6 from __future__
import unicode_literals
8 from jinja2
import Markup
9 from pyramid.events
import BeforeRender, ContextFound, subscriber
10 from pyramid.httpexceptions
import HTTPBadRequest
11 from pyramid.threadlocal
import get_current_request
12 from random
import choice
13 from sqlalchemy
import event
21 @subscriber(ContextFound, request_method=
'POST')
27 request = event.request
28 token = request.POST.get(
'token')
30 raise HTTPBadRequest(
'CSRF token is missing')
31 elif token != request.session.get_csrf_token():
32 raise HTTPBadRequest(
'CSRF token is invalid')
35 @subscriber(BeforeRender)
41 request = get_current_request()
42 token = request.session.get_csrf_token()
43 token_field = Markup(
'<input type="hidden" name="token" value="%s" />' % token)
44 event[
'g'] =
Storage(consts, settings=settings, token_field=token_field)
45 event[
'h'] =
Storage(datetime=datetime, choice=choice)
48 @event.listens_for(DBSession,
'after_flush')
54 writer = index.writer()
55 for obj
in session.new:
57 for obj
in session.dirty:
58 obj.update_index(writer)
59 for obj
in session.deleted:
60 obj.delete_index(writer)