From 90a0550775338cc5e8fef1599e6ffbdad1c07275 Mon Sep 17 00:00:00 2001 From: Justus Ojala Date: Mon, 15 Sep 2025 13:39:46 +0300 Subject: [PATCH] Added submission key checking to backend --- webapp/views.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/webapp/views.py b/webapp/views.py index f72769c..02672e4 100644 --- a/webapp/views.py +++ b/webapp/views.py @@ -200,6 +200,26 @@ class SignupViewSet(ModelViewSet): serializer_class = SignupSerializer permission_classes = [SignupPermission] + submit_keys = ( + {} + ) # Dictionary for currently invalid submission keys; {key: timestamp} + + def key_is_unique(self, submitKey): + current_time = time.time() + # Remove expired keys from dict (older than 1 h) + # A key that expires as the function is called is considered valid + SignupViewSet.submit_keys = { + key: time + for key, time in SignupViewSet.submit_keys.items() + if time + 3600 >= current_time + } + if submitKey not in SignupViewSet.submit_keys: # Key is unique; valid + SignupViewSet.submit_keys[submitKey] = current_time + return True + else: # Key is not unique; invalid, refresh timestamp + SignupViewSet.submit_keys[submitKey] = current_time + return False + @action(detail=True, methods=["get", "put"], permission_classes=[AllowAny]) def edit(self, request, pk=None, *args, **kwargs): uuid = request.query_params.get("uuid", None) @@ -214,6 +234,12 @@ class SignupViewSet(ModelViewSet): def create(self, request, *args, **kwargs): id = request.data["signupForm_id"] try: + submitKey = request.data.get("submitKey") + if submitKey is not None and not self.key_is_unique(submitKey): + return JsonResponse( + status=200, data={"message": "Ignored repeated request"} + ) + answer = request.data["answer"] form = SignupForm.objects.get(id=id) if form.isOpen: