marcel/familienarchiv
1
0
Fork 0
Code Issues 103 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(frontend): add CSRF injection, rate-limit i18n, and 429 login handling

Browse Source 
- handleFetch injects X-XSRF-TOKEN + XSRF-TOKEN cookie on all mutating
  backend API requests (double-submit cookie pattern); generates a fresh
  UUID when no XSRF-TOKEN cookie exists yet
- ErrorCode union gains CSRF_TOKEN_MISSING and TOO_MANY_LOGIN_ATTEMPTS;
  getErrorMessage maps both to i18n keys
- de/en/es messages add error_csrf_token_missing and
  error_too_many_login_attempts translations
- Login action maps HTTP 429 to fail(429, { ..., rateLimited: true });
  page shows a muted clock icon with aria-invalid on rate-limit errors

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-18 12:59:56 +02:00
committed by marcel
parent 4d6fb06e02
commit 78fd9e026e
8 changed files with 105 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
frontend/src/routes/login/+page.server.ts
View File

@@ -45,6 +45,10 @@ export const actions = {
return fail(401, { error: getErrorMessage(code) });
}
if (response.status === 429) {
return fail(429, { error: getErrorMessage('TOO_MANY_LOGIN_ATTEMPTS'), rateLimited: true });
}
if (!response.ok) {
return fail(response.status, { error: getErrorMessage('INTERNAL_ERROR') });
}