activity feed: restrict csrf_token usage unless logged in to prevent cookie setting, remove the unused rack-cache

Gemfile

@@ -18,7 +18,6 @@ gem 'sass', require: nil
 gem 'dav4rack', git: 'https://github.com/neocities/dav4rack.git', ref: '1bf1975c613d4f14d00f1e70ce7e0bb9e2e6cd9b'
 gem 'filesize'
 gem 'thread'
-gem 'rack-cache'
 gem 'rest-client', require: 'rest_client'
 gem 'addressable', '>= 2.8.0', require: 'addressable/uri'
 gem 'paypal-recurring', require: 'paypal/recurring'

Gemfile.lock

@@ -266,8 +266,6 @@ GEM
       nio4r (~> 2.0)
     racc (1.8.1)
     rack (3.1.12)
-    rack-cache (1.17.0)
-      rack (>= 0.4)
     rack-protection (4.1.1)
       base64 (>= 0.1.0)
       logger (>= 1.6.0)
@@ -452,7 +450,6 @@ DEPENDENCIES
   phonelib
   pry
   puma (< 7)
-  rack-cache
   rack-test
   rack_session_access
   rake (>= 12.3.3)

app/activity.rb

@@ -1,6 +1,4 @@
 get '/activity' do
-  #expires 7200, :public, :must_revalidate if self.class.production? # 2 hours
-
   @page = params[:page] || 1
 
   if params[:tag]

app/admin.rb

@@ -75,7 +75,6 @@ end
 
 get '/admin/stats' do
   require_admin
-  # expires 14400, :public, :must_revalidate if self.class.production? # 4 hours
 
   @stats = {
     total_hosted_site_hits: DB['SELECT SUM(hits) FROM sites'].first[:sum],

config.ru

@@ -6,11 +6,6 @@ require 'airbrake/sidekiq'
 use Airbrake::Rack::Middleware
 
 map('/') do
-  use(Rack::Cache,
-    verbose: false,
-    metastore: 'file:/tmp/neocitiesrackcache/meta',
-    entitystore: 'file:/tmp/neocitiesrackcache/body'
-  )
   run Sinatra::Application
 end
 

views/_news.erb

@@ -170,8 +170,6 @@
   <%== erb :_pagination, layout: false %>
 </div>
 
-<%== erb :'_news_templates', layout: false %>
-
-<script>
-
-</script>
+<% if current_site %>
+  <%== erb :'_news_templates', layout: false %>
+<% end %>

views/_news_actions.erb

@@ -20,18 +20,20 @@
   <% end %>
 </div>
 
-<div class="modal hide" id="deleteEvent<%= event.id %>" tabindex="-1" role="dialog" aria-labelledby="deleteEventLabel<%= event.id %>" aria-hidden="true">
-  <div class="modal-header">
-    <button class="close" type="button" data-dismiss="modal" aria-hidden="true"><i class="fa fa-times"></i></button>
-    <h3 id="addTagLabel">Delete</h3>
+<% if current_site %>
+  <div class="modal hide" id="deleteEvent<%= event.id %>" tabindex="-1" role="dialog" aria-labelledby="deleteEventLabel<%= event.id %>" aria-hidden="true">
+    <div class="modal-header">
+      <button class="close" type="button" data-dismiss="modal" aria-hidden="true"><i class="fa fa-times"></i></button>
+      <h3 id="addTagLabel">Delete</h3>
+    </div>
+    <div class="modal-body">
+      <p>
+        Are you sure you want to remove this <%= event.name %> from the news feed?
+      </p>
+    </div>
+    <div class="modal-footer">
+      <button class="btn cancel" data-dismiss="modal" aria-hidden="true">Cancel</button>
+      <button type="submit" class="btn-Action" onclick="Event.delete(<%= event.id %>, '<%= csrf_token %>'); return false">Delete</button>
+    </div>
   </div>
-  <div class="modal-body">
-    <p>
-      Are you sure you want to remove this <%= event.name %> from the news feed?
-    </p>
-  </div>
-  <div class="modal-footer">
-    <button class="btn cancel" data-dismiss="modal" aria-hidden="true">Cancel</button>
-    <button type="submit" class="btn-Action" onclick="Event.delete(<%= event.id %>, '<%= csrf_token %>'); return false">Delete</button>
-  </div>
-</div>
+<% end %>

views/activity.erb

@@ -22,7 +22,7 @@
 </div>
 <div>
   <div class="content single-Col misc-page">
-      <% if !signed_in? %>
+    <% if !signed_in? %>
       <div class="welcome">
         <h4>All the latest Neocities site news!</h4>
         <p>

views/browse.erb

@@ -176,16 +176,17 @@
   }
 </script>
 
-
-<script>
-  function banSite(usernames, classifier, el) {
-    $.post('/admin/banhammer', {
-      usernames: usernames,
-      classifier: classifier,
-      csrf_token: '<%= csrf_token %>'
-    }, function(data) {
-      $(el).css('color', '#3eff00')
-    })
-    return false;
-  }
-</script>
+<% if signed_in? && current_site.is_admin %>
+  <script>
+    function banSite(usernames, classifier, el) {
+      $.post('/admin/banhammer', {
+        usernames: usernames,
+        classifier: classifier,
+        csrf_token: '<%= csrf_token %>'
+      }, function(data) {
+        $(el).css('color', '#3eff00')
+      })
+      return false;
+    }
+  </script>
+<% end %>