Added login functionality and admin page

This commit is contained in:
Eljakim Herrewijnen 2021-11-07 22:40:34 +01:00
parent 2186c273dd
commit 20f1d31149
10 changed files with 248 additions and 46 deletions

73
app.py
View File

@ -1,7 +1,32 @@
from flask import Flask, render_template, request, jsonify from flask import Flask, render_template, request, jsonify, abort, redirect, url_for
from services import Services from flask_login import LoginManager , login_required , UserMixin , login_user, current_user, logout_user
app = Flask("Project Candle") from forms import LoginForm
services = Services() from services import Services, UserManager
from models import User
import sqlite3
import re
#Setup
app = Flask("Project Fish")
app.config.from_pyfile('config.py')
login_manager = LoginManager()
login_manager.login_view = "login"
login_manager.init_app(app)
sqlpath="sqlite.db"
db = sqlite3.connect(sqlpath, check_same_thread=False)
services = Services(db)
usermanager = UserManager(db)
def is_string_sanitized(data):
sanitized_string = re.sub('[^a-zA-Z0-9_@#$.\s]', '', data)
if len(data) != len(sanitized_string):
return False
return True
@login_manager.user_loader
def load_user(user_id):
return usermanager.GetUserByID(user_id)
@app.route('/') @app.route('/')
def index(): def index():
@ -10,20 +35,42 @@ def index():
@app.route("/GetServices", methods=['GET', 'POST']) @app.route("/GetServices", methods=['GET', 'POST'])
def GetServices(): def GetServices():
nummer = (request.json)["nummer"] nummer = (request.json)["nummer"]
if(not is_string_sanitized(nummer)):
return abort(401)
if(nummer != None and nummer != ""): if(nummer != None and nummer != ""):
ser=services.GetServices(nummer) ser=services.GetServices(nummer)
return jsonify(render_template("results.html", services=ser),) return jsonify(render_template("results.html", services=ser),)
ser = services.GetAllServices() ser = services.GetAllServices()
return render_template("results.html", services=ser) return render_template("results.html", services=ser)
@app.route('/admin')
@login_required
def admin():
return render_template("admin.html")
@app.route("/logout")
@login_required
def logout():
logout_user()
return render_template("index.html")
@app.route('/login' , methods=['GET' , 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if(not (is_string_sanitized(username) and is_string_sanitized(username))):
return abort(401)
registeredUser = usermanager.Authenticate(username, password)
if registeredUser != None:
login_user(registeredUser)
return redirect(url_for('admin'))
else:
return abort(401)
else:
return render_template("login.html")
def RunWeb(): def RunWeb():
app.run(debug=True) app.run(debug=True)
@app.route('/', methods=['POST'])
def my_form_post():
text = request.form['text']
processed_text = text.upper()
print(f'Inputted text is: {processed_text}')
return processed_text

1
config.py Normal file
View File

@ -0,0 +1 @@
SECRET_KEY="5d836ca2ce0843658c5d56e12d94e512"

7
forms.py Normal file
View File

@ -0,0 +1,7 @@
from wtforms import StringField, PasswordField, SubmitField
from flask_wtf import FlaskForm
class LoginForm(FlaskForm):
username = StringField('username')
password = PasswordField('password')
submit = SubmitField('Submit')

21
models.py Normal file
View File

@ -0,0 +1,21 @@
from flask_login import UserMixin
class User(UserMixin):
def __init__(self , username , password , id , active=True, salt=""):
self.id = id
self.username = username
self.password = password
self.active = active
self.salt = salt
def get(self):
return self.id
def get_id(self):
return self.id
def is_active(self):
return self.active
# def get_auth_token(self):
# return make_secure_token(self.username , key='secret_key')

