Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore) - Add CSRF token generation and validation on all state-changing requests - Replace random.choices with secrets.choice for all secure code generation - Add session cookie security headers (HttpOnly, Secure, SameSite) - Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning - Add email communications system: templates per event, custom email sending, sent email tracking - Add staff/organizer profile pages with staff code display - New DB tables: event_email_templates, sent_emails, user_communications - New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code - Expand English translation strings across all new features Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,38 @@
|
||||
{% extends "base.html" %}
|
||||
|
||||
{% block title %}{{ 'edit_template'|t }} - {{ event.name }}{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="communications-edit-page">
|
||||
<div class="page-header">
|
||||
<h1>{{ 'edit'|t }}: {{ template_type_name }}</h1>
|
||||
<a href="{{ url_for('event_communications', event_id=event.id) }}" class="btn btn-outline"><i data-lucide="arrow-left"></i> {{ 'back'|t }}</a>
|
||||
</div>
|
||||
|
||||
<div class="section-box">
|
||||
<form method="POST" class="template-edit-form">
|
||||
<div class="form-group">
|
||||
<label for="subject">{{ 'subject'|t }}</label>
|
||||
<input type="text" id="subject" name="subject" value="{{ template.subject }}" required>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="body">{{ 'body'|t }}</label>
|
||||
<textarea id="body" name="body" rows="15" required>{{ template.body }}</textarea>
|
||||
<small class="text-muted">{{ 'available_placeholders'|t }}: {staff_name}, {attendee_name}, {event_name}, {invite_url}, {reminder_count}, {event_date}, {event_location}, {changes_text}, {session_name}</small>
|
||||
</div>
|
||||
|
||||
<div class="form-actions">
|
||||
<button type="submit" class="btn btn-primary"><i data-lucide="save"></i> {{ 'save_changes'|t }}</button>
|
||||
<a href="{{ url_for('event_communications', event_id=event.id) }}" class="btn btn-secondary">{{ 'cancel'|t }}</a>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', function() {
|
||||
lucide.createIcons();
|
||||
});
|
||||
</script>
|
||||
{% endblock %}
|
||||
Reference in New Issue
Block a user