From 1b609bb83634e102ce5eee873d04e0ebca03d0d1 Mon Sep 17 00:00:00 2001
From: h-ivy <opentiny@sina.com>
Date: Tue, 30 May 2023 19:33:51 +0800
Subject: [PATCH] add set csrftoken cookie api

---
 .../template/server/eggJs/app/controller/csrf.ts  | 15 +++++++++++++++
 .../pro/template/server/eggJs/app/router.ts       |  3 +++
 .../pro/template/tinyvue/src/api/interceptor.ts   | 10 ++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 packages/toolkits/pro/template/server/eggJs/app/controller/csrf.ts

diff --git a/packages/toolkits/pro/template/server/eggJs/app/controller/csrf.ts b/packages/toolkits/pro/template/server/eggJs/app/controller/csrf.ts
new file mode 100644
index 00000000..89829cc0
--- /dev/null
+++ b/packages/toolkits/pro/template/server/eggJs/app/controller/csrf.ts
@@ -0,0 +1,15 @@
+import { Controller } from 'egg';
+
+export default class EmployeeController extends Controller {
+  public async index() {
+    const { ctx } = this;
+
+    ctx.helper.commonJson(
+      ctx,
+      {
+        data: {}
+      },
+      200,
+    );
+  }
+}
diff --git a/packages/toolkits/pro/template/server/eggJs/app/router.ts b/packages/toolkits/pro/template/server/eggJs/app/router.ts
index def66311..59c7b228 100644
--- a/packages/toolkits/pro/template/server/eggJs/app/router.ts
+++ b/packages/toolkits/pro/template/server/eggJs/app/router.ts
@@ -6,6 +6,9 @@ export default (app: Application) => {
   // todo: init database connect
   // router.post('/v1/database/init');
 
+  // Must be called before all other interfaces
+  router.get('/v1/setcsrf', controller.csrf.index);
+
   router.post('/v1/employee/getEmployee', controller.employee.getEmployee);
 
 };
diff --git a/packages/toolkits/pro/template/tinyvue/src/api/interceptor.ts b/packages/toolkits/pro/template/tinyvue/src/api/interceptor.ts
index 848b2aea..03a44d54 100644
--- a/packages/toolkits/pro/template/tinyvue/src/api/interceptor.ts
+++ b/packages/toolkits/pro/template/tinyvue/src/api/interceptor.ts
@@ -2,6 +2,10 @@ import axios, { AxiosRequestConfig, AxiosResponse } from 'axios';
 import { Modal } from '@opentiny/vue';
 import { getToken } from '@/utils/auth';
 
+export function setcsrf() {
+  return axios.get('/api/v1/setcsrf');
+}
+
 export interface HttpResponse<T = unknown> {
   status: number;
   msg: string;
@@ -22,6 +26,12 @@ axios.interceptors.request.use(
       }
       config.headers.Authorization = `Bearer ${token}`;
     }
+
+    const [, csrfToken] = /[;\s+]?csrfToken=([^;]*)/.exec(document.cookie) || [];
+    if (csrfToken) {
+      config.headers = { ...config.headers, 'x-csrf-token': csrfToken };
+    }
+
     return config;
   },
   (error) => {