More bypass prevention

app.py

@@ -91,8 +91,9 @@ def index():
     captcha_text = generate_captcha_text()
     image = ImageCaptcha().generate(captcha_text)
 
-    # Store the CAPTCHA in the session
+    # Store the CAPTCHA and token in the session
     session['captcha_text'] = captcha_text
+    session['unique_token'] = unique_token
 
     # Encode the image in base64
     image_base64 = base64.b64encode(image.getvalue()).decode('utf-8')
@@ -101,7 +102,7 @@ def index():
     print(captcha_text)
 
     # Pass the CAPTCHA through to index.html
-    return render_template('index.html', captcha_text=captcha_text, captcha_image=image_base64)
+    return render_template('index.html', captcha_image=image_base64, unique_token=unique_token)
 
 @app.route('/api', methods=['POST'])
 def register():
@@ -112,6 +113,14 @@ def register():
     # Get the CAPTCHA
     user_captcha = request.form.get('captcha')
 
+    # Get the unique token
+    submitted_token = request.form.get('unique_token')
+
+    # Check if the submitted token matches the one in the session
+    if submitted_token != session.get('unique_token'):
+        # Token mismatch, handle accordingly
+        return "Token Expired", 400
+
     # Report the user captcha result
     print(user_captcha)
 

templates/index.html

@@ -35,6 +35,7 @@
 	        </div>
 	    </div>
             <br>
+            <input type="hidden" name="unique_token" value="{{ unique_token }}">
             <input type="submit" value="Register">
         </form>
     </div>