add csrf protection

2026-04-19 12:57:59 +03:00
parent 9682295dae
commit 0c2e920206
6 changed files with 77 additions and 10 deletions
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -2,7 +2,11 @@ from flask import Blueprint, redirect, url_for, render_template, request, sessio
 from functools import wraps
 import time

-from ..auth import digest, verify, create_session, is_logged_in, parse_username, is_password_valid, login_required
+from ..auth import (
+    digest, verify, create_session,
+    is_logged_in, parse_username, is_password_valid,
+    login_required
+    )
 from ..models import Users
 from ..constants import PermissionLevel
 from secrets import compare_digest as compare_timesafe
@@ -24,6 +28,11 @@ def redirect_if_logged_in(destination='topics.all_topics'):
 def log_in():
    return render_template('users/log_in.html')

+@bp.post('/log-out/')
+@login_required
+def log_out():
+    return 'stub'
+
@bp.post('/log-in/')
@redirect_if_logged_in()
 def log_in_post():
@@ -124,7 +133,3 @@ def inbox(username):
 def bookmarks(username):
    return 'stub'

-@bp.post('/<username>/log_out/')
-@login_required
-def log_out(username):
-    return 'stub'