added Flask-paranoid module to secure cookies better

2018-06-05 17:19:59 -04:00
2 changed files with 8 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -6,6 +6,6 @@ Note: I switched to Gunicorn at some point because Bjoern was somehow annoying.
 Dependencies:
-```passlib argon2_cffi flask gunicorn```
+```passlib argon2_cffi flask gunicorn flask-paranoid```
 This application makes use of the `secrets` module (a cryptographically strong version of `random`) from the standard library, which is only available in Python 3.6+. If you really can't be bothered use the latest version of python3, or just don't want cryptographically strong random character filenames/prefixes for some reason, you can directly replace all instances of `secrets` with `random`.
--- a/fileHost.py
+++ b/fileHost.py
@ -14,6 +14,7 @@ from passlib.hash import argon2
 from flask import Flask, session, request, abort, redirect, url_for, g, \
 	render_template
 from werkzeug.utils import secure_filename
 from flask_paranoid import Paranoid
 class ReverseProxied(object):
 	"""
@ -74,7 +75,6 @@ app.config["UPLOAD_URL"] = "https://steelbea.me/up/"
 app.config["DB_NAME"] = "fileHost.db"
 app.config["DB_LOCK"] = threading.Lock()
 def db_execute(*args, **kwargs):
 	"""
 	Opens a connection to the app's database and executes the SQL statements
@ -88,7 +88,6 @@ def db_execute(*args, **kwargs):
 		return res
 def init():
 	"""
 	Initializes the application.
@ -114,7 +113,8 @@ def init():
 			"id INTEGER PRIMARY KEY,"
 			"username TEXT,"
 			"pw_hash TEXT,"
-			"admin BOOL DEFAULT FALSE)")
+			"admin BOOL DEFAULT FALSE,"
 			"token)")
 		db_execute("CREATE TABLE uploads("
 			"filename TEXT,"
@ -127,6 +127,10 @@ def init():
 	t.start()
 	app.config["CRON_THREAD"] = t
 	# init paranoid
 	app.config["paranoid"] = Paranoid(app)
 	app.config["paranoid"].redirect_view = 'login'
 def add_user(username, password, admin="FALSE"):
 	"""