Major: Added Authentication Functionality, interfaces with backend;

Added new styles to HomePage & VideoPage; Added AuthContext to persist logged_in status;
2025-01-24 15:17:53 +00:00
parent ca2a7e9baf
commit 8ec60b1c41
24 changed files with 831 additions and 204 deletions
--- a/web_server/blueprints/init.py
+++ b/web_server/blueprints/init.py
@@ -1,12 +1,11 @@
-from flask import Flask
+from flask import Flask, jsonify
+# from flask_wtf.csrf import CSRFProtect, generate_csrf
 from flask_session import Session
 from blueprints.utils import logged_in_user
 from flask_cors import CORS
 import os

-print("Environment variables:")
-print(f"FLASK_SECRET_KEY: {os.getenv('FLASK_SECRET_KEY')}")
-print(f"STRIPE_SECRET_KEY: {os.getenv('STRIPE_SECRET_KEY')}")
+# csrf = CSRFProtect()


 def create_app():
@@ -14,12 +13,17 @@ def create_app():
    app.config["SECRET_KEY"] = os.getenv("FLASK_SECRET_KEY")
    app.config["SESSION_PERMANENT"] = False
    app.config["SESSION_TYPE"] = "filesystem"
-    #! ↓↓↓ For development purposes only
-    CORS(app)       # Allow cross-origin requests for the frontend
+    #! ↓↓↓ For development purposes only - Allow cross-origin requests for the frontend
+    CORS(app, supports_credentials=True)
+    # csrf.init_app(app)

    Session(app)
    app.before_request(logged_in_user)

+    # @app.route('/csrf-token')
+    # def get_csrf_token():
+    #     return jsonify({'csrf_token': generate_csrf()}), 200
+
    with app.app_context():
        from blueprints.authentication import auth_bp
        from blueprints.main import main_bp
@@ -33,4 +37,4 @@ def create_app():
        app.register_blueprint(user_bp)
        app.register_blueprint(stream_bp)

-    return app
+    return app
--- a/web_server/blueprints/authentication.py
+++ b/web_server/blueprints/authentication.py
@@ -1,92 +1,161 @@
-from flask import Blueprint, render_template, session, request, url_for, redirect, g
+from flask import Blueprint, session, request, url_for, redirect, g, jsonify
 from werkzeug.security import generate_password_hash, check_password_hash
 from forms import SignupForm, LoginForm
+from flask_cors import cross_origin
 from database.database import Database
 from blueprints.utils import login_required

 auth_bp = Blueprint("auth", __name__)

-@auth_bp.route("/signup", methods=["GET", "POST"])
+
+@auth_bp.route("/signup", methods=["POST"])
+@cross_origin(supports_credentials=True)
 def signup():
-    form = SignupForm()
-    if form.validate_on_submit():
-        # Retrieve data from the sign up form
-        username = form.username.data
-        email = form.email.data
-        password = form.password.data
-        password2 = form.password2.data
+    if not request.is_json:
+        return jsonify({"message": "Expected JSON data"}), 400

-        # Store in database and hash to avoid exposing sensitive information
-        db = Database()
-        cursor = db.create_connection()
+    data = request.get_json()

-        # Check if user already exists to avoid duplicates
-        dup_email = cursor.execute("""SELECT * FROM users
-                                    WHERE email = ?;""", (email,)).fetchone()
-        dup_username = cursor.execute("""SELECT * FROM users
-                                      WHERE username = ?;""", (username,)).fetchone()
+    # Extract data from request
+    username = data.get('username')
+    email = data.get('email')
+    password = data.get('password')
+
+    # Basic server-side validation
+    if not all([username, email, password]):
+        return jsonify({
+            "account_created": False,
+            "message": "Missing required fields"
+        }), 400
+
+    db = Database()
+    cursor = db.create_connection()
+
+    try:
+        # Check for duplicate email/username
+        dup_email = cursor.execute(
+            "SELECT * FROM users WHERE email = ?",
+            (email,)
+        ).fetchone()
+
+        dup_username = cursor.execute(
+            "SELECT * FROM users WHERE username = ?",
+            (username,)
+        ).fetchone()

        if dup_email is not None:
-            form.email.errors.append("Email already taken.")
-        elif dup_username is not None:
-            form.username.errors.append("Username already taken.")
-        elif password != password2:
-            form.password.errors.append("Passwords must match.")
-        else:
-            cursor.execute("""INSERT INTO users (username, password, email, num_followers, isPartenered, bio)
-                       VALUES (?, ?, ?, ?, ?, ?);""", (username, generate_password_hash(password), email, 0, 0, "This user does not have a Bio."))
-            db.commit_data()
-            return {"account_created": True}
+            return jsonify({
+                "account_created": False,
+                "errors": {"email": "Email already taken"}
+            }), 400

+        if dup_username is not None:
+            return jsonify({
+                "account_created": False,
+                "errors": {"username": "Username already taken"}
+            }), 400

