diff options
| author | Mitsuo Tokumori <[email protected]> | 2023-10-29 07:41:04 -0500 |
|---|---|---|
| committer | Mitsuo Tokumori <[email protected]> | 2023-10-29 07:41:04 -0500 |
| commit | 43f9d78f8c00e13732b809519f0529ac293fd5ab (patch) | |
| tree | d9779a6d4b511dd27cfe80b3f8d0ad2e5ef5d7da /flaskr/views | |
| parent | de8b3d760a37fc54645a2588b062f85963146070 (diff) | |
| download | ustayml-43f9d78f8c00e13732b809519f0529ac293fd5ab.tar.gz ustayml-43f9d78f8c00e13732b809519f0529ac293fd5ab.tar.bz2 ustayml-43f9d78f8c00e13732b809519f0529ac293fd5ab.zip | |
Rename to ustayml (u-stayML)
Diffstat (limited to 'flaskr/views')
| -rw-r--r-- | flaskr/views/auth.py | 102 | ||||
| -rw-r--r-- | flaskr/views/blog.py | 104 |
2 files changed, 0 insertions, 206 deletions
diff --git a/flaskr/views/auth.py b/flaskr/views/auth.py deleted file mode 100644 index 2dc32af..0000000 --- a/flaskr/views/auth.py +++ /dev/null @@ -1,102 +0,0 @@ -"""Authentication blueprint""" - -import functools - -from flask import ( - Blueprint, flash, g, redirect, render_template, request, session, url_for -) -from werkzeug.security import check_password_hash, generate_password_hash -from flaskr.db import get_db - -bp = Blueprint('auth', __name__, url_prefix='/auth') - [email protected]('/register', methods=('GET', 'POST')) -def register(): - if request.method == 'POST': - # Form validation - username = request.form['username'] - password = request.form['password'] - db = get_db() - error = None - - if not username: - error = 'Username is required.' - elif not password: - error = 'Password is required.' - - if error is None: - try: - # NOTE: don't use f-string here. Use `?` placeholders so that - # database library can escape the fields - # (otherwise SQL injection vulnerability) - db.execute( - "INSERT INTO user (username, password) VALUES (?, ?)", - (username, generate_password_hash(password)) - ) - db.commit() - except db.IntegrityError: - error = f"User {username} is already registered." - else: - return redirect(url_for("auth.login")) - - flash(error) - - return render_template('auth/register.html') - - [email protected]('/login', methods=('GET', 'POST')) -def login(): - if request.method == 'POST': - username = request.form['username'] - password = request.form['password'] - db = get_db() - error = None - user = db.execute( - 'SELECT * FROM user WHERE username = ?', (username,) - ).fetchone() - - if user is None: - error = 'Incorrect username.' - elif not check_password_hash(user['password'], password): - error = 'Incorrect password.' - - if error is None: - session.clear() - session['user_id'] = user['id'] - return redirect(url_for('index')) - - flash(error) - - return render_template('auth/login.html') - - -# runs before the view function, no matter what URL is requested [email protected]_app_request -def load_logged_in_user(): - user_id = session.get('user_id') - - if user_id is None: - g.user = None - else: - g.user = get_db().execute( - 'SELECT * FROM user WHERE id = ?', (user_id,) - ).fetchone() - - [email protected]('/logout') -def logout(): - session.clear() - return redirect(url_for('index')) - - -# Define decorator to require authentication in other views -def login_required(view): - """view is a function that returns HTML (and is part of a blueprint)""" - @functools.wraps(view) - def wrapped_view(**kwargs): - if g.user is None: - return redirect(url_for('auth.login')) - - return view(**kwargs) - - return wrapped_view
\ No newline at end of file diff --git a/flaskr/views/blog.py b/flaskr/views/blog.py deleted file mode 100644 index 6f728ea..0000000 --- a/flaskr/views/blog.py +++ /dev/null @@ -1,104 +0,0 @@ -from flask import ( - Blueprint, flash, g, redirect, render_template, request, url_for -) -from werkzeug.exceptions import abort - -from flaskr.views.auth import login_required -from flaskr.db import get_db - -# NOTE: no URL prefix -bp = Blueprint('blog', __name__) - - [email protected]('/') -def index(): - db = get_db() - posts = db.execute( - 'SELECT p.id, title, body, created, author_id, username' - ' FROM post p JOIN user u ON p.author_id = u.id' - ' ORDER BY created DESC' - ).fetchall() - return render_template('blog/index.html', posts=posts) - - [email protected]('/create', methods=('GET', 'POST')) -@login_required -def create(): - if request.method == 'POST': - title = request.form['title'] - body = request.form['body'] - error = None - - if not title: - error = 'Title is required.' - - if error is not None: - flash(error) - else: - db = get_db() - db.execute( - 'INSERT INTO post (title, body, author_id)' - ' VALUES (?, ?, ?)', - (title, body, g.user['id']) - ) - db.commit() - return redirect(url_for('blog.index')) - - return render_template('blog/create.html') - - [email protected]('/<int:id>/update', methods=('GET', 'POST')) -@login_required -def update(id): - post = get_post(id) - - if request.method == 'POST': - title = request.form['title'] - body = request.form['body'] - error = None - - if not title: - error = 'Title is required.' - - if error is not None: - flash(error) - else: - db = get_db() - db.execute( - 'UPDATE post SET title = ?, body = ?' - ' WHERE id = ?', - (title, body, id) - ) - db.commit() - return redirect(url_for('blog.index')) - - return render_template('blog/update.html', post=post) - - [email protected]('/<int:id>/delete', methods=('POST',)) -@login_required -def delete(id): - get_post(id) - db = get_db() - db.execute('DELETE FROM post WHERE id = ?', (id,)) - db.commit() - return redirect(url_for('blog.index')) - - -# Helper functions: - -def get_post(id, check_author=True): - post = get_db().execute( - 'SELECT p.id, title, body, created, author_id, username' - ' FROM post p JOIN user u ON p.author_id = u.id' - ' WHERE p.id = ?', - (id,) - ).fetchone() - - if post is None: - abort(404, f"Post id {id} doesn't exist.") - - if check_author and post['author_id'] != g.user['id']: - abort(403) - - return post |