From d6b3286bc54aa6e22fbb9542c98ad398b41f9990 Mon Sep 17 00:00:00 2001
From: crunk <dvanderkleij@gmail.com>
Date: Sun, 3 Dec 2023 15:32:54 +0100
Subject: [PATCH] continue

---
 library/page.py | 71 +++++++++++++++++++++++++++++++++++++++----------
 library/secret  |  1 -
 2 files changed, 57 insertions(+), 15 deletions(-)
 delete mode 100644 library/secret

diff --git a/library/page.py b/library/page.py
index a2af1c0..a0f04df 100644
--- a/library/page.py
+++ b/library/page.py
@@ -1,15 +1,21 @@
 """This is the main flask library page"""
 
 
+from datetime import timedelta
 import datetime
 import json
 import os
 
 import bcrypt
-from app import create_app
+from app import create_app, login_manager
 from application.csvparser import CsvParser
-from flask import Blueprint, redirect, render_template, request
-from flask_wtf.csrf import CSRFProtect
+from flask import Blueprint, redirect, render_template, request, session
+from flask_wtf.csrf import CSRFProtect, CSRFError
+from flask_login import (
+    logout_user,
+    login_required,
+    current_user,
+)
 from forms.borrowform import BorrowForm
 from forms.uploadform import PublicationForm
 from icalendar import Calendar
@@ -28,6 +34,12 @@ csvparser = CsvParser(
 )
 
 
+@APP.before_request
+def session_handler():
+    session.permanent = True
+    APP.permanent_session_lifetime = timedelta(minutes=30)
+
+
 @APP.route("/")
 def index():
     """Main route, shows all the books and you can filter them
@@ -48,13 +60,12 @@ def index():
 
 
 @APP.route("/upload", methods=["GET", "POST"])
+@login_required
 def upload():
     """Upload route, a page to upload a book to the csv"""
     uploadform = PublicationForm()
     if request.method == "POST":
-        if uploadform.validate_on_submit() and checksecret(
-            uploadform.secret.data
-        ):
+        if uploadform.validate_on_submit():
             id = csvparser.writepublication(uploadform)
             saveimage(uploadform.image.data, id)
             return redirect(str(id), code=303)
@@ -112,14 +123,46 @@ def saveimage(image, id):
     os.remove(os.path.join(APP.config["UPLOAD_FOLDER"], image.filename))
 
 
-def checksecret(secret):
-    """small simple check to a secret, library group members can upload"""
-    with open("secret") as f:
-        secrethash = f.readline().rstrip()
-        if bcrypt.checkpw(secret.encode("utf-8"), secrethash.encode("utf-8")):
-            return True
-        else:
-            return False
+@APP.route("/logout")
+@login_required
+def logout():
+    logout_user()
+    return redirect(url_for("index"))
+
+
+@APP.route("/login", methods=["GET", "POST"])
+def login():
+    return LoginUser()
+
+
+@APP.route("/register", methods=["GET", "POST"])
+def register():
+    return RegisterUser()
+
+
+@APP.route("/forgotpassword", methods=["GET", "POST"])
+def forgotpassword():
+    return ForgotPassword(mail)
+
+
+@APP.route("/resetpassword/<path>", methods=["GET", "POST"])
+def resetpassword(path):
+    return ResetPassword(path)
+
+
+@APP.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("csrf_error.html", reason=e.description), 400
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+
+@APP.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("csrf_error.html", reason=e.description), 400
 
 
 if __name__ == "__main__":
diff --git a/library/secret b/library/secret
deleted file mode 100644
index 5658eff..0000000
--- a/library/secret
+++ /dev/null
@@ -1 +0,0 @@
-$2b$12$kZC/e1smAiBCntQxLUpsZ.H0Y5VkWG/YLt18wIdGmONtijkXYaVsO