Clean up code smells in app.py

- Cache public key at startup instead of re-serializing per request - Remove unused url_for import - Remove unused session["client_id"] - Narrow bare except Exception to specific exception types - Use urlencode for calendar URL query params Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-04 15:53:40 +01:00 · 2026-03-04 15:53:40 +01:00 · 5f7b61eb37
parent e2b3df52ff
commit 5f7b61eb37
1 changed files with 15 additions and 9 deletions
--- a/app.py
+++ b/app.py
@ -1,5 +1,6 @@
 import argparse
 import base64
+import binascii
 import json
 import secrets
 from urllib.parse import urlencode
@ -7,7 +8,7 @@ from urllib.parse import urlencode
 import yaml
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import padding, rsa
-from flask import Flask, redirect, render_template, request, session, url_for
+from flask import Flask, redirect, render_template, request, session

 parser = argparse.ArgumentParser()
 parser.add_argument("config", help="Path to configuration file")
@ -20,6 +21,10 @@ app = Flask(__name__)
 app.secret_key = config["secret_key"]

 private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+public_key = private_key.public_key().public_bytes(
+    serialization.Encoding.PEM,
+    serialization.PublicFormat.SubjectPublicKeyInfo,
+).decode()


@app.route("/")
@ -29,15 +34,9 @@ def index():

@app.route("/authorize")
 def authorize():
-    public_key = private_key.public_key().public_bytes(
-        serialization.Encoding.PEM,
-        serialization.PublicFormat.SubjectPublicKeyInfo,
-    ).decode()
-
    nonce = secrets.token_hex(16)
    client_id = secrets.token_hex(48)
    session["nonce"] = nonce
-    session["client_id"] = client_id

    params = {
        "auth_redirect": config["redirect_url"],
@ -58,16 +57,23 @@ def callback():

    try:
        payload = base64.b64decode(payload_b64)
+    except binascii.Error:
+        return "Failed to decode payload", 400
+
+    try:
        data = private_key.decrypt(payload, padding.PKCS1v15())
        response = json.loads(data)
-    except Exception:
+    except (ValueError, json.JSONDecodeError):
        return "Failed to decrypt or decode payload", 400

    if response.get("nonce") != session.get("nonce"):
        return "Invalid nonce", 400

    key = response["key"]
-    calendar_url = f"{config['forum_url']}/discourse-post-event/events.ics?order=desc&api_key={key}"
+    calendar_url = (
+        f"{config['forum_url']}/discourse-post-event/events.ics?"
+        + urlencode({"order": "desc", "api_key": key})
+    )

    return render_template(
        "result.html",