diff --git a/.flaskenv b/.flaskenv index 705204a..d85c341 100644 --- a/.flaskenv +++ b/.flaskenv @@ -1,2 +1,2 @@ -FLASK_APP=core.app +FLASK_APP=core.blueprints.__init__ FLASK_DEBUG=True \ No newline at end of file diff --git a/core/__pycache__/app.cpython-310.pyc b/core/__pycache__/app.cpython-310.pyc index 95e8a46..86068f3 100644 Binary files a/core/__pycache__/app.cpython-310.pyc and b/core/__pycache__/app.cpython-310.pyc differ diff --git a/core/blueprints/__init__.py b/core/blueprints/__init__.py new file mode 100644 index 0000000..87a3b69 --- /dev/null +++ b/core/blueprints/__init__.py @@ -0,0 +1,21 @@ +from flask import Flask +from flask_session import Session +from core.blueprints.utils import logged_in_user + +def create_app(): + app = Flask(__name__, template_folder="../../ui/templates/") + app.config["SECRET_KEY"] = "" + app.config["SESSION_PERMANENT"] = False + app.config["SESSION_TYPE"] = "filesystem" + + Session(app) + app.before_request(logged_in_user) + + with app.app_context(): + from core.blueprints.authentication import auth_bp + from core.blueprints.main import main_bp + + app.register_blueprint(auth_bp) + app.register_blueprint(main_bp) + + return app \ No newline at end of file diff --git a/core/blueprints/__pycache__/__init__.cpython-310.pyc b/core/blueprints/__pycache__/__init__.cpython-310.pyc new file mode 100644 index 0000000..8285129 Binary files /dev/null and b/core/blueprints/__pycache__/__init__.cpython-310.pyc differ diff --git a/core/blueprints/__pycache__/app.cpython-310.pyc b/core/blueprints/__pycache__/app.cpython-310.pyc new file mode 100644 index 0000000..5f5b095 Binary files /dev/null and b/core/blueprints/__pycache__/app.cpython-310.pyc differ diff --git a/core/blueprints/__pycache__/authentication.cpython-310.pyc b/core/blueprints/__pycache__/authentication.cpython-310.pyc new file mode 100644 index 0000000..cca19bf Binary files /dev/null and b/core/blueprints/__pycache__/authentication.cpython-310.pyc differ diff --git a/core/blueprints/__pycache__/main.cpython-310.pyc b/core/blueprints/__pycache__/main.cpython-310.pyc new file mode 100644 index 0000000..a8a1247 Binary files /dev/null and b/core/blueprints/__pycache__/main.cpython-310.pyc differ diff --git a/core/blueprints/__pycache__/utils.cpython-310.pyc b/core/blueprints/__pycache__/utils.cpython-310.pyc new file mode 100644 index 0000000..7d1d516 Binary files /dev/null and b/core/blueprints/__pycache__/utils.cpython-310.pyc differ diff --git a/core/app.py b/core/blueprints/authentication.py similarity index 66% rename from core/app.py rename to core/blueprints/authentication.py index 87bdfe3..fc2677f 100644 --- a/core/app.py +++ b/core/blueprints/authentication.py @@ -1,52 +1,12 @@ -from flask import Flask, render_template, session, request, url_for, redirect, g -from flask_session import Session +from flask import Blueprint, render_template, session, request, url_for, redirect, g from werkzeug.security import generate_password_hash, check_password_hash -from functools import wraps - from core.forms import SignupForm, LoginForm from database.database import Database +from core.blueprints.utils import login_required -app = Flask(__name__, template_folder="../ui/templates/") -app.config["SECRET_KEY"] = "" -app.config["SESSION_PERMANENT"] = False -app.config["SESSION_TYPE"] = "filesystem" +auth_bp = Blueprint("auth", __name__) -Session(app) - -@app.before_request -def logged_in_user(): - g.user = session.get("username", None) - g.admin = session.get("username", None) - -def login_required(view): - """add at start of routes where users need to be logged in to access""" - @wraps(view) - def wrapped_view(*args, **kwargs): - if g.user is None: - return redirect(url_for("login", next=request.url)) - return view(*args, **kwargs) - return wrapped_view - -def admin_required(view): - """add at start of routes where admins need to be logged in to access""" - @wraps(view) - def wrapped_view(*args, **kwargs): - if g.admin != "admin": - return redirect(url_for("login", next=request.url)) - return view(*args, **kwargs) - return wrapped_view - -@app.route('/') -def index(): - """ - Home page of the platform - - Contains a list of some of