From e37ff4392bc01033be724bc6fc8059d5138861c8 Mon Sep 17 00:00:00 2001 From: Jack Eilles Date: Tue, 26 Dec 2023 20:13:07 +0000 Subject: [PATCH] remove csrf for index route --- app/models.py | 6 +++--- app/routes.py | 28 ++++++++++++++++++---------- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/app/models.py b/app/models.py index 698fa5b..5f7795e 100644 --- a/app/models.py +++ b/app/models.py @@ -11,12 +11,12 @@ class User(UserMixin): def __repr__(self): return f"User('{self.user}', '{self.userid}', '{self.password}', '{self.idpass}', '{self.level}')" - + def get_id(self): return str(self.userid) - def get(userid): - userData = Config.users.find_one({"userid": userid}) + def get(self): + userData = Config.users.find_one({"userid": self}) if not userData: return None else: diff --git a/app/routes.py b/app/routes.py index 08313e8..14085a2 100644 --- a/app/routes.py +++ b/app/routes.py @@ -1,6 +1,15 @@ -from app import app, worker, bcrypt, loginManager -from app.models import User -from config import Config, Errors +#!/usr/bin/env python3 + +""" +XYGT.CC - Routes +A no-bullshit, anonymous, temporary file host. +""" + +import os +import io +import random +from io import BytesIO +import magic from flask import render_template, request, send_file, redirect, flash from flask_login import login_user, current_user, logout_user, login_required from flask_wtf import FlaskForm @@ -8,11 +17,9 @@ from wtforms import StringField, PasswordField, SubmitField, BooleanField from wtforms.validators import DataRequired, Length, EqualTo from werkzeug.datastructures import FileStorage from werkzeug.utils import secure_filename -from io import BytesIO -import os -import io -import random -import magic +from app import app, worker, bcrypt, loginManager, csrf +from app.models import User +from config import Config, Errors class RegistrationForm(FlaskForm): username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)]) @@ -36,6 +43,7 @@ def load_user(userid): user = User.get(userid) return user +@csrf.exempt @app.route('/', methods=["GET", "POST"]) def index(): @@ -47,7 +55,7 @@ def index(): elif request.method == "POST": # Before anything else, we want to take the IP if the logging is enabled - if Config.ipLogEnabled == True: + if Config.ipLogEnabled: ip = request.remote_addr else: # If not then return a 0 @@ -86,7 +94,7 @@ def index(): url = request.form['url'] - result, status = worker.shortURL(url, ip, userid, id, retention) + result, status = worker.shortenURL(url, ip, userid, id, retention) @app.route('/') def getData(id):