[FishBot] CSRF Protector — CSRF токены, state validation, origin checks

Job description

CSRF Protector — FishBot @fishinglogs bot Status: ✅ production Codebase: 65 файлов, 15k LOC, 22 роутера, 22 таблицы Stack: Python 3.12, aiogram 3.x, SQLAlchemy 2.x async, PostgreSQL Bot: Рыболовный дневник. Уловы, статистика, прогноз, снасти, соцфункции. Free/99₽/149₽. Key features: catch wizard (15 шагов Pro), stats, forecast, gear/bait inventory, payments Stars/ЮКасса, group fishing, 57 ачивок, sunr Task focus: CSRF токены, state validation, origin checks Security audit for Python aiogram 3.x bot. Check: IDOR (all DB queries must filter by user id), SQL injection, missing auth checks on admin handlers, bare except hiding errors, hardcoded secrets. List issues by severity. Deliverable (reply here):