Kobe/docupulse
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix all csfr token issues

Browse Source
This commit is contained in:
Kobe
2025-05-30 13:22:51 +02:00
parent fee79c6ec7
commit 9159817947
14 changed files with 39 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app.py
View File

@@ -35,7 +35,7 @@ def create_app():
@app.context_processor
def inject_csrf_token():
return dict(csrf_token=lambda: generate_csrf())
return dict(csrf_token=generate_csrf())
@app.context_processor
def inject_config():

BIN
routes/__pycache__/main.cpython-313.pyc
View File

Binary file not shown.

BIN
routes/__pycache__/room_files.cpython-313.pyc
View File

Binary file not shown.

5
routes/main.py
View File

@@ -2,7 +2,6 @@ from flask import render_template, Blueprint, redirect, url_for, request, flash,
from flask_login import current_user, login_required
from models import User, db, Room, RoomFile, RoomMemberPermission, SiteSettings, Event
from routes.auth import require_password_change
from utils.event_logger import log_event
import os
from werkzeug.utils import secure_filename
from sqlalchemy import func, case, literal_column, text
@@ -361,10 +360,6 @@ def init_routes(main_bp):
}
logger.debug(f"Preparing to create profile update event with details: {event_details}")
# Create the event
event = log_event('user_update', event_details, current_user.id)
logger.debug("Event object created and added to session")
# Commit all changes
db.session.commit()
logger.debug("Profile changes and event committed to database successfully")

6
static/js/debugging.js
View File

@@ -22,7 +22,7 @@ document.getElementById('syncFilesBtn').addEventListener('click', async function
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
}
});
@@ -81,7 +81,7 @@ document.getElementById('verifyDbBtn').addEventListener('click', async function(
method: 'GET',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
}
});
@@ -137,7 +137,7 @@ document.getElementById('cleanupOrphanedBtn').addEventListener('click', async fu
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
}
});

12
static/js/events.js
View File

@@ -52,12 +52,12 @@ document.addEventListener('DOMContentLoaded', function() {
// Format the details for display
const formattedDetails = {
'Event ID': data.id,
'Event Type': data.event_type,
'Timestamp': new Date(data.timestamp).toLocaleString(),
'User': data.user ? `${data.user.username} (${data.user.last_name})` : 'N/A',
'IP Address': data.ip_address || 'N/A',
'User Agent': data.user_agent || 'N/A'
// 'Event ID': data.id,
// 'Event Type': data.event_type,
// 'Timestamp': new Date(data.timestamp).toLocaleString(),
// 'User': data.user ? `${data.user.username} (${data.user.last_name})` : 'N/A',
// 'IP Address': data.ip_address || 'N/A',
// 'User Agent': data.user_agent || 'N/A'
};
// Handle details separately

10
static/js/file-grid.js
View File

@@ -80,7 +80,7 @@ function toggleView(view) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({ preferred_view: view })
})
@@ -344,7 +344,7 @@ function toggleStar(filename, path = '', roomId) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: filename,
@@ -384,7 +384,7 @@ function restoreFile(filename, path = '', roomId) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: filename,
@@ -438,7 +438,7 @@ function permanentDeleteFile() {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: filename,
@@ -530,7 +530,7 @@ function emptyTrash() {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
}
})
);

10
static/js/rooms/fileManager.js
View File

@@ -89,7 +89,7 @@ export class FileManager {
const response = await fetch(url, {
method: 'DELETE',
headers: {
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
}
});
@@ -276,7 +276,7 @@ export class FileManager {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: file.name,
@@ -339,7 +339,7 @@ export class FileManager {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: filename,
@@ -513,7 +513,7 @@ export class FileManager {
try {
const response = await fetch(url, {
method: 'DELETE',
headers: { 'X-CSRFToken': csrfToken }
headers: { 'X-CSRF-Token': csrfToken }
});
const result = await response.json();
if (!result.success) {
@@ -536,7 +536,7 @@ export class FileManager {
try {
const response = await fetch(url, {
method: 'DELETE',
headers: { 'X-CSRFToken': csrfToken }
headers: { 'X-CSRF-Token': csrfToken }
});
const result = await response.json();
if (result.success) {

