From 61d73d6470096e3afa5dd278f8bcacc37e1bf877 Mon Sep 17 00:00:00 2001 From: ubq323 Date: Fri, 21 May 2021 22:17:33 +0000 Subject: more auth things --- apioforum/auth.py | 76 ++++++++++++++++++++++++++++--- apioforum/db.py | 22 +++++++++ apioforum/templates/auth/login.html.j2 | 2 +- apioforum/templates/auth/register.html.j2 | 14 ++++++ apioforum/templates/base.html.j2 | 13 ++++++ 5 files changed, 119 insertions(+), 8 deletions(-) create mode 100644 apioforum/templates/auth/register.html.j2 diff --git a/apioforum/auth.py b/apioforum/auth.py index d19ad57..f558025 100644 --- a/apioforum/auth.py +++ b/apioforum/auth.py @@ -1,9 +1,10 @@ from flask import ( Blueprint, session, request, url_for, render_template, redirect, - flash, + flash, g ) +from werkzeug.security import check_password_hash, generate_password_hash from .db import get_db - +import functools bp = Blueprint("auth", __name__, url_prefix="/auth") @@ -14,22 +15,78 @@ def login(): password = request.form["password"] db = get_db() err = None + user = db.execute( + "SELECT password FROM users WHERE username = ?;",(username,) + ).fetchone() if not username: - err = "Username required" + err = "username required" elif not password: - err = "Password required" - elif username != "bee" or password != "form": - err = "Invalid login" + err = "password required" + elif user is None or not check_password_hash(user['password'], password): + err = "invalid login" if err is None: session.clear() - session['user'] = 'bee' + session['user'] = username return redirect(url_for('auth.cool')) flash(err) return render_template("auth/login.html.j2") +@bp.route("/register", methods=("GET","POST")) +def register(): + if request.method == "POST": + username = request.form["username"] + password = request.form["password"] + db = get_db() + err = None + if not username: + err = "Username required" + elif not password: + err = "Password required" + elif db.execute( + "SELECT 1 FROM users WHERE username = ?;", (username,) + ).fetchone() is not None: + err = f"User {username} is already registered." + + if err is None: + db.execute( + "INSERT INTO users (username, password) VALUES (?,?);", + (username,generate_password_hash(password)) + ) + db.commit() + flash("successfully created account") + session['user'] = username + return redirect(url_for("auth.cool")) + + flash(err) + + return render_template("auth/register.html.j2") + +@bp.route("/logout") +def logout(): + session.clear() + return redirect(url_for("auth.cool")) + +@bp.before_app_request +def load_user(): + username = session.get("user") + if username is None: + g.user = None + else: + g.user = get_db().execute( + "SELECT * FROM users WHERE username = ?;", (username,) + ).fetchone() + +def login_required(view): + @functools.wraps(view) + def wrapped(**kwargs): + print(g.user) + if g.user is None: + return redirect(url_for("auth.login")) + return view(**kwargs) + return wrapped @bp.route("/cool") def cool(): @@ -38,3 +95,8 @@ def cool(): return "you are not logged in" else: return f"you are logged in as {user}" + +@bp.route("/cooler") +@login_required +def cooler(): + return "bee" diff --git a/apioforum/db.py b/apioforum/db.py index 6a45640..a2830fe 100644 --- a/apioforum/db.py +++ b/apioforum/db.py @@ -19,6 +19,28 @@ def close_db(e=None): db.close() migrations = [ +""" +CREATE TABLE users ( + username TEXT PRIMARY KEY, + password TEXT NOT NULL +);""", +""" +CREATE TABLE threads ( + id INT PRIMARY KEY, + title TEXT NOT NULL, + creator TEXT NOT NULL REFERENCES users(username), + created INT NOT NULL, + updated INT NOT NULL +); +CREATE TABLE posts ( + id INT PRIMARY KEY, + content TEXT, + thread INT NOT NULL REFERENCES threads(id), + author TEXT NOT NULL REFERENCES users(username), + idx INT NOT NULL +); +CREATE INDEX posts_thread_idx ON posts (thread); +""", ] def init_db(): diff --git a/apioforum/templates/auth/login.html.j2 b/apioforum/templates/auth/login.html.j2 index 5f311cf..c8c67b4 100644 --- a/apioforum/templates/auth/login.html.j2 +++ b/apioforum/templates/auth/login.html.j2 @@ -8,7 +8,7 @@ - + {% endblock %} diff --git a/apioforum/templates/auth/register.html.j2 b/apioforum/templates/auth/register.html.j2 new file mode 100644 index 0000000..f7eab81 --- /dev/null +++ b/apioforum/templates/auth/register.html.j2 @@ -0,0 +1,14 @@ +{% extends "base.html.j2" %} +{% block header %} +

{% block title %}register{% endblock %}

+{% endblock %} + +{% block content %} +
+ + + + + +
+{% endblock %} diff --git a/apioforum/templates/base.html.j2 b/apioforum/templates/base.html.j2 index 01339c1..6660686 100644 --- a/apioforum/templates/base.html.j2 +++ b/apioforum/templates/base.html.j2 @@ -6,6 +6,19 @@ + + {% block header %}{% endblock %} {% for msg in get_flashed_messages() %}
{{ msg }}
-- cgit v1.2.3