View File

@ -1,14 +1,19 @@
import datetime import datetime
from sqlite3 import *
import sqlite3 import sqlite3
import locale import locale
import random import random
locale.setlocale(locale.LC_TIME, "nl_NL.utf-8") # swedish import hashlib
import uuid
from werkzeug.datastructures import Authorization
from models import User
locale.setlocale(locale.LC_TIME, "nl_NL.utf-8")
class Services: class Services:
def __init__(self, sqlpath="sqlite.db") -> None: def __init__(self, db) -> None:
self.sqlpath = sqlpath self.db = db
self.db = sqlite3.connect(self.sqlpath, check_same_thread=False)
self.cursor = self.db.cursor() self.cursor = self.db.cursor()
self.PopulateDB() self.PopulateDB()
@ -53,19 +58,75 @@ class Services:
self.cursor.execute(query) self.cursor.execute(query)
self.db.commit() self.db.commit()
class UserManager():
def __init__(self, db) -> None:
self.db = db
self.cursor = self.db.cursor()
self.PopulateDB()
def PopulateDB(self):
'''
Create db for user managment. Password is stored as a hash
'''
query = f"""CREATE TABLE IF NOT EXISTS users
(
id INTEGER PRIMARY KEY AUTOINCREMENT,
name STRING,
password STRING,
salt STRING
);
"""
self.cursor.execute(query)
def AddUser(self, name, password):
salt = uuid.uuid4().hex
m = hashlib.sha512()
m.update((password + salt).encode("utf-8"))
password = m.digest().hex()
query = f"""
INSERT INTO users (name, password, salt)
VALUES('{name}', '{password}', '{salt}');
"""
self.cursor.execute(query)
self.db.commit()
def Authenticate(self, name, password):
us = self.cursor.execute(f"select * from users where name == '{name}';").fetchall()
if(us != None and len(us) > 0):
us = us[0]
m = hashlib.sha512()
m.update((password + us[3]).encode("utf-8"))
password = m.digest().hex()
if(password == us[2]):
return User(us[1], us[2], us[0], salt=us[3])
return None
def GetUserByID(self, id):
us = self.cursor.execute(f"select * from users where id == {id};").fetchall()
if(us != None):
us = us[0]
return User(us[1], us[2], us[0], salt=us[3])
return None
if __name__ == "__main__": if __name__ == "__main__":
#fill db #fill db
ser = Services() db = sqlite3.connect("sqlite.db", check_same_thread=False)
for i in range(100): ser = Services(db)
d = datetime.datetime.now() us = UserManager(db)
d = d.replace(hour=random.randint(1, 23), day = random.randint(1, 28), month = random.randint(1, 12))
d = d.strftime("%Y-%m-%d %H:%M:%S") # us.AddUser("Eljakim", "Kunnenwe?")
g = "" us.Authenticate("Eljakim", "Kunnenwe?")
for j in range(10): us.Authenticate("Eljakim", "Kunnenwe2?")
g += str(random.randint(1, 30)) # for i in range(100):
g += ":" # d = datetime.datetime.now()
ser.AddService(d, g) # d = d.replace(hour=random.randint(1, 23), day = random.randint(1, 28), month = random.randint(1, 12))
r = ser.GetAllServices() # d = d.strftime("%Y-%m-%d %H:%M:%S")
d = ser.GetServices(str(4)) # g = ""
print(d) # for j in range(10):
# g += str(random.randint(1, 30))
# g += ":"
# ser.AddService(d, g)
# r = ser.GetAllServices()
# d = ser.GetServices(str(4))
# print(d)

BIN
sqlite.db

Binary file not shown.

View File

@ -132,3 +132,42 @@
margin-left: -100px; margin-left: -100px;
font-family: "Verdana"; font-family: "Verdana";
} */ } */
.a_datum_block{
width: 100%;
}
.a_datum_input{
padding: 1%;
position: relative;
margin:1%;
}
.a_datum_block{
width: 100%;
}
.a_van_input{
padding: 1%;
margin:1%;
}
.a_tot_input{
padding: 1%;
margin:1%;
}
.add_service_btn{
position: relative;
background-color: lightblue;
padding: 2%;
margin: 1%;
width: 20%;
left: 20%;
text-align: center;
font-size: 26px;
}
.add_service_btn:hover{
background-color: blue;
cursor: pointer;
}

30
templates/admin.html Normal file
View File

@ -0,0 +1,30 @@
{% extends 'base.html' %}
<head>
<div class="headerblock">
</div>
<h1>Administratie</h1>
</head>
{% block content %}
<div class="requestblock">
<h2>Voeg dienst toe:</h2>
<div class="a_datum_block">
<input class="a_datum_input" id="datum_input" name="text" placeholder="1-11-2021">
</div>
<div class="a_datum_block">
<input class="a_van_input" id="van_input" name="text" placeholder="1">
<tr>t/m</tr>
<input class="a_tot_input" id="tot_input" name="text" placeholder="10">
</div>
<div class="add_service_btn" onclick="AddService()">Toevoegen</div>
</div>
<div class="adminresultblock" id="resultblock">
</div>
{% endblock %}

9
templates/login.html Normal file
View File

@ -0,0 +1,9 @@
{% extends "base.html" %}
{% block content %}
<form action="" method="post">
<p><input type=text name=username>
<p><input type=password name=password>
<p><input type=submit value=Login>
</form>
{% endblock %}

View File

@ -1,13 +0,0 @@
.center {
display: block;
margin-left: 40%;
margin-right: 60%;
width: 50%;
}
.nummer_button{
width:5%;
height: 3%;
background-color: red;
}