Adjusted the ProxyFix configuration to include the `x_for=1` parameter, ensuring accurate client IP resolution by considering X-Forwarded-For headers. This change addresses issues encountered with IP detection behind proxies, thus enhancing the app's reliability in environments where reverse proxies are used.
Introduced changes to `app.py` and templates to enhance application configuration options, improve user feedback mechanisms, and bolster security practices. Key updates include:
- Expanded Flask's configuration based on `settings.ini`, enabling `debug` mode and applying `ProxyFix` middleware conditionally to support reverse proxy setups.
- Extended the functionality to include dynamic footer links, sourced from the configuration file, across all relevant templates. This contributes to a more dynamic and maintainable web interface.
- Adjusted the rate limiting functionality from a 1-hour to a 1-day window, offering a more lenient and user-friendly request limitation system.
- Implemented an error handling flow for user creation in Planka, providing clearer feedback when password requirements are not met, thus enhancing the user signup experience.
- Added a new cron route for cleaning up stale requests from the database, aligning data retention practices with privacy concerns.
These changes aim to provide a more configurable, user-friendly, and secure application, addressing feedback and evolving requirements.
This update vastly improves the user experience for registration and email confirmation processes within the app. By integrating Flask-WTF, the commit introduces form handling with enhanced data validation and user feedback. It also refactors the SMTP configuration to utilize dynamic sender selection and improves the handling of SSL settings, ensuring a more reliable email delivery setup.
To provide better security and a smoother user interface, we've implemented CSRF protection with FlaskForm and utilized WTForms for input fields, applying validators to ensure data integrity. The introduction of user existence checks before registration helps prevent duplicate usernames in the system, contributing to a cleaner and more manageable user database.
Email composition in the send_email function has been streamlined for readability, and several new templates were added to provide users with clear instructions after submitting requests or completing registration, enhancing overall usability.
By addressing these areas, the commit not only elevates the security posture of the application but also significantly enriches the user interaction, making the system more robust and user-friendly.
Relevant configurations for SMTP and system random secret key generation have been adjusted for better compliance and security standards.
Additionally, unnecessary scripts and redundant code blocks were removed for a cleaner code base, and CSS adjustments were made for improved form presentation and application aesthetics.
Overall, this comprehensive update lays a stronger foundation for user management and interaction within the application, setting the stage for future enhancements and a better end-user experience.
Improved the feedback mechanism for users who attempt to submit a duplicate request by providing a more detailed already_requested.html template. This update includes dynamic display of the application's name, and custom title and subtitle information to guide users more clearly on what steps to follow next. Additionally, refined the HTML structure of base and request templates for better readability and user guidance, including a new privacy notice for email submissions.
- The already_requested.html page now dynamically includes the app name, and specific titles and subtitles to better inform users about their duplicate request status.
- Enhanced the base.html template for consistency in HTML syntax and added clearer structural divisions for main content areas.
- Updated the request.html template to include a privacy notice detailing how the user's information will be used, aiming to increase transparency and trust.
These changes aim to make the user's experience smoother and more informative, especially in cases where duplicate requests might cause confusion.
Implemented the foundation of a Flask application designed to manage email requests with rate limiting and SQLite database integration. This includes setting up basic app infrastructure, such as Flask app initialization, database creation with email request tracking, SMTP configuration for email sending, and rate limiting based on IP addresses to prevent abuse. Additionally, the commit introduces the core frontend structure along with styling, utilizing templates for basic request handling and display. The `.gitignore` file was also set up to ignore common Python and development artifacts. Relevant dependencies required for the application are outlined in `requirements.txt`.
This setup lays the groundwork for future expansions, including more detailed request handling, user authentication, and enhanced security features.
No specific issues are addressed in this commit; it represents the initial application setup and starting point for further development.