From 50e7de44953edaf2b8a1b2ab4fc422fc33b738f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A4=9A=E7=BE=85=E7=8B=BC?= <dorowolf314@gmail.com>
Date: Sat, 4 Jan 2025 11:10:53 +0800
Subject: [PATCH] bind XSRF-TOKEN & deviceToken

---
 bots/api/bot.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/bots/api/bot.py b/bots/api/bot.py
index b2f2d6ddee..abdd2aaca9 100644
--- a/bots/api/bot.py
+++ b/bots/api/bot.py
@@ -151,6 +151,7 @@ async def verify_token(request: Request):
 @limiter.limit("2/second")
 async def set_csrf_token(request: Request):
     verify_jwt(request)
+    csrf_token = secrets.token_hex(32)
     device_token = request.cookies.get("deviceToken")
     current_time = time.time()
 
@@ -158,14 +159,11 @@ async def set_csrf_token(request: Request):
     token_entries = [
         token for token in token_entries if current_time - token["token_timestamp"] < CSRF_TOKEN_EXPIRY
     ]
-
-    csrf_token = secrets.token_hex(32)
     token_entries.append({
         "csrf_token": csrf_token,
         "device_token": device_token,
         "token_timestamp": current_time
     })
-
     save_csrf_tokens(token_entries)
 
     return {"message": "Success", "csrf_token": csrf_token}