From 1deb42430ce8eb76b2a3956c9a9fba87ba70443f Mon Sep 17 00:00:00 2001
From: Erik Hellman <erik.hellman@hellsoft.se>
Date: Thu, 18 Mar 2021 19:18:45 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=90=9B=20read=20xsrf=20token=20fro?=
 =?UTF-8?q?m=20script=20for=20createItem=20call?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/api.ts    | 21 +++++++++++++++++++--
 lib/routes.ts |  2 ++
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/lib/api.ts b/lib/api.ts
index 6c7258d9..14c2bea9 100644
--- a/lib/api.ts
+++ b/lib/api.ts
@@ -127,7 +127,7 @@ export class Api extends EventEmitter {
     const text = await response.text()
     const doc = html.parse(decode(text))
     const xsrfToken = doc.querySelector('input[name="__RequestVerificationToken"]').getAttribute('value') || ''
-    this.addHeader('X-XSRF-Token', xsrfToken)
+    this.addHeader('x-xsrf-token', xsrfToken)
   }
 
   private async retrieveApiKey(): Promise<void> {
@@ -159,6 +159,16 @@ export class Api extends EventEmitter {
     return authBody
   }
 
+  private async retrieveCreateItemXsrfToken() {
+    const url = routes.navigationControllerScript
+    const response = await this.fetch('navigationControllerScript', url, {})
+    const text = await response.text()
+
+    const xsrfRegExp = /'x-xsrf-token':'([\w\d]+)'/gm
+    const xsrfMatches = xsrfRegExp.exec(text)
+    return xsrfMatches && xsrfMatches.length > 1 ? xsrfMatches[1] : ''
+  }
+
   private async retrieveAuthToken(url: string, authBody: string): Promise<string> {
     const session = this.getRequestInit({
       method: 'POST',
@@ -177,7 +187,14 @@ export class Api extends EventEmitter {
     this.cookieManager.clearAll()
 
     // Perform request
-    const response = await this.fetch('createItem', url, session)
+    const createItemXsrfToken = await this.retrieveCreateItemXsrfToken()
+    const response = await this.fetch('createItem', url, {
+      ...session,
+      headers: {
+        ...session.headers,
+        'x-xsrf-token': createItemXsrfToken
+      }
+    })
 
     // Restore cookies
     cookies.forEach((cookie) => {
diff --git a/lib/routes.ts b/lib/routes.ts
index 1a6aa7ae..602bfdfb 100644
--- a/lib/routes.ts
+++ b/lib/routes.ts
@@ -51,3 +51,5 @@ export const auth = 'https://etjanst.stockholm.se/vardnadshavare/base/auth'
 export const startBundle = 'https://etjanst.stockholm.se/vardnadshavare/bundles/start'
 
 export const hemPage = 'https://etjanst.stockholm.se/vardnadshavare/inloggad2/hem'
+
+export const navigationControllerScript = 'https://etjanst.stockholm.se/vardnadshavare/bundles/navigationController'
\ No newline at end of file