-        # Close connection to prevent data leaks
+        # Create new user
+        cursor.execute(
+            """INSERT INTO users 
+               (username, password, email, num_followers, isPartenered, bio)
+               VALUES (?, ?, ?, ?, ?, ?)""",
+            (
+                username,
+                generate_password_hash(password),
+                email,
+                0,
+                0,
+                "This user does not have a Bio."
+            )
+        )
+        db.commit_data()
+
+        # Create session for new user
+        session.clear()
+        session["username"] = username
+
+        return jsonify({
+            "account_created": True,
+            "message": "Account created successfully"
+        }), 201
+
+    except Exception as e:
+        print(f"Error during signup: {e}")  # Log the error
+        return jsonify({
+            "account_created": False,
+            "message": "Server error occurred: " + str(e)
+        }), 500
+
+    finally:
        db.close_connection()

-    return {"account_created": False}

-@auth_bp.route("/login", methods=["GET", "POST"])
+@auth_bp.route("/login", methods=["POST"])
+@cross_origin(supports_credentials=True)
 def login():
-    form = LoginForm()
-    if form.validate_on_submit():
-        # Retrieve data from the login form
-        username = form.username.data
-        password = form.username.data
+    if not request.is_json:
+        return jsonify({"message": "Expected JSON data"}), 400

-        # Compare with database
-        db = Database()
-        cursor = db.create_connection()
+    data = request.get_json()

-        # Check if user exists so only users who have signed up can login
-        user_exists = cursor.execute("""SELECT * FROM users
-                                  WHERE username = ?;""", (username,)).fetchone()
+    # Extract data from request
+    username = data.get('username')
+    password = data.get('password')

-        if not user_exists:
-            form.username.errors.append("Incorrect username or password.")
-            db.close_connection()
+    # Basic server-side validation
+    if not all([username, password]):
+        return jsonify({
+            "logged_in": False,
+            "message": "Missing required fields"
+        }), 400

-        # Check is hashed passwords match to verify the user logging in
-        elif not check_password_hash(user_exists["password"], password):
-            form.username.errors.append("Incorrect username or password.")
-            db.close_connection()
+    db = Database()
+    cursor = db.create_connection()

-        else:
-            # Create a new session to prevent users from exploiting horizontal access control
-            session.clear()
-            session["username"] = username
+    try:
+        # Check if user exists
+        user = cursor.execute(
+            "SELECT * FROM users WHERE username = ?",
+            (username,)
+        ).fetchone()
+
+        if not user:
+            return jsonify({
+                "logged_in": False,
+                "errors": {"general": "Invalid username or password"}
+            }), 401
+
+        # Verify password
+        if not check_password_hash(user["password"], password):
+            return jsonify({
+                "logged_in": False,
+                "errors": {"general": "Invalid username or password"}
+            }), 401
+
+        # Set up session
+        session.clear()
+        session["username"] = username
+
+        return jsonify({
+            "logged_in": True,
+            "message": "Login successful",
+            "username": username
+        }), 200
+
+    except Exception as e:
+        print(f"Error during login: {e}")  # Log the error
+        return jsonify({
+            "logged_in": False,
+            "message": "Server error occurred"
+        }), 500
+
+    finally:
+        db.close_connection()

-            # Return to previous page if applicable
-            next_page = request.args.get("next")

-            # Otherwise return home
-            if not next_page:
-                next_page = url_for("app.index")
-            db.close_connection()
-            return {"logged_in": True}
-        
-    return {"logged_in": False}
-    
@auth_bp.route("/logout")
@login_required
 def logout():
    session.clear()
-    return {"logged_in": False}
+    return {"logged_in": False}
--- a/web_server/blueprints/main.py
+++ b/web_server/blueprints/main.py
@@ -1,17 +1,19 @@
-from flask import Blueprint, render_template
+from flask import Blueprint, render_template, session, jsonify

 main_bp = Blueprint("app", __name__)

-## temp, showcasing HLS
+# temp, showcasing HLS
+
+
@main_bp.route('/hls1/<stream_id>')
 def hls(stream_id):
    stream_url = f"http://127.0.0.1:8080/hls/{stream_id}/index.m3u8"
    return render_template("video.html", video_url=stream_url)
-#--------------------------------------------------------
+# --------------------------------------------------------






-#TODO Route for saving uploaded thumbnails to database, serving these images to the frontend upon request: →→→ @main_bp.route('/images/<path:filename>') \n def serve_image(filename): ←←←
+# TODO Route for saving uploaded thumbnails to database, serving these images to the frontend upon request: →→→ @main_bp.route('/images/<path:filename>') \n def serve_image(filename): ←←←
--- a/web_server/blueprints/user.py
+++ b/web_server/blueprints/user.py
@@ -53,10 +53,7 @@ def get_login_status():
    """
    Returns whether the user is logged in or not
    """
-    username = session.get("username", None)
-    if not username:
-        return {"logged_in": True}
-    return {"logged_in": False}
+    return jsonify(session.get("username") is not None)

@user_bp.route('/authenticate_user')
 def authenticate_user():