2
static/js/rooms/modalManager.js
View File

@@ -319,7 +319,7 @@ export class ModalManager {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
name: folderName,

2
static/js/rooms/uploadManager.js
View File

@@ -240,7 +240,7 @@ export class UploadManager {
const csrfToken = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
const response = await fetch(`/api/rooms/${this.roomManager.roomId}/files/upload`, {
method: 'POST',
headers: { 'X-CSRFToken': csrfToken },
headers: { 'X-CSRF-Token': csrfToken },
body: formData
});

2
static/js/starred.js
View File

@@ -67,7 +67,7 @@ function toggleView(view) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
},
body: JSON.stringify({ preferred_view: view })
})

4
static/js/trash.js
View File

@@ -70,7 +70,7 @@ window.emptyTrash = function() {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
}
})
);
@@ -189,7 +189,7 @@ function toggleView(view) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
},
body: JSON.stringify({ preferred_view: view })
})

28
templates/rooms/roombefore.html
View File

@@ -611,7 +611,7 @@ function toggleView(view) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]').getAttribute('content')
},
body: JSON.stringify({ preferred_view: view })
})
@@ -974,7 +974,7 @@ if (canDownload === true || canDownload === 'true') {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({ items: selectedItems })
})
@@ -1057,7 +1057,7 @@ function deleteFileConfirmed() {
if (item.path) url += `?path=${encodeURIComponent(item.path)}`;
fetch(url, {
method: 'DELETE',
headers: { 'X-CSRFToken': csrfToken }
headers: { 'X-CSRF-Token': csrfToken }
})
.then(r => r.json())
.then(() => {
@@ -1078,7 +1078,7 @@ function deleteFileConfirmed() {
fetch(url, {
method: 'DELETE',
headers: {
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
}
})
.then(r => r.json())
@@ -1140,7 +1140,7 @@ document.getElementById('confirmRenameBtn').addEventListener('click', function()
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
old_name: renameTarget,
@@ -1199,7 +1199,7 @@ function toggleStar(filename, path) {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: filename,
@@ -1296,7 +1296,7 @@ function moveFileConfirmed() {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
filename: fileToMove,
@@ -1368,7 +1368,7 @@ document.addEventListener('DOMContentLoaded', function() {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
name: folderName,
@@ -1552,7 +1552,7 @@ document.addEventListener('DOMContentLoaded', function() {
const response = await fetch(`/api/rooms/${roomId}/files/upload`, {
method: 'POST',
headers: { 'X-CSRFToken': csrfToken },
headers: { 'X-CSRF-Token': csrfToken },
body: uploadFormData
});
@@ -1605,7 +1605,7 @@ document.addEventListener('DOMContentLoaded', function() {
uploadFormData.append('overwrite', 'true');
const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
method: 'POST',
headers: { 'X-CSRFToken': csrfToken },
headers: { 'X-CSRF-Token': csrfToken },
body: uploadFormData
});
@@ -1622,7 +1622,7 @@ document.addEventListener('DOMContentLoaded', function() {
uploadFormData.append('overwrite', 'true');
const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
method: 'POST',
headers: { 'X-CSRFToken': csrfToken },
headers: { 'X-CSRF-Token': csrfToken },
body: uploadFormData
});
@@ -1658,7 +1658,7 @@ document.addEventListener('DOMContentLoaded', function() {
uploadFormData.append('overwrite', 'true');
const retryResponse = await fetch(`/api/rooms/${roomId}/files/upload`, {
method: 'POST',
headers: { 'X-CSRFToken': csrfToken },
headers: { 'X-CSRF-Token': csrfToken },
body: uploadFormData
});
@@ -1729,7 +1729,7 @@ if (canRename === true || canRename === 'true') {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({
old_name: renameTarget,
@@ -1771,7 +1771,7 @@ if (canDownload === true || canDownload === 'true') {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
'X-CSRF-Token': csrfToken
},
body: JSON.stringify({ items: selectedItems })
})

BIN
utils/__pycache__/__init__.cpython-313.pyc
View File

Binary file not shown.