From 9709bb9d7b12d62e24f4dbbedfc22ac99c0fbc9d Mon Sep 17 00:00:00 2001
From: rassadin11 <artem.rassadin.05@mail.ru>
Date: Sun, 10 May 2026 19:43:29 +0300
Subject: [PATCH] fix: authorization / registration

---
 src/shared/api/tokenStore.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/shared/api/tokenStore.ts b/src/shared/api/tokenStore.ts
index 5ceec58..13e4c25 100644
--- a/src/shared/api/tokenStore.ts
+++ b/src/shared/api/tokenStore.ts
@@ -9,7 +9,13 @@ export const tokenStore = {
 const REFRESH_URL = 'https://app.auth.elcsa.ru/v1/jwt/refresh'
 
 export async function refreshAccessToken(): Promise<string> {
-  const res = await fetch(REFRESH_URL, { method: 'POST', credentials: 'include' })
+  const { getCsrfToken } = await import('./csrf')
+  const csrf = await getCsrfToken()
+  const res = await fetch(REFRESH_URL, {
+    method: 'POST',
+    credentials: 'include',
+    headers: { 'X-CSRF-Token': csrf },
+  })
   if (!res.ok) throw new Error('Unauthorized')
   const data = await res.json()
   tokenStore.set(data.access_token)