Csrf prevention

Added simple csrf prevention to fix issue #5 (closed) :

• The server generates a random, unique csrf token, stores it in the session and appends the token on the map and admin pages
• The token is added to every POST, PUT and DELETE request inside 'x-csrf-token' header
• Likewise, for every POST, PUT and DELETE request, the server checks that the token stored in the session matches the token from the header

api/services/csrf.py

+from flask import session, request, Response
+from uuid import uuid4
+
+def checkCsrfToken():
+    """Checks that a valid csrf token exists in requests that can alter data"""
+    # no csrf check needed for static requests
+    if request.endpoint == 'static':
+        return None
+
+    # check if a token exists in session
+    sessionToken = session.get('csrf')
+
+    # issue new one if not
+    if not sessionToken:
+        print("issuing new token")
+        return issueToken()
+
+    # no csrf check needed for get requests
+    if request.method == 'GET':
+        return None
+
+    # get token from request
+    headerToken = request.headers.get('x-csrf-token')
+
+    # check that the two tokens match
+    if headerToken != sessionToken:
+        return Response("Invalid csrf key", 403)
+
+
+    
+def issueToken():
+    """Generates a new CSRF token and stores it for current session"""
+    # issue new if not
+    sessionToken = str(uuid4())
+    session['csrf'] = sessionToken