Skip to content

Commit

Permalink
chore(release): v1.79.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@AshGw
AshGw committed May 10, 2024
1 parent 34cb639 commit eab8006
Show file tree
Hide file tree
Showing 4 changed files with 119 additions and 18 deletions.
33 changes: 33 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,36 @@
## v1.79.0

[compare changes](https://github.com/ashgw/ashgw.io/compare/v1.77.0...v1.79.0)

### 🚀 Enhancements

- Looksmaxx the home page ([657044a](https://github.com/ashgw/ashgw.io/commit/657044a))
- Add back up top button ([3a0cea0](https://github.com/ashgw/ashgw.io/commit/3a0cea0))
- Add glows without hover style ([0dd20d3](https://github.com/ashgw/ashgw.io/commit/0dd20d3))
- Make shit glowup ([b857533](https://github.com/ashgw/ashgw.io/commit/b857533))
- Finish gpg key setup ([a982db2](https://github.com/ashgw/ashgw.io/commit/a982db2))
- Finish the 3 services block ([d10ed76](https://github.com/ashgw/ashgw.io/commit/d10ed76))
- **#220:** Use an S3 bucket instead of `/public` for images ([b41a49a](https://github.com/ashgw/ashgw.io/commit/b41a49a))
- Add `ECR` ([34cb639](https://github.com/ashgw/ashgw.io/commit/34cb639))

### 🏡 Chore

- Change the container exposed port to `3000` ([586780b](https://github.com/ashgw/ashgw.io/commit/586780b))
- Typos cleanup ([8b367b7](https://github.com/ashgw/ashgw.io/commit/8b367b7))
- **release:** V1.78.0 ([fcf3d4a](https://github.com/ashgw/ashgw.io/commit/fcf3d4a))
- Cleaup source types files v2 ([e024463](https://github.com/ashgw/ashgw.io/commit/e024463))
- Cleaup source types files v2 ([00f9753](https://github.com/ashgw/ashgw.io/commit/00f9753))
- Cache the GPG request for like an hour ([5bdbe22](https://github.com/ashgw/ashgw.io/commit/5bdbe22))
- Ion know G fr ([b58399a](https://github.com/ashgw/ashgw.io/commit/b58399a))

### 🤖 CI

- **fix:** Docker job typo ([f862e6d](https://github.com/ashgw/ashgw.io/commit/f862e6d))

### ❤️ Contributors

- AshGw ([@AshGw](http://github.com/AshGw))

## v1.78.0

[compare changes](https://github.com/AshGw/mysite/compare/v1.77.0...v1.78.0)
Expand Down
21 changes: 5 additions & 16 deletions infra/terraform.tfstate
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,7 @@
"grant": [
{
"id": "e420affff348dc73cd2e823658c3fbe2bcfda717547ca27db9df24c350f45e75",
"permissions": [
"FULL_CONTROL"
],
"permissions": ["FULL_CONTROL"],
"type": "CanonicalUser",
"uri": ""
}
Expand Down Expand Up @@ -213,19 +211,10 @@
"bucket": "ashgw-blog-public-images",
"cors_rule": [
{
"allowed_headers": [
"*"
],
"allowed_methods": [
"GET",
"HEAD"
],
"allowed_origins": [
"*"
],
"expose_headers": [
"ETag"
],
"allowed_headers": ["*"],
"allowed_methods": ["GET", "HEAD"],
"allowed_origins": ["*"],
"expose_headers": ["ETag"],
"id": "",
"max_age_seconds": 3000
}
Expand Down
4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "mysite",
"version": "1.78.0",
"version": "1.79.0",
"private": true,
"scripts": {
"build": "next build",
Expand Down Expand Up @@ -80,4 +80,4 @@
"tailwindcss-animate": "^1.0.7",
"typed.js": "^2.1.0"
}
}
}
79 changes: 79 additions & 0 deletions z.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>AJAX Request with CSRF Token</title>
</head>
<body>
<div id="ajaxResponse"></div>
<script>
document.addEventListener('DOMContentLoaded', () => {
createCSRFTokenContainer();
document
.getElementById('makeRequestButton')
.addEventListener('click', () => {
// Make an AJAX request when the button is clicked, it should
// show a successful message when no attack is made
var xhr = new XMLHttpRequest();

var csrfToken = getCSRFTokenFromClient();

xhr.open('POST', '/protected', true);

xhr.setRequestHeader('CSRF-Token', csrfToken);

xhr.onreadystatechange = () => {
if (xhr.readyState === XMLHttpRequest.DONE) {
// The server validates if the token sent in the header, if it matches the one
// stored on the server, it sends an OK status code.
// else it blocks the request
if (xhr.status === 200) {
document.getElementById('ajaxResponse').innerText =
"You're allowed, come in";
} else {
// Possible forgery
document.getElementById('ajaxResponse').innerText =
"You're blocked, the CSRF Token has been tampered with";
console.error('AJAX request failed:', xhr.status);
}
}
};
});
});

function getCSRFTokenFromServer() {
// When the user authenticated, the user ID was set as cookie (HttpOnly, Secure, Lax and all that), sent with every request
// the server will generate a secure random anti-CSRF token and associate it with that user ID on its end
// send a POST to the server you'll get the token.
return 'CSRF_TOKEN';
}

function createCSRFTokenContainer() {
var csrfToken = getCSRFTokenFromServer(); // New div element to hold the hidden token
var csrfDiv = document.createElement('div');
csrfDiv.id = 'csrfTokenDiv'; // Create a hidden input field and set its value to the generated CSRF token
var input = document.createElement('input');
input.type = 'hidden';
input.name = 'CSRFToken';
input.value = csrfToken;
csrfDiv.appendChild(input);
}

function getCSRFTokenFromClient() {
var csrfTokenDiv = document.getElementById('csrfTokenDiv');

if (csrfTokenDiv) {
var inputField = csrfTokenDiv.querySelector(
'input[type="hidden"][name="CSRFToken"]'
);

if (inputField) {
return inputField.value; // The CSRF token value
}
}
}
</script>
    <button id="makeRequestButton">Make AJAX Request</button>
</body>
</html>

0 comments on commit eab8006

Please sign in to comment.