FediBooks/webui.py

from flask import Flask, render_template, session, request, redirect, url_for
from flask_mysqldb import MySQL
import requests
import MySQLdb
import bcrypt
import json, hashlib, re

cfg = json.load(open("config.json"))

app = Flask(__name__)
app.secret_key = cfg['secret_key']

app.config['MYSQL_HOST'] = cfg['db_host']
app.config['MYSQL_DB'] = cfg['db_name']
app.config['MYSQL_USER'] = cfg['db_user']
app.config['MYSQL_PASSWORD'] = cfg['db_pass']

mysql = MySQL(app)

@app.route("/")
def home():
	if 'userid' in session:
		session['step'] = 1
		c = mysql.connection.cursor()
		c.execute("SELECT COUNT(*) FROM `bots` WHERE user_id = %s", (session['userid'],))
		bot_count = c.fetchone()[0]
		active_count = None
		if bot_count > 0:
			c.execute("SELECT COUNT(*) FROM `bots` WHERE user_id = %s AND enabled = TRUE", (session['userid'],))
			active_count = c.fetchone()[0]
		c.close()
		return render_template("home.html", bot_count = bot_count, active_count = active_count)
	else:
		return render_template("front_page.html")

@app.route("/welcome")
def welcome():
	return render_template("welcome.html")

@app.route("/about")
def about():
	return render_template("about.html")

@app.route("/login")
def show_login_page():
	return render_template("login.html", signup = False)

@app.route("/signup")
def show_signup_page(error = None):
	#TODO: display error if any
	return render_template("login.html", signup = True)

@app.route("/settings")
def settings():
	return render_template("settings.html")

@app.route("/bot/edit/<id>")
def bot_edit(id):
	return render_template("bot_edit.html")

@app.route("/bot/delete/<id>")
def bot_delete(id):
	return render_template("bot_delete.html")

@app.route("/bot/accounts/<id>")
def bot_accounts(id):
	return render_template("bot_accounts.html")

@app.route("/bot/accounts/add")
def bot_accounts_add():
	return render_template("bot_accounts_add.html")

@app.route("/bot/create/", methods=['GET', 'POST'])
def bot_create():
	if request.method == 'POST':
		if session['step'] == 1:
			# strip leading https://, if provided
			session['instance'] = re.match(r"^(?:https?:\/\/)?(.*)", request.form['instance']).group(1)
			
			# check for mastodon/pleroma
			r = requests.get("https://{}/api/v1/instance".format(session['instance']))
			if r.status_code == 200:
				j = r.json()
				if "Pleroma" in j['version']:
					session['instance_type'] = "Pleroma"
					session['step'] += 1
				else:
					if 'is_pro' in j['contact_account']:
						# gab instance
						session['error'] = "Eat shit and die, fascist scum."
					else:
						session['instance_type'] = "Mastodon"
						session['step'] += 1

			else:
				# not a masto/pleroma instance
				# misskey is currently unsupported
				# all other instance types are also unsupported
				# return an error message
				#TODO: misskey
				session['error'] = "Unsupported instance type."

		elif session['step'] == 2:
			pass

	return render_template("bot_create.html")

@app.route("/do/signup", methods=['POST'])
def do_signup():
	# email validation is basically impossible without actually sending an email to the address
	# because fedibooks can't send email yet, we'll just check if the string contains an @ ;)
	if "@" not in request.form['email']:
		return show_signup_page("Invalid email address.")

	if len(request.form['password']) < 8:
		return show_signup_page("Password too short.")

	user_id = hashlib.sha256(request.form['email'].encode('utf-8')).digest()

	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))

	# try to sign up
	c = mysql.connection.cursor()
	c.execute("INSERT INTO `users` (email, password) VALUES (%s, %s)", (request.form['email'], pw))
	mysql.connection.commit()
	c.close()

	# success!
	session['userid'] = user_id
	return redirect(url_for('home'))

@app.route("/do/signout")
def do_signout():
	session.clear()
	return redirect(url_for("home"))

