added Flask-paranoid module to secure cookies better
This commit is contained in:
parent
f750421141
commit
d3c744e072
|
@ -6,6 +6,6 @@ Note: I switched to Gunicorn at some point because Bjoern was somehow annoying.
|
||||||
|
|
||||||
Dependencies:
|
Dependencies:
|
||||||
|
|
||||||
```passlib argon2_cffi flask gunicorn```
|
```passlib argon2_cffi flask gunicorn flask-paranoid```
|
||||||
|
|
||||||
This application makes use of the `secrets` module (a cryptographically strong version of `random`) from the standard library, which is only available in Python 3.6+. If you really can't be bothered use the latest version of python3, or just don't want cryptographically strong random character filenames/prefixes for some reason, you can directly replace all instances of `secrets` with `random`.
|
This application makes use of the `secrets` module (a cryptographically strong version of `random`) from the standard library, which is only available in Python 3.6+. If you really can't be bothered use the latest version of python3, or just don't want cryptographically strong random character filenames/prefixes for some reason, you can directly replace all instances of `secrets` with `random`.
|
||||||
|
|
|
@ -14,6 +14,7 @@ from passlib.hash import argon2
|
||||||
from flask import Flask, session, request, abort, redirect, url_for, g, \
|
from flask import Flask, session, request, abort, redirect, url_for, g, \
|
||||||
render_template
|
render_template
|
||||||
from werkzeug.utils import secure_filename
|
from werkzeug.utils import secure_filename
|
||||||
|
from flask_paranoid import Paranoid
|
||||||
|
|
||||||
class ReverseProxied(object):
|
class ReverseProxied(object):
|
||||||
"""
|
"""
|
||||||
|
@ -74,6 +75,9 @@ app.config["UPLOAD_URL"] = "https://steelbea.me/up/"
|
||||||
app.config["DB_NAME"] = "fileHost.db"
|
app.config["DB_NAME"] = "fileHost.db"
|
||||||
app.config["DB_LOCK"] = threading.Lock()
|
app.config["DB_LOCK"] = threading.Lock()
|
||||||
|
|
||||||
|
paranoid = Paranoid(app)
|
||||||
|
paranoid.redirect_view = 'login'
|
||||||
|
|
||||||
|
|
||||||
def db_execute(*args, **kwargs):
|
def db_execute(*args, **kwargs):
|
||||||
"""
|
"""
|
||||||
|
@ -88,7 +92,6 @@ def db_execute(*args, **kwargs):
|
||||||
return res
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def init():
|
def init():
|
||||||
"""
|
"""
|
||||||
Initializes the application.
|
Initializes the application.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user