Merge branch 'signup_duplicate_prevention' into 'main'

Added submission key checking to backend

See merge request sahkoinsinoorikilta/vtmk/web2.0-backend!106

webapp/views.py

@@ -200,6 +200,26 @@ class SignupViewSet(ModelViewSet):
     serializer_class = SignupSerializer
     permission_classes = [SignupPermission]
 
+    submit_keys = (
+        {}
+    )  # Dictionary for currently invalid submission keys; {key: timestamp}
+
+    def key_is_unique(self, submitKey):
+        current_time = time.time()
+        # Remove expired keys from dict (older than 1 h)
+        # A key that expires as the function is called is considered valid
+        SignupViewSet.submit_keys = {
+            key: time
+            for key, time in SignupViewSet.submit_keys.items()
+            if time + 3600 >= current_time
+        }
+        if submitKey not in SignupViewSet.submit_keys:  # Key is unique; valid
+            SignupViewSet.submit_keys[submitKey] = current_time
+            return True
+        else:  # Key is not unique; invalid, refresh timestamp
+            SignupViewSet.submit_keys[submitKey] = current_time
+            return False
+
     @action(detail=True, methods=["get", "put"], permission_classes=[AllowAny])
     def edit(self, request, pk=None, *args, **kwargs):
         uuid = request.query_params.get("uuid", None)
@@ -214,6 +234,12 @@ class SignupViewSet(ModelViewSet):
     def create(self, request, *args, **kwargs):
         id = request.data["signupForm_id"]
         try:
+            submitKey = request.data.get("submitKey")
+            if submitKey is not None and not self.key_is_unique(submitKey):
+                return JsonResponse(
+                    status=200, data={"message": "Ignored repeated request"}
+                )
+
             answer = request.data["answer"]
             form = SignupForm.objects.get(id=id)
             if form.isOpen: