remove csrf for index route

2024-11-21 22:32:39 +01:00 · 2023-12-26 20:13:07 +00:00 · 2023-12-26 20:13:07 +00:00 · e37ff4392b
commit e37ff4392b
parent 66d57eeab7
2 changed files with 21 additions and 13 deletions
--- a/app/models.py
+++ b/app/models.py
@ -15,8 +15,8 @@ class User(UserMixin):
    def get_id(self):
        return str(self.userid)
    
-    def get(userid):
-        userData = Config.users.find_one({"userid": userid})
+    def get(self):
+        userData = Config.users.find_one({"userid": self})
        if not userData:
            return None
        else:
--- a/app/routes.py
+++ b/app/routes.py
@ -1,6 +1,15 @@
-from app import app, worker, bcrypt, loginManager
-from app.models import User
-from config import Config, Errors
+#!/usr/bin/env python3
+
+"""
+XYGT.CC - Routes
+A no-bullshit, anonymous, temporary file host.
+"""
+
+import os
+import io
+import random
+from io import BytesIO
+import magic
 from flask import render_template, request, send_file, redirect, flash
 from flask_login import login_user, current_user, logout_user, login_required
 from flask_wtf import FlaskForm
@ -8,11 +17,9 @@ from wtforms import StringField, PasswordField, SubmitField, BooleanField
 from wtforms.validators import DataRequired, Length, EqualTo
 from werkzeug.datastructures import FileStorage
 from werkzeug.utils import secure_filename
-from io import BytesIO
-import os
-import io
-import random
-import magic
+from app import app, worker, bcrypt, loginManager, csrf
+from app.models import User
+from config import Config, Errors

 class RegistrationForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired(), Length(min=2, max=16)])
@ -36,6 +43,7 @@ def load_user(userid):
    user = User.get(userid)
    return user

+@csrf.exempt
@app.route('/', methods=["GET", "POST"])
 def index():
    
@ -47,7 +55,7 @@ def index():
    elif request.method == "POST":

        # Before anything else, we want to take the IP if the logging is enabled
-        if Config.ipLogEnabled == True:
+        if Config.ipLogEnabled:
            ip = request.remote_addr
        else:
            # If not then return a 0
@ -86,7 +94,7 @@ def index():

            url = request.form['url']

-            result, status = worker.shortURL(url, ip, userid, id, retention)
+            result, status = worker.shortenURL(url, ip, userid, id, retention)

@app.route('/<id>')
 def getData(id):