user authentication

2025-08-25 21:19:15 +01:00
parent 6c82e2014c
commit e21a0b5b10
23 changed files with 2479 additions and 189 deletions
--- a/web/templates/settings.html
+++ b/web/templates/settings.html
@@ -179,7 +179,7 @@
    // Load current settings
    function loadSettings() {
        // Load image storage settings
-        fetch('/settings/image_storage')
+        fetch('/editor/settings/image_storage')
        .then(response => response.json())
        .then(data => {
            document.querySelector(`input[name="storage_mode"][value="${data.mode}"]`).checked = true;
@@ -190,7 +190,7 @@
        .catch(error => console.error('Error loading image storage settings:', error));

        // Load notes directory settings
-        fetch('/settings/notes_dir')
+        fetch('/editor/settings/notes_dir')
        .then(response => response.json())
        .then(data => {
            document.getElementById('notes_dir').value = data.notes_dir || '';
@@ -198,7 +198,7 @@
        .catch(error => console.error('Error loading notes directory settings:', error));

        // Load file extensions settings
-        fetch('/settings/file_extensions')
+        fetch('/editor/settings/file_extensions')
        .then(response => response.json())
        .then(data => {
            document.getElementById('allowed_image_extensions').value = data.allowed_image_extensions || '';
@@ -237,9 +237,12 @@
        e.preventDefault();
        
        const formData = new FormData(this);
-        
-        fetch('/settings/image_storage', {
+
+        const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : '';
+
+        fetch('/editor/settings/image_storage', {
            method: 'POST',
+            headers: csrf ? { 'X-CSRF-Token': csrf } : {},
            body: formData
        })
        .then(response => response.json())
@@ -263,9 +266,12 @@
        e.preventDefault();
        
        const formData = new FormData(this);
-        
-        fetch('/settings/notes_dir', {
+
+        const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : '';
+
+        fetch('/editor/settings/notes_dir', {
            method: 'POST',
+            headers: csrf ? { 'X-CSRF-Token': csrf } : {},
            body: formData
        })
        .then(response => response.json())
@@ -289,9 +295,12 @@
        e.preventDefault();
        
        const formData = new FormData(this);
-        
-        fetch('/settings/file_extensions', {
+
+        const csrf = (document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1] ? decodeURIComponent((document.cookie.match(/(?:^|; )csrf_token=([^;]+)/)||[])[1]) : '';
+
+        fetch('/editor/settings/file_extensions', {
            method: 'POST',
+            headers: csrf ? { 'X-CSRF-Token': csrf } : {},
            body: formData
        })
        .then(response => response.json())