mirror of
https://github.com/jackeilles/xygt.git
synced 2024-11-21 22:32:39 +01:00
remove csrf for index route
This commit is contained in:
parent
66d57eeab7
commit
e37ff4392b
2 changed files with 21 additions and 13 deletions
|
@ -15,8 +15,8 @@ class User(UserMixin):
|
||||||
def get_id(self):
|
def get_id(self):
|
||||||
return str(self.userid)
|
return str(self.userid)
|
||||||
|
|
||||||
def get(userid):
|
def get(self):
|
||||||
userData = Config.users.find_one({"userid": userid})
|
userData = Config.users.find_one({"userid": self})
|
||||||
if not userData:
|
if not userData:
|
||||||
return None
|
return None
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -1,6 +1,15 @@
|
||||||
from app import app, worker, bcrypt, loginManager
|
#!/usr/bin/env python3
|
||||||
from app.models import User
|
|
||||||
from config import Config, Errors
|
"""
|
||||||
|
XYGT.CC - Routes
|
||||||
|
A no-bullshit, anonymous, temporary file host.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import os
|
||||||
|
import io
|
||||||
|
import random
|
||||||
|
from io import BytesIO
|
||||||
|
import magic
|
||||||
from flask import render_template, request, send_file, redirect, flash
|
from flask import render_template, request, send_file, redirect, flash
|
||||||
from flask_login import login_user, current_user, logout_user, login_required
|
from flask_login import login_user, current_user, logout_user, login_required
|
||||||
from flask_wtf import FlaskForm
|
from flask_wtf import FlaskForm
|
||||||
|
@ -8,11 +17,9 @@ from wtforms import StringField, PasswordField, SubmitField, BooleanField
|
||||||
from wtforms.validators import DataRequired, Length, EqualTo
|
from wtforms.validators import DataRequired, Length, EqualTo
|
||||||
from werkzeug.datastructures import FileStorage
|
from werkzeug.datastructures import FileStorage
|
||||||
from werkzeug.utils import secure_filename
|
from werkzeug.utils import secure_filename
|
||||||
from io import BytesIO
|
from app import app, worker, bcrypt, loginManager, csrf
|
||||||
import os
|
from app.models import User
|
||||||
import io
|
from config import Config, Errors
|
||||||
import random
|
|
||||||
import magic
|
|
||||||
|
|
||||||
class RegistrationForm(FlaskForm):
|
class RegistrationForm(FlaskForm):
|
||||||
username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)])
|
username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)])
|
||||||
|
@ -36,6 +43,7 @@ def load_user(userid):
|
||||||
user = User.get(userid)
|
user = User.get(userid)
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
@csrf.exempt
|
||||||
@app.route('/', methods=["GET", "POST"])
|
@app.route('/', methods=["GET", "POST"])
|
||||||
def index():
|
def index():
|
||||||
|
|
||||||
|
@ -47,7 +55,7 @@ def index():
|
||||||
elif request.method == "POST":
|
elif request.method == "POST":
|
||||||
|
|
||||||
# Before anything else, we want to take the IP if the logging is enabled
|
# Before anything else, we want to take the IP if the logging is enabled
|
||||||
if Config.ipLogEnabled == True:
|
if Config.ipLogEnabled:
|
||||||
ip = request.remote_addr
|
ip = request.remote_addr
|
||||||
else:
|
else:
|
||||||
# If not then return a 0
|
# If not then return a 0
|
||||||
|
@ -86,7 +94,7 @@ def index():
|
||||||
|
|
||||||
url = request.form['url']
|
url = request.form['url']
|
||||||
|
|
||||||
result, status = worker.shortURL(url, ip, userid, id, retention)
|
result, status = worker.shortenURL(url, ip, userid, id, retention)
|
||||||
|
|
||||||
@app.route('/<id>')
|
@app.route('/<id>')
|
||||||
def getData(id):
|
def getData(id):
|
||||||
|
|
Loading…
Reference in a new issue