Add CSRF token support

public/src/js/accounts.js

@@ -1,3 +1,5 @@
+const csrfMeta = document.querySelector('meta[name="csrf"]');
+var csrf = csrfMeta?.content;
 window.onload = async () => {
   const popup = document.getElementById("popup");
   const loginSection = document.getElementById("login");
@@ -71,11 +73,12 @@ window.onload = async () => {
     const { username, pass } = loginForm;
     const res = await fetch("/login", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: { "Content-Type": "application/json", "X-CSRF-Token": csrf },
       body: JSON.stringify({ username: username.value, pass: pass.value }),
     });
     const data = await res.json();
     loginInfo.innerText = data.message;
+    csrf = data.csrf_token;
     if (data.success == "true") {
       loginButton.style.display = "none";
       signupButton.style.display = "none";
@@ -91,7 +94,7 @@ window.onload = async () => {
     const { username, email, pass } = signupForm;
     const res = await fetch("/signup", {
       method: "POST",
-      headers: { "Content-Type": "application/json" },
+      headers: { "Content-Type": "application/json", "X-CSRF-Token": csrf },
       body: JSON.stringify({
         username: username.value,
         email: email.value,
@@ -100,6 +103,7 @@ window.onload = async () => {
     });
     const data = await res.json();
     signupInfo.innerText = data.message;
+    csrf = data.csrf_token;
     if (data.success == "true") {
       loginButton.style.display = "none";
       signupButton.style.display = "none";