redo ant csrf token

ensure anti csrf token and session is only created after login
2024-01-13 01:17:07 +08:00
parent f2a9facfaf
commit 183e73eca2
7 changed files with 96 additions and 47 deletions
--- a/package.json
+++ b/package.json
@ -23,6 +23,7 @@
    "csurf": "^1.11.0",
    "dotenv": "^16.3.1",
    "ejs": "^3.1.9",
+    "esm": "^3.2.25",
    "express": "^4.18.2",
    "express-session": "^1.17.3",
    "express-validator": "^7.0.1",
@ -30,6 +31,7 @@
    "moment": "^2.30.1",
    "mqtt": "^5.3.3",
    "mysql2": "^3.6.5",
+    "node-fetch": "^3.3.2",
    "nodemailer": "^6.9.7",
    "otp-generator": "^4.0.1",
    "otplib": "^12.0.1",