yagich/pyrom
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

add csrf protection

Browse Source
This commit is contained in:
Lera Elvoé
2026-04-19 12:57:59 +03:00
parent 9682295dae
commit 0c2e920206
6 changed files with 77 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/util.py
View File

@@ -1,5 +1,6 @@
from flask import url_for
from flask import url_for, session
from .models import Posts, Threads
from .auth import is_logged_in
def get_post_url(post_id, _anchor=False, external=False):
post = Posts.find({'id': post_id})
@@ -14,3 +15,12 @@ def get_post_url(post_id, _anchor=False, external=False):
def dict_to_query_string(d) -> str:
return '?' + '&'.join([f'{key}={str(value)}' for key, value in d.items()])
def get_csrf_token():
if not is_logged_in():
return ''
return session.get('csrf', '')
def csrf_input():
return f'<input type="hidden" name="csrf" value="{get_csrf_token()}">'