2019-09-01 07:16:52 +00:00
|
|
|
from flask import Flask, render_template, session, request, redirect, url_for
|
2019-09-01 05:19:30 +00:00
|
|
|
from flask_mysqldb import MySQL
|
2019-09-01 07:30:00 +00:00
|
|
|
import MySQLdb
|
2019-09-01 07:09:08 +00:00
|
|
|
import bcrypt
|
|
|
|
|
import json, hashlib
|
2019-08-31 03:26:20 +00:00
|
|
|
|
|
|
|
|
cfg = json.load(open("config.json"))
|
2019-08-27 10:36:54 +00:00
|
|
|
|
|
|
|
|
app = Flask(__name__)
|
2019-08-31 03:26:20 +00:00
|
|
|
app.secret_key = cfg['secret_key']
|
2019-08-27 10:36:54 +00:00
|
|
|
|
2019-09-01 06:28:45 +00:00
|
|
|
app.config['MYSQL_HOST'] = cfg['db_host']
|
|
|
|
|
app.config['MYSQL_DB'] = cfg['db_name']
|
|
|
|
|
app.config['MYSQL_USER'] = cfg['db_user']
|
|
|
|
|
app.config['MYSQL_PASSWORD'] = cfg['db_pass']
|
2019-09-01 05:19:30 +00:00
|
|
|
|
2019-09-01 06:28:45 +00:00
|
|
|
mysql = MySQL(app)
|
2019-09-01 05:19:30 +00:00
|
|
|
|
2019-08-27 10:36:54 +00:00
|
|
|
@app.route("/")
|
2019-09-01 06:28:45 +00:00
|
|
|
def home():
|
2019-08-29 06:23:56 +00:00
|
|
|
if 'userid' in session:
|
2019-09-01 04:57:03 +00:00
|
|
|
session['step'] = 1
|
2019-08-29 06:23:56 +00:00
|
|
|
return render_template("home.html")
|
|
|
|
|
else:
|
|
|
|
|
return render_template("front_page.html")
|
2019-08-28 03:53:44 +00:00
|
|
|
|
2019-08-29 01:15:47 +00:00
|
|
|
@app.route("/welcome")
|
|
|
|
|
def welcome():
|
|
|
|
|
return render_template("welcome.html")
|
|
|
|
|
|
2019-08-30 12:30:59 +00:00
|
|
|
@app.route("/about")
|
|
|
|
|
def about():
|
|
|
|
|
return render_template("about.html")
|
|
|
|
|
|
2019-08-28 03:53:44 +00:00
|
|
|
@app.route("/login")
|
|
|
|
|
def show_login_page():
|
2019-08-29 05:08:11 +00:00
|
|
|
return render_template("login.html", signup = False)
|
|
|
|
|
|
|
|
|
|
@app.route("/signup")
|
2019-09-01 07:09:08 +00:00
|
|
|
def show_signup_page(error = None):
|
|
|
|
|
#TODO: display error if any
|
2019-08-29 05:08:11 +00:00
|
|
|
return render_template("login.html", signup = True)
|
2019-08-29 13:51:31 +00:00
|
|
|
|
2019-08-30 03:56:28 +00:00
|
|
|
@app.route("/settings")
|
|
|
|
|
def settings():
|
|
|
|
|
return render_template("settings.html")
|
|
|
|
|
|
2019-08-29 13:51:31 +00:00
|
|
|
@app.route("/bot/edit/<id>")
|
|
|
|
|
def bot_edit(id):
|
|
|
|
|
return render_template("bot_edit.html")
|
2019-08-30 08:52:13 +00:00
|
|
|
|
2019-08-30 11:28:34 +00:00
|
|
|
@app.route("/bot/delete/<id>")
|
|
|
|
|
def bot_delete(id):
|
|
|
|
|
return render_template("bot_delete.html")
|
|
|
|
|
|
2019-09-01 04:02:42 +00:00
|
|
|
@app.route("/bot/accounts/<id>")
|
|
|
|
|
def bot_accounts(id):
|
|
|
|
|
return render_template("bot_accounts.html")
|
|
|
|
|
|
2019-09-01 04:41:33 +00:00
|
|
|
@app.route("/bot/accounts/add")
|
|
|
|
|
def bot_accounts_add():
|
|
|
|
|
return render_template("bot_accounts_add.html")
|
|
|
|
|
|
2019-08-30 08:52:13 +00:00
|
|
|
@app.route("/bot/create/")
|
|
|
|
|
def bot_create():
|
|
|
|
|
return render_template("bot_create.html")
|
2019-09-01 07:09:08 +00:00
|
|
|
|
|
|
|
|
@app.route("/do/signup", methods=['POST'])
|
|
|
|
|
def do_signup():
|
|
|
|
|
# email validation is basically impossible without actually sending an email to the address
|
|
|
|
|
# because fedibooks can't send email yet, we'll just check if the string contains an @ ;)
|
|
|
|
|
if "@" not in request.form['email']:
|
|
|
|
|
return show_signup_page("Invalid email address.")
|
|
|
|
|
|
|
|
|
|
if len(request.form['password']) < 8:
|
|
|
|
|
return show_signup_page("Password too short.")
|
|
|
|
|
|
|
|
|
|
user_id = hashlib.sha256(request.form['email'].encode('utf-8')).digest()
|
|
|
|
|
|
|
|
|
|
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
|
2019-09-01 07:17:07 +00:00
|
|
|
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
|
2019-09-01 07:09:08 +00:00
|
|
|
|
|
|
|
|
# try to sign up
|
|
|
|
|
c = mysql.connection.cursor()
|
2019-09-01 09:53:38 +00:00
|
|
|
c.execute("INSERT INTO `users` (email, password) VALUES (%s, %s)", (request.form['email'], pw))
|
2019-09-01 07:09:08 +00:00
|
|
|
mysql.connection.commit()
|
|
|
|
|
c.close()
|
2019-09-01 07:16:52 +00:00
|
|
|
|
|
|
|
|
# success!
|
|
|
|
|
session['userid'] = user_id
|
|
|
|
|
return redirect(url_for('home'))
|
2019-09-01 07:19:17 +00:00
|
|
|
|
|
|
|
|
@app.route("/do/signout")
|
|
|
|
|
def do_signout():
|
|
|
|
|
session.clear()
|
|
|
|
|
return redirect(url_for("home"))
|
2019-09-01 07:30:00 +00:00
|
|
|
|
|
|
|
|
@app.route("/do/login", methods=['POST'])
|
|
|
|
|
def do_login():
|
|
|
|
|
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
|
|
|
|
|
c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
|
|
|
|
|
c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))
|
|
|
|
|
data = c.fetchone()
|
|
|
|
|
c.close()
|
|
|
|
|
if bcrypt.checkpw(pw_hashed, data['password']):
|
|
|
|
|
session['userid'] = data['id']
|
|
|
|
|
return redirect(url_for("home"))
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
return "invalid login"
|
