This commit is contained in:
crunk 2023-12-03 15:32:54 +01:00
parent 7db20b290e
commit d6b3286bc5
2 changed files with 57 additions and 15 deletions

View File

@ -1,15 +1,21 @@
"""This is the main flask library page""" """This is the main flask library page"""
from datetime import timedelta
import datetime import datetime
import json import json
import os import os
import bcrypt import bcrypt
from app import create_app from app import create_app, login_manager
from application.csvparser import CsvParser from application.csvparser import CsvParser
from flask import Blueprint, redirect, render_template, request from flask import Blueprint, redirect, render_template, request, session
from flask_wtf.csrf import CSRFProtect from flask_wtf.csrf import CSRFProtect, CSRFError
from flask_login import (
logout_user,
login_required,
current_user,
)
from forms.borrowform import BorrowForm from forms.borrowform import BorrowForm
from forms.uploadform import PublicationForm from forms.uploadform import PublicationForm
from icalendar import Calendar from icalendar import Calendar
@ -28,6 +34,12 @@ csvparser = CsvParser(
) )
@APP.before_request
def session_handler():
session.permanent = True
APP.permanent_session_lifetime = timedelta(minutes=30)
@APP.route("/") @APP.route("/")
def index(): def index():
"""Main route, shows all the books and you can filter them """Main route, shows all the books and you can filter them
@ -48,13 +60,12 @@ def index():
@APP.route("/upload", methods=["GET", "POST"]) @APP.route("/upload", methods=["GET", "POST"])
@login_required
def upload(): def upload():
"""Upload route, a page to upload a book to the csv""" """Upload route, a page to upload a book to the csv"""
uploadform = PublicationForm() uploadform = PublicationForm()
if request.method == "POST": if request.method == "POST":
if uploadform.validate_on_submit() and checksecret( if uploadform.validate_on_submit():
uploadform.secret.data
):
id = csvparser.writepublication(uploadform) id = csvparser.writepublication(uploadform)
saveimage(uploadform.image.data, id) saveimage(uploadform.image.data, id)
return redirect(str(id), code=303) return redirect(str(id), code=303)
@ -112,14 +123,46 @@ def saveimage(image, id):
os.remove(os.path.join(APP.config["UPLOAD_FOLDER"], image.filename)) os.remove(os.path.join(APP.config["UPLOAD_FOLDER"], image.filename))
def checksecret(secret): @APP.route("/logout")
"""small simple check to a secret, library group members can upload""" @login_required
with open("secret") as f: def logout():
secrethash = f.readline().rstrip() logout_user()
if bcrypt.checkpw(secret.encode("utf-8"), secrethash.encode("utf-8")): return redirect(url_for("index"))
return True
else:
return False @APP.route("/login", methods=["GET", "POST"])
def login():
return LoginUser()
@APP.route("/register", methods=["GET", "POST"])
def register():
return RegisterUser()
@APP.route("/forgotpassword", methods=["GET", "POST"])
def forgotpassword():
return ForgotPassword(mail)
@APP.route("/resetpassword/<path>", methods=["GET", "POST"])
def resetpassword(path):
return ResetPassword(path)
@APP.errorhandler(CSRFError)
def handle_csrf_error(e):
return render_template("csrf_error.html", reason=e.description), 400
@login_manager.user_loader
def load_user(user_id):
return User.query.get(int(user_id))
@APP.errorhandler(CSRFError)
def handle_csrf_error(e):
return render_template("csrf_error.html", reason=e.description), 400
if __name__ == "__main__": if __name__ == "__main__":

View File

@ -1 +0,0 @@
$2b$12$kZC/e1smAiBCntQxLUpsZ.H0Y5VkWG/YLt18wIdGmONtijkXYaVsO