npm - snakeia-server - Versions diffs - 1.1.4-2 → 1.1.5 - Mend

snakeia-server 1.1.4-2 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@ A server for my [SnakeIA](https://github.com/Eliastik/snakeia) game, written in
 ## About this server
-* Version 1.1.4.2 (6/18/2025)
+* Version 1.1.5 (6/18/2025)
 * Made in France by Eliastik - [eliastiksofts.com](http://eliastiksofts.com) - Contact : [eliastiksofts.com/contact](http://eliastiksofts.com/contact)
 * License: GNU GPLv3 (see LICENCE.txt file)
@@ -74,7 +74,7 @@ You can create another configuration file in the **config** directory named **lo
 ````
 {
     "ServerConfig": {
-        "version": "1.1.4.2", // The server version
+        "version": "1.1.5", // The server version
         "port": 3000, // The port where the server runs
         "proxyMode": false, // Sets this value to true if your server is behind a proxy - defaults to false
         "numberOfProxies": 1, // Sets the number of reverse proxies in front of the server. Default to 1. See: https://expressjs.com/en/guide/behind-proxies.html / https://express-rate-limit.mintlify.app/guides/troubleshooting-proxy-issues
@@ -120,6 +120,9 @@ You can create another configuration file in the **config** directory named **lo
 ## Changelog
+* Version 1.1.5 (6/18/2025):
+    - Fixed "Error: invalid CSRF token" occurring during certain actions in the administrator panel
 * Version 1.1.4.2 (6/18/2025):
     - Updated dependencies
@@ -185,7 +188,7 @@ Un serveur pour mon jeu [SnakeIA](https://github.com/Eliastik/snakeia), écrit e
 ## À propos de ce serveur
-* Version 1.1.4.2 (18/06/2025)
+* Version 1.1.5 (18/06/2025)
 * Made in France by Eliastik - [eliastiksofts.com](http://eliastiksofts.com) - Contact : [eliastiksofts.com/contact](http://eliastiksofts.com/contact)
 * Licence : GNU GPLv3 (voir le fichier LICENCE.txt)
@@ -251,7 +254,7 @@ Vous pouvez créer un fichier de configuration **local.json** dans le dossier **
 ````
 {
     "ServerConfig": {
-        "version": "1.1.4.2", // La version du serveur
+        "version": "1.1.5", // La version du serveur
         "port": 3000, // Le port sur lequel lancer le server
         "proxyMode": false, // Mettez à true si votre serveur est derrière un proxy - par défaut false
         "numberOfProxies": 1, // Configure le nombre de proxies devant votre serveur. Par défaut 1. Voir : https://expressjs.com/en/guide/behind-proxies.html / https://express-rate-limit.mintlify.app/guides/troubleshooting-proxy-issues
@@ -297,6 +300,9 @@ Vous pouvez créer un fichier de configuration **local.json** dans le dossier **
 ## Journal des changements
+* Version 1.1.5 (18/06/2025) :
+    - Correction de l’erreur "Error: invalid CSRF token" lors de certaines actions dans le panneau d’administration
 * Version 1.1.4.2 (18/06/2025) :
     - Mise à jour des dépendences

package/config/default.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "ServerConfig": {
-        "version": "1.1.4.2",
+        "version": "1.1.5",
         "port": 3000,
         "proxyMode": false,
         "numberOfProxies": 1,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "snakeia-server",
-  "version": "1.1.4-2",
+  "version": "1.1.5",
   "description": "Server for multiplaying in SnakeIA (https://github.com/Eliastik/snakeia)",
   "main": "server.js",
   "scripts": {

package/server.js CHANGED Viewed

@@ -96,6 +96,7 @@ i18n.configure({
 // Game modules
 const snakeia        = require("snakeia");
+const { randomUUID } = require("crypto");
 const Snake          = snakeia.Snake;
 const Grid           = snakeia.Grid;
 const GameConstants  = snakeia.GameConstants;
@@ -908,7 +909,8 @@ app.use(i18n.init);
 // Rate limiter
 app.use("/authentication", rateLimit({
   windowMs: config.authentWindowMs,
-  max: config.authentMaxRequest
+  max: config.authentMaxRequest,
+  validate: { trustProxy: false }
 }));
 // IP ban
@@ -1168,8 +1170,16 @@ function verifyFormAuthenticationAdmin(body) {
 }
 const csrfSecret = generateRandomJsonWebTokenSecretKey(jsonWebTokenSecretKeyAdmin);
-const { doubleCsrfProtection, generateToken } = doubleCsrf({
+const { doubleCsrfProtection, generateCsrfToken } = doubleCsrf({
   getSecret: () => csrfSecret,
+  getSessionIdentifier: (req) => req.cookies.tokenAdmin || randomUUID(),
+  getCsrfTokenFromRequest: (req) => {
+    return (
+      req.headers["x-csrf-token"] ||
+      req.body?._csrf ||
+      req.query?._csrf
+    );
+  },
   cookieName: productionMode ? "__Host-snakeia-server.x-csrf-token" : "snakeia-server.x-csrf-token",
   cookieOptions: {
     sameSite: productionMode ? "strict" : "lax",
@@ -1206,7 +1216,7 @@ app.get("/admin", doubleCsrfProtection, function(req, res) {
             games: games,
             io: io,
             config: config,
-            csrfToken: generateToken(req, res, true),
+            csrfToken: generateCsrfToken(req, res, { overwrite: true, validateOnReuse: true }),
             serverLog: logFile,
             errorLog: errorLogFile,
             getIPSocketIO: getIPSocketIO
@@ -1311,7 +1321,8 @@ app.use(function (err, req, res, next) {
 const adminRateLimiter = rateLimit({
   windowMs: config.authentWindowMs,
-  max: config.authentMaxRequest
+  max: config.authentMaxRequest,
+  validate: { trustProxy: false }
 });
 app.post("/admin", adminRateLimiter, function(req, res) {