From 4dd7f82f86f32f18a1c881749848f0c5333a40ce Mon Sep 17 00:00:00 2001 From: Mitsuo Tokumori Date: Fri, 27 Oct 2023 19:58:19 -0500 Subject: Move views to the views/ directory --- flaskr/__init__.py | 2 +- flaskr/auth.py | 102 --------------------------------------------------- flaskr/views/auth.py | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+), 103 deletions(-) delete mode 100644 flaskr/auth.py create mode 100644 flaskr/views/auth.py diff --git a/flaskr/__init__.py b/flaskr/__init__.py index dffc858..0366365 100644 --- a/flaskr/__init__.py +++ b/flaskr/__init__.py @@ -32,7 +32,7 @@ def create_app(test_config=None): from . import db db.init_app(app) - from . import auth + from .views import auth app.register_blueprint(auth.bp) return app \ No newline at end of file diff --git a/flaskr/auth.py b/flaskr/auth.py deleted file mode 100644 index 3689eba..0000000 --- a/flaskr/auth.py +++ /dev/null @@ -1,102 +0,0 @@ -"""Authentication blueprint""" - -import functools - -from flask import ( - Blueprint, flash, g, redirect, render_template, request, session, url_for -) -from werkzeug.security import check_password_hash, generate_password_hash -from flaskr.db import get_db - -bp = Blueprint('auth', __name__, url_prefix='/auth') - -@bp.route('/register', methods=('GET', 'POST')) -def register(): - if request.method == 'POST': - # Form validation - username = request.form['username'] - password = request.form['password'] - db = get_db() - error = None - - if not username: - error = 'Username is required.' - elif not password: - error = 'Password is required.' - - if error is None: - try: - # NOTE: don't use f-string here. Use `?` placeholders so that - # database library can escape the fields - # (otherwise SQL injection vulnerability) - db.execute( - "INSERT INTO user (username, password) VALUES (?, ?)", - (username, generate_password_hash(password)), - ) - db.commit() - except db.IntegrityError: - error = f"User {username} is already registered." - else: - return redirect(url_for("auth.login")) - - flash(error) - - return render_template('auth/register.html') - - -@bp.route('/login', methods=('GET', 'POST')) -def login(): - if request.method == 'POST': - username = request.form['username'] - password = request.form['password'] - db = get_db() - error = None - user = db.execute( - 'SELECT * FROM user WHERE username = ?', (username,) - ).fetchone() - - if user is None: - error = 'Incorrect username.' - elif not check_password_hash(user['password'], password): - error = 'Incorrect password.' - - if error is None: - session.clear() - session['user_id'] = user['id'] - return redirect(url_for('index')) - - flash(error) - - return render_template('auth/login.html') - - -# runs before the view function, no matter what URL is requested -@bp.before_app_request -def load_logged_in_user(): - user_id = session.get('user_id') - - if user_id is None: - g.user = None - else: - g.user = get_db().execute( - 'SELECT * FROM user WHERE id = ?', (user_id,) - ).fetchone() - - -@bp.route('/logout') -def logout(): - session.clear() - return redirect(url_for('index')) - - -# Define decorator to require authentication in other views -def login_required(view): - """view is a function that returns HTML (and is part of a blueprint)""" - @functools.wraps(view) - def wrapped_view(**kwargs): - if g.user is None: - return redirect(url_for('auth.login')) - - return view(**kwargs) - - return wrapped_view \ No newline at end of file diff --git a/flaskr/views/auth.py b/flaskr/views/auth.py new file mode 100644 index 0000000..3689eba --- /dev/null +++ b/flaskr/views/auth.py @@ -0,0 +1,102 @@ +"""Authentication blueprint""" + +import functools + +from flask import ( + Blueprint, flash, g, redirect, render_template, request, session, url_for +) +from werkzeug.security import check_password_hash, generate_password_hash +from flaskr.db import get_db + +bp = Blueprint('auth', __name__, url_prefix='/auth') + +@bp.route('/register', methods=('GET', 'POST')) +def register(): + if request.method == 'POST': + # Form validation + username = request.form['username'] + password = request.form['password'] + db = get_db() + error = None + + if not username: + error = 'Username is required.' + elif not password: + error = 'Password is required.' + + if error is None: + try: + # NOTE: don't use f-string here. Use `?` placeholders so that + # database library can escape the fields + # (otherwise SQL injection vulnerability) + db.execute( + "INSERT INTO user (username, password) VALUES (?, ?)", + (username, generate_password_hash(password)), + ) + db.commit() + except db.IntegrityError: + error = f"User {username} is already registered." + else: + return redirect(url_for("auth.login")) + + flash(error) + + return render_template('auth/register.html') + + +@bp.route('/login', methods=('GET', 'POST')) +def login(): + if request.method == 'POST': + username = request.form['username'] + password = request.form['password'] + db = get_db() + error = None + user = db.execute( + 'SELECT * FROM user WHERE username = ?', (username,) + ).fetchone() + + if user is None: + error = 'Incorrect username.' + elif not check_password_hash(user['password'], password): + error = 'Incorrect password.' + + if error is None: + session.clear() + session['user_id'] = user['id'] + return redirect(url_for('index')) + + flash(error) + + return render_template('auth/login.html') + + +# runs before the view function, no matter what URL is requested +@bp.before_app_request +def load_logged_in_user(): + user_id = session.get('user_id') + + if user_id is None: + g.user = None + else: + g.user = get_db().execute( + 'SELECT * FROM user WHERE id = ?', (user_id,) + ).fetchone() + + +@bp.route('/logout') +def logout(): + session.clear() + return redirect(url_for('index')) + + +# Define decorator to require authentication in other views +def login_required(view): + """view is a function that returns HTML (and is part of a blueprint)""" + @functools.wraps(view) + def wrapped_view(**kwargs): + if g.user is None: + return redirect(url_for('auth.login')) + + return view(**kwargs) + + return wrapped_view \ No newline at end of file -- cgit v1.2.3