fix: prevent duplicate forum topics from rapid double-submit

- Backend: reject identical title+content from same author within 60s (mirrors existing protection on forum_reply) - Frontend: disable submit button + 'Wysyłanie…' label on first click Daniel Kochański accidentally created 7 identical 'Local content w praktyce' topics within 5 seconds. Soft-deleted IDs 25-30 on prod, kept 24. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 13:29:40 +02:00 · 2026-04-13 13:29:40 +02:00 · a68910d029
commit a68910d029
parent e9e8154eb0
2 changed files with 18 additions and 0 deletions
--- a/blueprints/forum/routes.py
+++ b/blueprints/forum/routes.py
@ -149,6 +149,16 @@ def forum_new_topic():

        db = SessionLocal()
        try:
+            # Duplicate submission protection: same author, same title+content, within 60 seconds
+            recent_duplicate = db.query(ForumTopic).filter(
+                ForumTopic.author_id == current_user.id,
+                ForumTopic.title == title,
+                ForumTopic.content == content,
+                ForumTopic.created_at >= datetime.now() - timedelta(seconds=60)
+            ).first()
+            if recent_duplicate:
+                return redirect(url_for('.forum_topic', topic_id=recent_duplicate.id))
+
            topic = ForumTopic(
                title=title,
                content=content,
--- a/templates/forum/new_topic.html
+++ b/templates/forum/new_topic.html
@ -383,6 +383,14 @@

        if (!valid) {
            e.preventDefault();
+            return;
+        }
+
+        const submitBtn = this.querySelector('button[type="submit"]');
+        if (submitBtn) {
+            submitBtn.disabled = true;
+            submitBtn.dataset.originalText = submitBtn.textContent;
+            submitBtn.textContent = 'Wysyłanie…';
        }
    });