joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden security: enable CSP, add SRI, and externalize inline scripts

Browse Source
This commit is contained in:
Ryan
2025-04-26 02:28:02 -04:00
committed by GitHub
parent 0645a3712a
commit 6d9715169c
5 changed files with 97 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
public/js/auth.js
View File

@@ -437,12 +437,26 @@ function initAuth() {
submitLogin(formData);
});
}
document.getElementById("logoutBtn").addEventListener("click", function () {
fetch("/api/auth/logout.php", {
method: "POST",
credentials: "include",
headers: { "X-CSRF-Token": window.csrfToken }
}).then(() => window.location.reload(true)).catch(() => { });
// handle ?logout=1 query
const params = new URLSearchParams(window.location.search);
if (params.get('logout') === '1') {
localStorage.removeItem("username");
localStorage.removeItem("userTOTPEnabled");
}
// attach logout button listener
document.addEventListener('DOMContentLoaded', () => {
const btn = document.getElementById('logoutBtn');
if (!btn) return;
btn.addEventListener('click', () => {
fetch('/api/auth/logout.php', {
method: 'POST',
credentials: 'include',
headers: { 'X-CSRF-Token': window.csrfToken }
})
.then(() => window.location.reload(true))
.catch(() => { });
});
});
document.getElementById("addUserBtn").addEventListener("click", function () {
resetUserForm();

38
public/js/fileActions.js
View File

@@ -193,10 +193,10 @@ export function handleExtractZipSelected(e) {
}
document.addEventListener("DOMContentLoaded", () => {
const zipNameModal = document.getElementById("downloadZipModal");
const progressModal = document.getElementById("downloadProgressModal");
const cancelZipBtn = document.getElementById("cancelDownloadZip");
const confirmZipBtn = document.getElementById("confirmDownloadZip");
const zipNameModal = document.getElementById("downloadZipModal");
const progressModal = document.getElementById("downloadProgressModal");
const cancelZipBtn = document.getElementById("cancelDownloadZip");
const confirmZipBtn = document.getElementById("confirmDownloadZip");
// 1) Cancel button hides the name modal
if (cancelZipBtn) {
@@ -219,8 +219,8 @@ document.addEventListener("DOMContentLoaded", () => {
}
// b) Hide the nameinput modal, show the spinner modal
zipNameModal.style.display = "none";
progressModal.style.display = "block";
zipNameModal.style.display = "none";
progressModal.style.display = "block";
// c) (Optional) update the “Preparing…” text if you gave it an ID
const titleEl = document.getElementById("downloadProgressTitle");
@@ -233,11 +233,11 @@ document.addEventListener("DOMContentLoaded", () => {
credentials: "include",
headers: {
"Content-Type": "application/json",
"X-CSRF-Token": window.csrfToken
"X-CSRF-Token": window.csrfToken
},
body: JSON.stringify({
folder: window.currentFolder || "root",
files: window.filesToDownload
files: window.filesToDownload
})
});
if (!res.ok) {
@@ -252,8 +252,8 @@ document.addEventListener("DOMContentLoaded", () => {
// e) Hand off to the browsers download manager
const url = URL.createObjectURL(blob);
const a = document.createElement("a");
a.href = url;
const a = document.createElement("a");
a.href = url;
a.download = zipName;
document.body.appendChild(a);
a.click();
@@ -555,4 +555,22 @@ export function initFileActions() {
}
}
// Hook up the singlefile download modal buttons
document.addEventListener("DOMContentLoaded", () => {
const cancelDownloadFileBtn = document.getElementById("cancelDownloadFile");
if (cancelDownloadFileBtn) {
cancelDownloadFileBtn.addEventListener("click", () => {
document.getElementById("downloadFileModal").style.display = "none";
});
}
const confirmSingleDownloadBtn = document.getElementById("confirmSingleDownloadButton");
if (confirmSingleDownloadBtn) {
confirmSingleDownloadBtn.addEventListener("click", confirmSingleDownload);
}
// Make Enter also confirm the download
attachEnterKeyListener("downloadFileModal", "confirmSingleDownloadButton");
});
window.renameFile = renameFile;