mirror of
				https://github.com/simon987/od-database.git
				synced 2025-10-26 03:56:52 +00:00 
			
		
		
		
	Fix captcha part 2: don't store captcha answer in session cookie
This commit is contained in:
		
							parent
							
								
									e8965497d4
								
							
						
					
					
						commit
						204b82b71f
					
				
							
								
								
									
										5
									
								
								api.py
									
									
									
									
									
								
							
							
						
						
									
										5
									
								
								api.py
									
									
									
									
									
								
							| @ -1,6 +1,7 @@ | |||||||
| import json | import json | ||||||
| import os | import os | ||||||
| from threading import Lock | from threading import Lock | ||||||
|  | from uuid import uuid4 | ||||||
| 
 | 
 | ||||||
| from flask import request, abort, Response, send_file, session | from flask import request, abort, Response, send_file, session | ||||||
| 
 | 
 | ||||||
| @ -254,7 +255,9 @@ def setup_api(app): | |||||||
|     @app.route("/cap", methods=["GET"]) |     @app.route("/cap", methods=["GET"]) | ||||||
|     def cap(): |     def cap(): | ||||||
|         word = captcha.make_captcha() |         word = captcha.make_captcha() | ||||||
|         session["cap"] = word |         cap_id = uuid4() | ||||||
|  |         session["cap"] = cap_id | ||||||
|  |         oddb.sessionStore[cap_id] = word | ||||||
| 
 | 
 | ||||||
|         return send_file(captcha.get_path(word), cache_timeout=0) |         return send_file(captcha.get_path(word), cache_timeout=0) | ||||||
| 
 | 
 | ||||||
|  | |||||||
							
								
								
									
										1
									
								
								app.py
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								app.py
									
									
									
									
									
								
							| @ -9,6 +9,7 @@ app = Flask(__name__) | |||||||
| app.secret_key = config.FLASK_SECRET | app.secret_key = config.FLASK_SECRET | ||||||
| template_filters.setup_template_filters(app) | template_filters.setup_template_filters(app) | ||||||
| 
 | 
 | ||||||
|  | 
 | ||||||
| views.setup_views(app) | views.setup_views(app) | ||||||
| api.setup_api(app) | api.setup_api(app) | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -5,6 +5,7 @@ from PIL import Image, ImageDraw, ImageFont | |||||||
| from flask import request, session | from flask import request, session | ||||||
| 
 | 
 | ||||||
| import config | import config | ||||||
|  | import common as oddb | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| def get_code(): | def get_code(): | ||||||
| @ -35,7 +36,7 @@ def verify(): | |||||||
|         request.args.get("cap") if "cap" in request.args else "" |         request.args.get("cap") if "cap" in request.args else "" | ||||||
|     ) |     ) | ||||||
| 
 | 
 | ||||||
|     if "cap" in session and session["cap"] == attempt: |     if "cap" in session and session["cap"] in oddb.sessionStore and oddb.sessionStore[session["cap"]] == attempt: | ||||||
|         session["cap_remaining"] = config.CAPTCHA_EVERY |         session["cap_remaining"] = config.CAPTCHA_EVERY | ||||||
|         return True |         return True | ||||||
|     return False |     return False | ||||||
|  | |||||||
| @ -26,6 +26,9 @@ searchEngine = ElasticSearchEngine("od-database") | |||||||
| searchEngine.start_stats_scheduler() | searchEngine.start_stats_scheduler() | ||||||
| db = Database("db.sqlite3") | db = Database("db.sqlite3") | ||||||
| 
 | 
 | ||||||
|  | # temporary hotfix... | ||||||
|  | sessionStore = dict() | ||||||
|  | 
 | ||||||
| 
 | 
 | ||||||
| def require_role(role: str): | def require_role(role: str): | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user