adds optional user_token nicknames

src/admin/common.ts

@@ -45,6 +45,7 @@ export function paginate(set: unknown[], page: number, pageSize: number = 20) {
 export const UserSchema = z
   .object({
     ip: z.array(z.string()).optional(),
+    nickname: z.string().max(80).optional(),
     type: z.enum(["normal", "special"]).optional(),
     promptCount: z.number().optional(),
     tokenCount: z.any().optional(), // never used, but remains for compatibility

src/admin/csrf.ts

@@ -8,7 +8,11 @@ const { generateToken, doubleCsrfProtection } = doubleCsrf({
   getSecret: () => CSRF_SECRET,
   cookieName: "csrf",
   cookieOptions: { sameSite: "strict", path: "/" },
-  getTokenFromRequest: (req) => req.body["_csrf"] || req.query["_csrf"],
+  getTokenFromRequest: (req) => {
+    const val = req.body["_csrf"] || req.query["_csrf"];
+    delete req.body["_csrf"];
+    return val;
+  },
 });
 
 const injectCsrfToken: express.RequestHandler = (req, res, next) => {

src/admin/routes.ts

@@ -37,7 +37,8 @@ adminRouter.use(
     } else if (err.name === "ForbiddenError") {
       data.status = 403;
       if (err.message === "invalid csrf token") {
-        data.message = "Invalid CSRF token; try refreshing the previous page before submitting again.";
+        data.message =
+          "Invalid CSRF token; try refreshing the previous page before submitting again.";
       }
       return res.status(403).render("admin/error", { ...data, flash: null });
     }