standalone-comments/admin-common.js at main · dlnorman/standalone-comments · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/**
 * Common admin functions for CSRF token handling
 */

let csrfToken = null;

// Get CSRF token from cookie
function getCSRFToken() {
    const name = 'csrf_token=';
    const decodedCookie = decodeURIComponent(document.cookie);
    const ca = decodedCookie.split(';');
    for(let i = 0; i < ca.length; i++) {
        let c = ca[i];
        while (c.charAt(0) == ' ') {
            c = c.substring(1);
        }
        if (c.indexOf(name) == 0) {
            return c.substring(name.length, c.length);
        }
    }
    return null;
}

// Fetch CSRF token if not in cookie
async function ensureCSRFToken() {
    if (!csrfToken) {
        csrfToken = getCSRFToken();
    }
    if (!csrfToken) {
        try {
            const response = await fetch('api.php?action=csrf_token', {
                credentials: 'include'
            });
            const data = await response.json();
            csrfToken = data.token;
        } catch (error) {
            console.error('Failed to fetch CSRF token:', error);
        }
    }
    return csrfToken;
}

// Store CSRF token (call after login)
function setCSRFToken(token) {
    csrfToken = token;
}

// HTML escaping function
function escapeHtml(text) {
    const div = document.createElement('div');
    div.textContent = text;
    return div.innerHTML;
}