remove csrf for index route

This commit is contained in:
Jack Eilles 2023-12-26 20:13:07 +00:00
parent 66d57eeab7
commit e37ff4392b
2 changed files with 21 additions and 13 deletions

View file

@ -11,12 +11,12 @@ class User(UserMixin):
def __repr__(self): def __repr__(self):
return f"User('{self.user}', '{self.userid}', '{self.password}', '{self.idpass}', '{self.level}')" return f"User('{self.user}', '{self.userid}', '{self.password}', '{self.idpass}', '{self.level}')"
def get_id(self): def get_id(self):
return str(self.userid) return str(self.userid)
def get(userid): def get(self):
userData = Config.users.find_one({"userid": userid}) userData = Config.users.find_one({"userid": self})
if not userData: if not userData:
return None return None
else: else:

View file

@ -1,6 +1,15 @@
from app import app, worker, bcrypt, loginManager #!/usr/bin/env python3
from app.models import User
from config import Config, Errors """
XYGT.CC - Routes
A no-bullshit, anonymous, temporary file host.
"""
import os
import io
import random
from io import BytesIO
import magic
from flask import render_template, request, send_file, redirect, flash from flask import render_template, request, send_file, redirect, flash
from flask_login import login_user, current_user, logout_user, login_required from flask_login import login_user, current_user, logout_user, login_required
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
@ -8,11 +17,9 @@ from wtforms import StringField, PasswordField, SubmitField, BooleanField
from wtforms.validators import DataRequired, Length, EqualTo from wtforms.validators import DataRequired, Length, EqualTo
from werkzeug.datastructures import FileStorage from werkzeug.datastructures import FileStorage
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
from io import BytesIO from app import app, worker, bcrypt, loginManager, csrf
import os from app.models import User
import io from config import Config, Errors
import random
import magic
class RegistrationForm(FlaskForm): class RegistrationForm(FlaskForm):
username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)]) username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)])
@ -36,6 +43,7 @@ def load_user(userid):
user = User.get(userid) user = User.get(userid)
return user return user
@csrf.exempt
@app.route('/', methods=["GET", "POST"]) @app.route('/', methods=["GET", "POST"])
def index(): def index():
@ -47,7 +55,7 @@ def index():
elif request.method == "POST": elif request.method == "POST":
# Before anything else, we want to take the IP if the logging is enabled # Before anything else, we want to take the IP if the logging is enabled
if Config.ipLogEnabled == True: if Config.ipLogEnabled:
ip = request.remote_addr ip = request.remote_addr
else: else:
# If not then return a 0 # If not then return a 0
@ -86,7 +94,7 @@ def index():
url = request.form['url'] url = request.form['url']
result, status = worker.shortURL(url, ip, userid, id, retention) result, status = worker.shortenURL(url, ip, userid, id, retention)
@app.route('/<id>') @app.route('/<id>')
def getData(id): def getData(id):