Logging:
- Add structured logging with timestamps
- Log successful and failed login attempts
- Log new orders and order completions
- Log email sending success/failures
SMTP Error Handling:
- Add try/except block around SMTP operations
- Catch authentication errors, SMTP exceptions, and general errors
- Log all email failures with detailed error messages
- Ensure orders are saved even if email fails
This allows monitoring of critical operations and troubleshooting
email delivery issues through systemd journal.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Prevent server startup if SECRET_KEY is not set in production
- Raise RuntimeError with helpful message if using default value
- Allow debug mode for local development
This ensures the application never runs with an insecure session
secret in production environments.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add Flask-WTF dependency for CSRF protection
- Initialize CSRFProtect in app.py
- Add CSRF tokens to all POST forms in templates
- Exempt /order JSON API endpoint (uses API key instead)
This protects against Cross-Site Request Forgery attacks on all
admin and user management operations.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
