Refactor code for improved readability and consistency

- Updated CSRF middleware to enhance cookie value decoding. - Reformatted OAuth proxy token store initialization for better clarity. - Adjusted Challonge proxy router for consistent line breaks and readability. - Enhanced OAuth router error handling and response formatting. - Improved session router for better readability and consistency in fetching provider records. - Refactored OAuth token store to improve key derivation logging. - Cleaned up cookie options utility for better readability. - Enhanced Challonge client credentials composable for consistent API calls. - Streamlined OAuth composable for improved logging. - Refactored main.js for better readability in session initialization. - Improved Challonge v2.1 service error handling for better clarity. - Cleaned up API client utility for improved readability. - Enhanced ApiKeyManager.vue for better text formatting. - Refactored ChallongeTest.vue for improved readability in composable usage.
2026-02-03 12:50:25 -05:00
parent 700c1cbbbe
commit 8775f8b1fe
15 changed files with 182 additions and 76 deletions
--- a/code/websites/pokedex.online/server/middleware/csrf.js
+++ b/code/websites/pokedex.online/server/middleware/csrf.js
@@ -47,16 +47,22 @@ export function csrfMiddleware(options = {}) {
    // current '/' path). cookie-parser will pick one value, but the browser may
    // send both. Accept if the header matches ANY provided cookie value.
    const rawHeader = req.headers?.cookie || '';
-    const rawValues = getCookieValuesFromHeader(rawHeader, cookieName).map(v => {
-      try {
-        return decodeURIComponent(v);
-      } catch {
-        return v;
+    const rawValues = getCookieValuesFromHeader(rawHeader, cookieName).map(
+      v => {
+        try {
+          return decodeURIComponent(v);
+        } catch {
+          return v;
+        }
      }
-    });
+    );
    const anyMatch = csrfHeader && rawValues.includes(csrfHeader);

-    if (!csrfHeader || (!csrfCookie && !anyMatch) || (csrfCookie !== csrfHeader && !anyMatch)) {
+    if (
+      !csrfHeader ||
+      (!csrfCookie && !anyMatch) ||
+      (csrfCookie !== csrfHeader && !anyMatch)
+    ) {
      return res.status(403).json({
        error: 'CSRF validation failed',
        code: 'CSRF_FAILED'