astro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ const category = Astro.params.category;
try {
const response = await fetch(
`http://127.0.0.1:8000/api/articles/category/${category}/`,
`https://cms.2077.xyz/api/articles/category/${category}/`,
);
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
Expand Down
2 changes: 1 addition & 1 deletion research/src/pages/[id].astro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ const id = Astro.params.id;
let article: Article | null = null;
try {
const response = await fetch(`http://127.0.0.1:8000/api/articles/${id}`);
const response = await fetch(`https://cms.2077.xyz/api/articles/${id}`);
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
Expand Down
6 changes: 4 additions & 2 deletions research/src/pages/index.astro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,15 @@ interface Article {
views: string;
summary: string;
categories: Category[];
thumb: string;
thumb: {
url: string;
};
}
let articles: Article[] = [];
try {
const response = await fetch("http://127.0.0.1:8000/api/articles");
const response = await fetch("https://cms.2077.xyz/api/articles");
articles = await response.json();
} catch (error) {
console.error(error);
Expand Down
7 changes: 6 additions & 1 deletion server/apps/research/models/article.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@
from .category import Category
from .author import Author
from django.utils import timezone
from django.conf import settings


def get_default_thumb():
return f"{settings.MEDIA_URL}images/2077-Collective.png"

class Article(BaseModel):
"""Model for articles."""
Expand All @@ -21,7 +26,7 @@ class Article(BaseModel):
authors = models.ManyToManyField(Author, blank=True, related_name='articles')
slug = models.SlugField(blank=True)
categories = models.ManyToManyField(Category, blank=True, related_name='articles')
thumb = models.ImageField(upload_to='images/', default='../media/images/2077-Collective.png', blank=True)
thumb = models.ImageField(upload_to='images/', default=get_default_thumb, blank=True)
views = models.PositiveBigIntegerField(default=0)
status = models.CharField(max_length=10, choices=options, default='draft')
scheduled_publish_time = models.DateTimeField(null=True, blank=True, db_index=True)
Expand Down
2 changes: 1 addition & 1 deletion server/core/config/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@

STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
MEDIA_URL = '/media/'
MEDIA_URL = 'https://cms.2077.xyz/media/'

MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

Expand Down
Binary file modified server/db.sqlite3
View file
Binary file not shown.
4 changes: 4 additions & 0 deletions server/requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,14 @@ attrs==24.1.0
billiard==4.2.0
celery==5.4.0
certifi==2024.7.4
cffi==1.17.0
charset-normalizer==3.3.2
click==8.1.7
click-didyoumean==0.3.1
click-plugins==1.1.1
click-repl==0.3.0
cron-descriptor==1.4.3
cryptography==43.0.0
Django==5.0.8
django-celery-beat==2.6.0
django-ckeditor==6.7.1
Expand All @@ -33,6 +35,8 @@ jsonschema-specifications==2023.12.1
kombu==5.4.0
pillow==10.4.0
prompt_toolkit==3.0.47
pycparser==2.22
pyOpenSSL==24.2.1
python-crontab==3.2.0
python-dateutil==2.9.0.post0
python-decouple==3.8
Expand Down

0 comments on commit 0dd4500

Please sign in to comment.