@app.route("/do/login", methods=['POST'])
def do_login():
	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
	c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
	c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))
	data = c.fetchone()
	c.close()
	if bcrypt.checkpw(pw_hashed, data['password']):
		session['userid'] = data['id']
		return redirect(url_for("home"))

	else:
		return "invalid login"
redirect after signup 2019-09-01 07:16:52 +00:00			`from flask import Flask, render_template, session, request, redirect, url_for`
prepare for backend dev 2019-09-01 05:19:30 +00:00			`from flask_mysqldb import MySQL`
add requests dependency 2019-09-01 14:22:26 +00:00			`import requests`
logging in done 2019-09-01 07:30:00 +00:00			`import MySQLdb`
sign up done./run.sh 2019-09-01 07:09:08 +00:00			`import bcrypt`
step one - basic instance validation 2019-09-01 15:07:50 +00:00			`import json, hashlib, re`
read secret key from json file 2019-08-31 03:26:20 +00:00
			`cfg = json.load(open("config.json"))`
create landing page 2019-08-27 10:36:54 +00:00
			`app = Flask(__name__)`
read secret key from json file 2019-08-31 03:26:20 +00:00			`app.secret_key = cfg['secret_key']`
create landing page 2019-08-27 10:36:54 +00:00
enable mysql, remove hardcoded session stuff 2019-09-01 06:28:45 +00:00			`app.config['MYSQL_HOST'] = cfg['db_host']`
			`app.config['MYSQL_DB'] = cfg['db_name']`
			`app.config['MYSQL_USER'] = cfg['db_user']`
			`app.config['MYSQL_PASSWORD'] = cfg['db_pass']`
prepare for backend dev 2019-09-01 05:19:30 +00:00
enable mysql, remove hardcoded session stuff 2019-09-01 06:28:45 +00:00			`mysql = MySQL(app)`
prepare for backend dev 2019-09-01 05:19:30 +00:00
create landing page 2019-08-27 10:36:54 +00:00			`@app.route("/")`
enable mysql, remove hardcoded session stuff 2019-09-01 06:28:45 +00:00			`def home():`
created 'home' page where users can manage their bots 2019-08-29 06:23:56 +00:00			`if 'userid' in session:`
reset step on home page 2019-09-01 04:57:03 +00:00			`session['step'] = 1`
display correct number of bots on home page 2019-09-01 10:24:45 +00:00			`c = mysql.connection.cursor()`
			c.execute("SELECT COUNT(*) FROM `bots` WHERE user_id = %s", (session['userid'],))
			`bot_count = c.fetchone()[0]`
			`active_count = None`
			`if bot_count > 0:`
			c.execute("SELECT COUNT(*) FROM `bots` WHERE user_id = %s AND enabled = TRUE", (session['userid'],))
			`active_count = c.fetchone()[0]`
			`c.close()`
			`return render_template("home.html", bot_count = bot_count, active_count = active_count)`
created 'home' page where users can manage their bots 2019-08-29 06:23:56 +00:00			`else:`
			`return render_template("front_page.html")`
removed bootstrap dependency and made my own css 2019-08-28 03:53:44 +00:00
show welcome page before login page 2019-08-29 01:15:47 +00:00			`@app.route("/welcome")`
			`def welcome():`
			`return render_template("welcome.html")`

added app route for about.html 2019-08-30 12:30:59 +00:00			`@app.route("/about")`
			`def about():`
			`return render_template("about.html")`

removed bootstrap dependency and made my own css 2019-08-28 03:53:44 +00:00			`@app.route("/login")`
			`def show_login_page():`
created signup page 2019-08-29 05:08:11 +00:00			`return render_template("login.html", signup = False)`