the streams that are currently live and the most popular categories. - """ - - return render_template('index.html') - -@app.route("/signup", methods=["GET", "POST"]) +@auth_bp.route("/signup", methods=["GET", "POST"]) def signup(): form = SignupForm() if form.validate_on_submit(): @@ -76,7 +36,7 @@ def signup(): cursor.execute("""INSERT INTO users (username, password, email, num_followers, isPartenered, bio) VALUES (?, ?, ?, ?, ?, ?);""", (username, generate_password_hash(password), email, 0, 0, "This user does not have a Bio.")) db.commit_data() - return redirect(url_for("login")) + return redirect(url_for("auth.login")) # Close connection to prevent data leaks @@ -84,7 +44,7 @@ def signup(): return render_template("signup.html", form=form) -@app.route("/login", methods=["GET", "POST"]) +@auth_bp.route("/login", methods=["GET", "POST"]) def login(): form = LoginForm() if form.validate_on_submit(): @@ -99,14 +59,15 @@ def login(): # Check if user exists so only users who have signed up can login user_exists = cursor.execute("""SELECT * FROM users WHERE username = ?;""", (username,)).fetchone() - db.close_connection() if not user_exists: form.username.errors.append("Incorrect username or password.") + db.close_connection() # Check is hashed passwords match to verify the user logging in elif not check_password_hash(user_exists["password"], password): form.username.errors.append("Incorrect username or password.") + db.close_connection() else: # Create a new session to prevent users from exploiting horizontal access control @@ -118,12 +79,13 @@ def login(): # Otherwise return home if not next_page: - next_page = url_for("index") + next_page = url_for("app.index") + db.close_connection() return redirect(next_page) return render_template("login.html", form=form) -@app.route("/logout") +@auth_bp.route("/logout") @login_required def logout(): session.clear() diff --git a/core/blueprints/main.py b/core/blueprints/main.py new file mode 100644 index 0000000..34472ac --- /dev/null +++ b/core/blueprints/main.py @@ -0,0 +1,14 @@ +from flask import render_template, Blueprint + +main_bp = Blueprint("app", __name__) + + +@main_bp.route('/') +def index(): + """ + Home page of the platform + + Contains a list of some of the streams that are currently live and the most popular categories. + """ + return render_template('index.html') + diff --git a/core/blueprints/utils.py b/core/blueprints/utils.py new file mode 100644 index 0000000..2ccf32c --- /dev/null +++ b/core/blueprints/utils.py @@ -0,0 +1,24 @@ +from flask import redirect, url_for, request, g, session +from functools import wraps + +def logged_in_user(): + g.user = session.get("username", None) + g.admin = session.get("username", None) + +def login_required(view): + """add at start of routes where users need to be logged in to access""" + @wraps(view) + def wrapped_view(*args, **kwargs): + if g.user is None: + return redirect(url_for("login", next=request.url)) + return view(*args, **kwargs) + return wrapped_view + +def admin_required(view): + """add at start of routes where admins need to be logged in to access""" + @wraps(view) + def wrapped_view(*args, **kwargs): + if g.admin != "admin": + return redirect(url_for("login", next=request.url)) + return view(*args, **kwargs) + return wrapped_view \ No newline at end of file diff --git a/database/__pycache__/database.cpython-310.pyc b/database/__pycache__/database.cpython-310.pyc index dcfaff9..1830151 100644 Binary files a/database/__pycache__/database.cpython-310.pyc and b/database/__pycache__/database.cpython-310.pyc differ diff --git a/database/app.db b/database/app.db index 37d5a51..1e82968 100644 Binary files a/database/app.db and b/database/app.db differ diff --git a/flask_session/841e29f4900cf96cfb8ec55c0c598d2c b/flask_session/841e29f4900cf96cfb8ec55c0c598d2c deleted file mode 100644 index bc2b512..0000000 Binary files a/flask_session/841e29f4900cf96cfb8ec55c0c598d2c and /dev/null differ diff --git a/flask_session/bd9d4040a2dcd9c9d4ed85d3dc2d6ba7 b/flask_session/bd9d4040a2dcd9c9d4ed85d3dc2d6ba7 new file mode 100644 index 0000000..dc3f711 Binary files /dev/null and b/flask_session/bd9d4040a2dcd9c9d4ed85d3dc2d6ba7 differ