From 7618b248984059cb215326dc97ef2efbadb6b7c6 Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Thu, 15 Dec 2022 23:15:52 -0800
Subject: [PATCH] add csrf token saving

---
 scripts/login.js | 2 +-
 scripts/utils.js | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/login.js b/scripts/login.js
index 0d36354..56bf9d4 100644
--- a/scripts/login.js
+++ b/scripts/login.js
@@ -13,7 +13,7 @@ function init (){
 		try {
 			status.innerText = "Authenticating...";
 			let ticket = await requestTicket(formData.get("username"), formData.get("password"));
-			setTicket(ticket.data.ticket);
+			setTicket(ticket.data.ticket, ticket.data.CSRFPreventionToken);
 			window.location.href = "index.html";
 		}
 		catch (error) {
diff --git a/scripts/utils.js b/scripts/utils.js
index 1f4ff38..0c8b8e5 100644
--- a/scripts/utils.js
+++ b/scripts/utils.js
@@ -18,10 +18,11 @@ export async function requestTicket (username, password) {
 	return response;
 }
 
-export function setTicket (ticket) {
+export function setTicket (ticket, csrf) {
 	let d = new Date();
 	d.setTime(d.getTime() + (2*60*60*1000));
 	document.cookie = `PVEAuthCookie=${ticket}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net`;
+	document.cookie = `CSRFPreventionToken=${csrf}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net;`
 }
 
 export async function request (path, method, body = null, auth = true) {