From d3c744e0723469c44ad238169b4ea552f0fc3e2d Mon Sep 17 00:00:00 2001
From: iou1name <iou1name@national.shitposting.agency>
Date: Tue, 5 Jun 2018 17:19:59 -0400
Subject: [PATCH] added Flask-paranoid module to secure cookies better

---
 README.md   | 2 +-
 fileHost.py | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f48daf2..a2dd7d5 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,6 @@ Note: I switched to Gunicorn at some point because Bjoern was somehow annoying.
 
 Dependencies:
 
-```passlib argon2_cffi flask gunicorn```
+```passlib argon2_cffi flask gunicorn flask-paranoid```
 
 This application makes use of the `secrets` module (a cryptographically strong version of `random`) from the standard library, which is only available in Python 3.6+. If you really can't be bothered use the latest version of python3, or just don't want cryptographically strong random character filenames/prefixes for some reason, you can directly replace all instances of `secrets` with `random`.
diff --git a/fileHost.py b/fileHost.py
index f03fdb0..cd3e091 100755
--- a/fileHost.py
+++ b/fileHost.py
@@ -14,6 +14,7 @@ from passlib.hash import argon2
 from flask import Flask, session, request, abort, redirect, url_for, g, \
 	render_template
 from werkzeug.utils import secure_filename
+from flask_paranoid import Paranoid
 
 class ReverseProxied(object):
 	"""
@@ -74,6 +75,9 @@ app.config["UPLOAD_URL"] = "https://steelbea.me/up/"
 app.config["DB_NAME"] = "fileHost.db"
 app.config["DB_LOCK"] = threading.Lock()
 
+paranoid = Paranoid(app)
+paranoid.redirect_view = 'login'
+
 
 def db_execute(*args, **kwargs):
 	"""
@@ -88,7 +92,6 @@ def db_execute(*args, **kwargs):
 		return res
 
 
-
 def init():
 	"""
 	Initializes the application.