kiosk-guestbook

tmdinosaurcenter/kiosk-guestbook

Fork 0

mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-04 01:18:12 -06:00

Commit Graph

Author	SHA1	Message	Date
steve	ecdcc044b7	feat: add CSRF protection to all POST forms Installs Flask-WTF and enables CSRFProtect globally. Adds csrf_token hidden fields to all four POST forms (login, delete entry, add user, delete user, and the public guestbook form). Exempts the API endpoint which uses header-based key auth instead.	2026-03-28 23:23:53 -06:00
steve	2d4eac6583	refactor: migrate admin auth from HTTP Basic to Flask-Login sessions Replaces browser-cached Basic Auth credentials with proper server-side session management. Logout now fully invalidates the session. Adds an HTML login form at /admin/login, SECRET_KEY env var support, and updates README with key generation instructions and role table.	2026-03-10 11:41:16 -06:00

Author

SHA1

Message

Date

steve

ecdcc044b7

feat: add CSRF protection to all POST forms

Installs Flask-WTF and enables CSRFProtect globally. Adds csrf_token
hidden fields to all four POST forms (login, delete entry, add user,
delete user, and the public guestbook form). Exempts the API endpoint
which uses header-based key auth instead.

2026-03-28 23:23:53 -06:00

steve

2d4eac6583

refactor: migrate admin auth from HTTP Basic to Flask-Login sessions

Replaces browser-cached Basic Auth credentials with proper server-side
session management. Logout now fully invalidates the session. Adds an
HTML login form at /admin/login, SECRET_KEY env var support, and updates
README with key generation instructions and role table.

2026-03-10 11:41:16 -06:00

2 Commits