jX0RJYBi

· 9 years ago · Sep 19, 2016, 02:02 PM
1session     <SecureCookieSession {'csrf_token': 'f77845b25c09a487a260369ad0ec531f20c3e372'}>
2	
3SECRET_KEY = 'iddqd3133122'
4	
5onclick="Sijax.request('say_hi', { data: { 'csrf_token': '1474296572##ae6869da1ecba603d2819d02144d5aad63988140' } });"
6	
7import os
8from flask import (Flask,
9                   redirect,
10                   url_for,
11                   session,
12                   request,
13                   abort,
14                   current_app)
15# from flask_login import LoginManager
16from flask_wtf.csrf import CsrfProtect, safe_str_cmp
17from os import path
18
19from .database import db
20from werkzeug.contrib.fixers import ProxyFix
21import flask_sijax
22
23import hmac
24from hashlib import sha1
25
26def create_app(config=None):
27    app = Flask(__name__)
28    app.config.from_object(os.environ['APP_SETTINGS'])
29    app.wsgi_app = ProxyFix(app.wsgi_app)
30    db.init_app(app)
31    if app.debug is True:
32        try:
33            from flask_debugtoolbar import DebugToolbarExtension
34            toolbar = DebugToolbarExtension(app)
35        except:
36            pass
37
38    with app.test_request_context():
39        db.create_all()
40
41    from .general import controllers as general
42    from .shop import controllers as shop
43    from .test import controllers as test
44    app.register_blueprint(shop.module)
45    app.register_blueprint(general.module)
46    app.register_blueprint(test.module)
47
48    flask_sijax.Sijax(app)
49
50    @app.before_request
51    def check_csrf_token():
52        """Checks that token is correct, aborting if not"""
53        if request.method in ("GET",):  # not exhaustive list
54            return
55        token = request.form.get("csrf_token")
56        if token is None:
57            app.logger.warning("Expected CSRF Token: not present")
58            abort(400)
59        if not safe_str_cmp(token, csrf_token()):
60            app.logger.warning("CSRF Token incorrect")
61            abort(400)
62
63    @app.template_global('csrf_token')
64    def csrf_token():
65        """
66        Generate a token string from bytes arrays. The token in the session is user
67        specific.
68        """
69        if "_csrf_token" not in session:
70            session["_csrf_token"] = os.urandom(128)
71        return hmac.new(app.secret_key, session["_csrf_token"],
72                        digestmod=sha1).hexdigest()
73
74    def log_error(*args, **kwargs):
75        current_app.logger.error(*args, **kwargs)
76
77    CsrfProtect(app)
78
79    return app