diff --git a/api/src/unraid-api/auth/casbin/casbin.service.ts b/api/src/unraid-api/auth/casbin/casbin.service.ts index 09fa20d9a..895559f8e 100644 --- a/api/src/unraid-api/auth/casbin/casbin.service.ts +++ b/api/src/unraid-api/auth/casbin/casbin.service.ts @@ -2,6 +2,8 @@ import { Injectable, InternalServerErrorException, Logger, OnModuleInit } from ' import { Model as CasbinModel, Enforcer, newEnforcer, StringAdapter } from 'casbin'; +import { LOG_LEVEL } from '@app/environment'; + @Injectable() export class CasbinService { private readonly logger = new Logger(CasbinService.name); @@ -18,7 +20,9 @@ export class CasbinService { const casbinPolicy = new StringAdapter(policy); try { const enforcer = await newEnforcer(casbinModel, casbinPolicy); - enforcer.enableLog(true); + if (LOG_LEVEL === 'TRACE') { + enforcer.enableLog(true); + } return enforcer; } catch (error: unknown) { diff --git a/api/src/unraid-api/auth/cookie.strategy.ts b/api/src/unraid-api/auth/cookie.strategy.ts index 8383116d2..580898af8 100644 --- a/api/src/unraid-api/auth/cookie.strategy.ts +++ b/api/src/unraid-api/auth/cookie.strategy.ts @@ -19,8 +19,9 @@ export class UserCookieStrategy extends PassportStrategy(Strategy, strategyName) public validate = async (req: CustomRequest): Promise => { return ( - this.authService.validateCsrfToken(req.headers['x-csrf-token']) && - this.authService.validateCookiesCasbin(req.cookies) + this.authService.validateCsrfToken( + req.headers['x-csrf-token'] || (req.params as { csrf_token?: string })?.csrf_token + ) && this.authService.validateCookiesCasbin(req.cookies) ); }; } diff --git a/web/components/DownloadApiLogs.ce.vue b/web/components/DownloadApiLogs.ce.vue index fb6368232..efd0764e3 100644 --- a/web/components/DownloadApiLogs.ce.vue +++ b/web/components/DownloadApiLogs.ce.vue @@ -6,7 +6,11 @@ import { useI18n } from 'vue-i18n'; const { t } = useI18n(); -const downloadUrl = computed(() => new URL(`/graphql/api/logs`, WEBGUI_GRAPHQL)); +const downloadUrl = computed(() => { + const url = new URL(`/graphql/api/logs`, WEBGUI_GRAPHQL); + url.searchParams.append('csrf_token', globalThis.csrf_token); + return url; +});