Add a comment and code style stuff

jon/__init__.py

@@ -23,6 +23,8 @@ def create_app():
 
     db.init_app(app)
 
+    # This function denies every request until `auth.ACCESS_TOKEN`
+    # is passed using `?token=` to authenticate the session.
     @app.before_request
     def before_req_fun():
         return auth.before_request()
@@ -40,6 +42,6 @@ def create_app():
     def index():
         return render_template("index.html")
 
-    print("Jon started. Token: %s" % auth.ACCESS_TOKEN, file=sys.stderr)
+    print(f"Jon started. Token: {auth.ACCESS_TOKEN}", file=sys.stderr)
 
     return app

jon/auth.py

@@ -3,10 +3,10 @@ import string
 
 from flask import Blueprint, make_response, request, redirect, session
 
-bp = Blueprint('auth', __name__, url_prefix="/auth")
+bp = Blueprint("auth", __name__, url_prefix="/auth")
 
 
-ACCESS_TOKEN = ''.join(random.choice(string.ascii_lowercase) for i in range(64))
+ACCESS_TOKEN = "".join(random.choice(string.ascii_lowercase) for i in range(64))
 
 
 ERROR_TEXT =  """
@@ -24,10 +24,12 @@ def before_request():
     """
     If the correct token query parameter is passed along with any request,
     we mark this session authenticated by setting `session["authenticated"]`.
+    Unless the session is authenticated, all requests results in a 403 FORBIDDEN.
     """
     if "token" in request.args:
         if request.args["token"] == ACCESS_TOKEN:
             session["authenticated"] = ()
+        # Reload the page without query parameters
         return redirect(request.path)
 
     if not "authenticated" in session: