feat: implement comprehensive CSRF protection

2026-01-16 11:12:11 +01:00 · 2025-07-11 18:06:51 +02:00
parent e7818f5e4f
commit 3e9e75e854
44 changed files with 14964 additions and 6413 deletions
--- a/app/api/csrf-token/route.ts
+++ b/app/api/csrf-token/route.ts
@ -0,0 +1,19 @@
+/**
+ * CSRF Token API Endpoint
+ *
+ * This endpoint provides CSRF tokens to clients for secure form submissions.
+ * It generates a new token and sets it as an HTTP-only cookie.
+ */
+
+import { NextRequest } from "next/server";
+import { generateCSRFTokenResponse } from "../../../middleware/csrfProtection";
+
+/**
+ * GET /api/csrf-token
+ *
+ * Generates and returns a new CSRF token.
+ * The token is also set as an HTTP-only cookie for automatic inclusion in requests.
+ */
+export function GET(request: NextRequest) {
+  return generateCSRFTokenResponse();
+}
--- a/app/api/platform/companies/[id]/users/route.ts
+++ b/app/api/platform/companies/[id]/users/route.ts
@ -75,8 +75,8 @@ export async function POST(
        );
      } else {
        return NextResponse.json(
-          { 
-            error: `Email already in use by a user in company: ${existingUser.company.name}. Each email address can only be used once across all companies.` 
+          {
+            error: `Email already in use by a user in company: ${existingUser.company.name}. Each email address can only be used once across all companies.`
          },
          { status: 400 }
        );
--- a/app/providers.tsx
+++ b/app/providers.tsx
@ -4,6 +4,7 @@ import { SessionProvider } from "next-auth/react";
 import type { ReactNode } from "react";
 import { TRPCProvider } from "@/components/providers/TRPCProvider";
 import { ThemeProvider } from "@/components/theme-provider";
+import { CSRFProvider } from "@/components/providers/CSRFProvider";

 export function Providers({ children }: { children: ReactNode }) {
  // Including error handling and refetch interval for better user experience
@ -19,7 +20,9 @@ export function Providers({ children }: { children: ReactNode }) {
        refetchInterval={30 * 60}
        refetchOnWindowFocus={false}
      >
-        <TRPCProvider>{children}</TRPCProvider>
+        <CSRFProvider>
+          <TRPCProvider>{children}</TRPCProvider>
+        </CSRFProvider>
      </SessionProvider>
    </ThemeProvider>
  );