bind XSRF-TOKEN & deviceToken

Teahouse-Studios · Jan 4, 2025 · 50e7de4 · 50e7de4
1 parent fc2e6c9
commit 50e7de4
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/bots/api/bot.py b/bots/api/bot.py
@@ -151,21 +151,19 @@ async def verify_token(request: Request):
 @limiter.limit("2/second")
 async def set_csrf_token(request: Request):
     verify_jwt(request)
+    csrf_token = secrets.token_hex(32)
     device_token = request.cookies.get("deviceToken")
     current_time = time.time()
 
     token_entries = load_csrf_tokens()
     token_entries = [
         token for token in token_entries if current_time - token["token_timestamp"] < CSRF_TOKEN_EXPIRY
     ]
-
-    csrf_token = secrets.token_hex(32)
     token_entries.append({
         "csrf_token": csrf_token,
         "device_token": device_token,
         "token_timestamp": current_time
     })
-
     save_csrf_tokens(token_entries)
 
     return {"message": "Success", "csrf_token": csrf_token}