From 48526435adb128354bc59f3b57871d58a137402e Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@hotmail.com>
Date: Thu, 15 Nov 2018 20:23:17 -0600
Subject: [PATCH] Add CSRF token for Google accounts

---
 src/invidious.cr | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/invidious.cr b/src/invidious.cr
index 87480e12..30ed33be 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -155,6 +155,10 @@ before_all do |env|
         client = make_client(YT_URL)
         user = get_user(sid, client, headers, PG_DB, false)
 
+        challenge, token = create_response(user.email, "sign_out", HMAC_KEY, 1.week)
+        env.set "challenge", challenge
+        env.set "token", token
+
         env.set "user", user
         env.set "sid", sid
       rescue ex