refactor(csrf): move csrf to own file

src/routes/csrf_protection.ts

@@ -0,0 +1,15 @@
+import { doubleCsrf } from "csrf-csrf";
+import sessionSecret from "../services/session_secret.js";
+
+const doubleCsrfUtilities = doubleCsrf({
+    getSecret: () => sessionSecret,
+    cookieOptions: {
+        path: "", // empty, so cookie is valid only for the current path
+        secure: false,
+        sameSite: false,
+        httpOnly: false
+    },
+    cookieName: "_csrf"
+});
+
+export const { doubleCsrfProtection } = doubleCsrfUtilities;

src/routes/routes.ts

@@ -9,13 +9,12 @@ import auth from "../services/auth.js";
 import cls from "../services/cls.js";
 import sql from "../services/sql.js";
 import entityChangesService from "../services/entity_changes.js";
-import { doubleCsrf } from "csrf-csrf";
+import { doubleCsrfProtection as csrfMiddleware } from "./csrf_protection.js";
 import { createPartialContentHandler } from "@triliumnext/express-partial-content";
 import rateLimit from "express-rate-limit";
 import AbstractBeccaEntity from "../becca/entities/abstract_becca_entity.js";
 import NotFoundError from "../errors/not_found_error.js";
 import ValidationError from "../errors/validation_error.js";
-import sessionSecret from "../services/session_secret.js";
 
 // page routes
 import setupRoute from "./setup.js";
@@ -72,16 +71,7 @@ import etapiSpecialNoteRoutes from "../etapi/special_notes.js";
 import etapiSpecRoute from "../etapi/spec.js";
 import etapiBackupRoute from "../etapi/backup.js";
 
-const { doubleCsrfProtection: csrfMiddleware } = doubleCsrf({
-    getSecret: () => sessionSecret,
-    cookieOptions: {
-        path: "", // empty, so cookie is valid only for the current path
-        secure: false,
-        sameSite: false,
-        httpOnly: false
-    },
-    cookieName: "_csrf"
-});
+
 
 const MAX_ALLOWED_FILE_SIZE_MB = 250;
 const GET = "get",