diff --git a/app/root.jsx b/app/root.jsx
index 8cbeee0..a58905f 100644
--- a/app/root.jsx
+++ b/app/root.jsx
@@ -5,11 +5,16 @@ import {
Outlet,
Scripts,
ScrollRestoration,
+ useLoaderData,
} from "@remix-run/react";
import { useState } from "react";
-
+import {
+ AuthenticityTokenProvider,
+ createAuthenticityToken,
+} from "remix-utils";
import styles from "./styles/app.css";
-
+import { json } from "@remix-run/node";
+import { getSession, commitSession } from "./sessions";
export function links() {
return [{ rel: "stylesheet", href: styles }];
}
@@ -20,7 +25,17 @@ export const meta = () => ({
viewport: "width=device-width,initial-scale=1",
});
+export async function loader({ request }) {
+ let session = await getSession(request.headers.get("cookie"));
+ let token = createAuthenticityToken(session);
+ return json(
+ { csrf: token },
+ { headers: { "Set-Cookie": await commitSession(session) } }
+ );
+}
+
export default function App() {
+ let { csrf } = useLoaderData();
const [dark, setDark] = useState(true);
return (
@@ -53,7 +68,9 @@ export default function App() {
)}
-
+
+
+
diff --git a/app/routes/index.jsx b/app/routes/index.jsx
index cc7b349..51e2a31 100644
--- a/app/routes/index.jsx
+++ b/app/routes/index.jsx
@@ -5,6 +5,7 @@ import { prisma } from "~/db.server";
import { Form } from "@remix-run/react";
import { json } from "@remix-run/node";
import { County } from "~/components/County";
+import { AuthenticityTokenInput, verifyAuthenticityToken } from "remix-utils";
const countys = [
"Ahvenanmaa",
@@ -28,13 +29,19 @@ const countys = [
];
export async function action({ request }) {
+ const session = await getSession(request.headers.get("Cookie"));
+ try {
+ await verifyAuthenticityToken(request, session);
+ } catch {
+ throw new Error("something went wrong");
+ }
+
const formData = await request.formData();
const county = formData.get("county");
if (!county || typeof county !== "string" || !countys.includes(county))
throw new Error("bad county");
- const session = await getSession(request.headers.get("Cookie"));
if (!session.has("userId"))
throw new Error("OAuth token not found in cookie");
@@ -149,25 +156,29 @@ export default function Index() {
/>
{data.me.username}
{data.selfData ? (
-
- Update stats
-
+
+
+
) : (
""
)}
-
- Logout
-
+
+
+
) : (
+