add: validate session before rating

main.py

@@ -72,6 +72,17 @@ async def next_picture(cookie: int):
 @app.get("/rate_picture/{session_id}/{picture_id}/{mark}")
 async def rate_picture(session_id: int, picture_id: int, mark: int):
     """Submit a rating for the picture"""
-    # check if session is valid
+    # check if the cookie is valid
+    cur.execute(
+        """SELECT sessionid 
+            FROM sessions 
+            WHERE cookie = :cookie
+            LIMIT 1""",
+        {"cookie": cookie},
+    )
+    sessionid = cur.fetchone()
+    if sessionid is None:
+        return  # FIXME[2]  # Q: do we return something specific, or just use convention here?
+
     # add new mark to the session table
     pass