			`@app.route("/signup")`
sign up done./run.sh 2019-09-01 07:09:08 +00:00			`def show_signup_page(error = None):`
			`#TODO: display error if any`
created signup page 2019-08-29 05:08:11 +00:00			`return render_template("login.html", signup = True)`
added bot edit page 2019-08-29 13:51:31 +00:00
added account settings page 2019-08-30 03:56:28 +00:00			`@app.route("/settings")`
			`def settings():`
			`return render_template("settings.html")`

added bot edit page 2019-08-29 13:51:31 +00:00			`@app.route("/bot/edit/<id>")`
			`def bot_edit(id):`
			`return render_template("bot_edit.html")`
started bot creation page 2019-08-30 08:52:13 +00:00
added bot deletion page 2019-08-30 11:28:34 +00:00			`@app.route("/bot/delete/<id>")`
			`def bot_delete(id):`
			`return render_template("bot_delete.html")`

add bot accounts management page 2019-09-01 04:02:42 +00:00			`@app.route("/bot/accounts/<id>")`
			`def bot_accounts(id):`
			`return render_template("bot_accounts.html")`

bot accounts add page 2019-09-01 04:41:33 +00:00			`@app.route("/bot/accounts/add")`
			`def bot_accounts_add():`
			`return render_template("bot_accounts_add.html")`

step one - basic instance validation 2019-09-01 15:07:50 +00:00			`@app.route("/bot/create/", methods=['GET', 'POST'])`
started bot creation page 2019-08-30 08:52:13 +00:00			`def bot_create():`
step one - basic instance validation 2019-09-01 15:07:50 +00:00			`if request.method == 'POST':`
			`if session['step'] == 1:`
			`# strip leading https://, if provided`
			`session['instance'] = re.match(r"^(?:https?:\/\/)?(.*)", request.form['instance']).group(1)`

			`# check for mastodon/pleroma`
			`r = requests.get("https://{}/api/v1/instance".format(session['instance']))`
			`if r.status_code == 200:`
			`j = r.json()`
			`if "Pleroma" in j['version']:`
			`session['instance_type'] = "Pleroma"`
			`session['step'] += 1`
			`else:`
			`if 'is_pro' in j['contact_account']:`
			`# gab instance`
			`session['error'] = "Eat shit and die, fascist scum."`
			`else:`
			`session['instance_type'] = "Mastodon"`
			`session['step'] += 1`

			`else:`
			`# not a masto/pleroma instance`
			`# misskey is currently unsupported`
			`# all other instance types are also unsupported`
			`# return an error message`
			`#TODO: misskey`
			`session['error'] = "Unsupported instance type."`

			`elif session['step'] == 2:`
			`pass`

started bot creation page 2019-08-30 08:52:13 +00:00			`return render_template("bot_create.html")`
sign up done./run.sh 2019-09-01 07:09:08 +00:00
			`@app.route("/do/signup", methods=['POST'])`
			`def do_signup():`
			`# email validation is basically impossible without actually sending an email to the address`
			`# because fedibooks can't send email yet, we'll just check if the string contains an @ ;)`
			`if "@" not in request.form['email']:`
			`return show_signup_page("Invalid email address.")`

			`if len(request.form['password']) < 8:`
			`return show_signup_page("Password too short.")`

			`user_id = hashlib.sha256(request.form['email'].encode('utf-8')).digest()`

			`pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()`
reduce rounds 2019-09-01 07:17:07 +00:00			`pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))`
sign up done./run.sh 2019-09-01 07:09:08 +00:00
			`# try to sign up`
			`c = mysql.connection.cursor()`
make user_id an AI int to allow for signing up with an email previously used by someone else 2019-09-01 09:53:38 +00:00			c.execute("INSERT INTO `users` (email, password) VALUES (%s, %s)", (request.form['email'], pw))
sign up done./run.sh 2019-09-01 07:09:08 +00:00			`mysql.connection.commit()`
			`c.close()`
redirect after signup 2019-09-01 07:16:52 +00:00
			`# success!`
			`session['userid'] = user_id`
			`return redirect(url_for('home'))`
/do/signout 2019-09-01 07:19:17 +00:00
			`@app.route("/do/signout")`
			`def do_signout():`
			`session.clear()`
			`return redirect(url_for("home"))`
logging in done 2019-09-01 07:30:00 +00:00
			`@app.route("/do/login", methods=['POST'])`
			`def do_login():`
			`pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()`
			`c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)`
			`c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))`
			`data = c.fetchone()`
			`c.close()`
			`if bcrypt.checkpw(pw_hashed, data['password']):`
			`session['userid'] = data['id']`
			`return redirect(url_for("home"))`

			`else:`
			`return "invalid login"`