merge contact settings and user tables

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+patreon: Lynnesbian
+ko_fi: Lynnesbian
+custom: https://www.paypal.me/Lynnesbian

requirements.txt

@@ -3,5 +3,5 @@ markovify==0.7.1
 beautifulsoup4==4.7.1
 requests==2.22.0
 Flask==1.1.1
-mysql-connector-python==8.0.17
+flask-mysqldb==0.2.0
 bcrypt == 3.1.7

setup.sql

@@ -1,18 +1,23 @@
+USE `fedibooks`;
 CREATE TABLE IF NOT EXISTS `users` (
-  `id` BINARY(64) PRIMARY KEY,
+  `id` INT AUTO_INCREMENT PRIMARY KEY,
   `email` VARCHAR(128) UNIQUE NOT NULL,
-  `password` BINARY(60) NOT NULL
-);
-CREATE TABLE IF NOT EXISTS `contact_settings` (
-  FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE,
+  `password` BINARY(60) NOT NULL,
   `fetch` ENUM('always', 'once', 'never') DEFAULT 'once',
   `submit` ENUM('always', 'once', 'never') DEFAULT 'once',
   `generation` ENUM('always', 'once', 'never') DEFAULT 'once',
   `reply` ENUM('always', 'once', 'never') DEFAULT 'once'
-);
+) ENGINE=INNODB;
+CREATE TABLE IF NOT EXISTS `credentials` (
+  `id` INT AUTO_INCREMENT PRIMARY KEY,
+  `client_id` VARCHAR(128) NOT NULL,
+  `client_secret` VARCHAR(128) NOT NULL,
+  `secret` VARCHAR(128) NOT NULL
+) ENGINE=INNODB;
 CREATE TABLE IF NOT EXISTS `bots` (
   `id` BINARY(64) PRIMARY KEY,
-  FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE,
+  `user_id` INT NOT NULL,
+  `credentials_id` INT NOT NULL,
   `enabled` BOOLEAN DEFAULT 1,
   `replies_enabled` BOOLEAN DEFAULT 1,
   `post_frequency` SMALLINT UNSIGNED DEFAULT 30,
@@ -23,35 +28,37 @@ CREATE TABLE IF NOT EXISTS `bots` (
   `post_privacy` ENUM('public', 'unlisted', 'followers_only') DEFAULT 'unlisted',
   `learn_from_cw` BOOLEAN DEFAULT 0,
   `last_post` DATETIME DEFAULT 0,
+  `icon` VARCHAR(512),
+  `icon_update_time` DATETIME DEFAULT 0,
+  FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE,
   FOREIGN KEY (`credentials_id`) REFERENCES credentials(id) ON DELETE CASCADE
-);
-CREATE TABLE IF NOT EXISTS `credentials` (
-  `id` INT AUTO_INCREMENT PRIMARY KEY,
-  `client_id` VARCHAR(128) NOT NULL,
-  `client_secret` VARCHAR(128) NOT NULL,
-  `secret` VARCHAR(128) NOT NULL
-);
+) ENGINE=INNODB;
 CREATE TABLE IF NOT EXISTS `fedi_account` (
   `handle` VARCHAR(128) NOT NULL PRIMARY KEY,
   `outbox` VARCHAR(256),
+  `credentials_id` INT NOT NULL,
+  `icon` VARCHAR(512),
+  `icon_update_time` DATETIME DEFAULT 0,
   FOREIGN KEY (`credentials_id`) REFERENCES credentials(id) ON DELETE CASCADE
-);
+) ENGINE=INNODB;
 CREATE TABLE IF NOT EXISTS `posts` (
   `id` BIGINT AUTO_INCREMENT PRIMARY KEY,
   `post_id` VARCHAR(64) NOT NULL,
-  `content` VARCHAR(65535) NOT NULL,
+  `content` TEXT NOT NULL,
   `cw` BOOLEAN NOT NULL
-);
+) ENGINE=INNODB;
 CREATE TABLE IF NOT EXISTS `word_blacklist` (
   `id` INT AUTO_INCREMENT PRIMARY KEY,
-  FOREIGN KEY (`bot_id`) REFERENCES bots(id) ON DELETE CASCADE,
+  `bot_id` BINARY(64) NOT NULL,
   `phrase` VARCHAR(128) NOT NULL,
-  `whole_word` BOOLEAN NOT NULL
-);
+  `whole_word` BOOLEAN NOT NULL,
+  FOREIGN KEY (`bot_id`) REFERENCES bots(id) ON DELETE CASCADE
+) ENGINE=INNODB;
 CREATE TABLE IF NOT EXISTS `contact_history` (
-  FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE,
+  `user_id` INT NOT NULL,
   `fetch` BOOLEAN DEFAULT 0,
   `submit` BOOLEAN DEFAULT 0,
   `generation` BOOLEAN DEFAULT 0,
-  `reply` BOOLEAN DEFAULT 0
-);
+  `reply` BOOLEAN DEFAULT 0,
+  FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE
+) ENGINE=INNODB;

templates/login.html

@@ -23,7 +23,7 @@
 				{% endif %}
 				<br>
 				<label for="password" class="important full-width">Password</label>
-				<input type="password" name="password">
+				<input type="password" pattern=".{8,}" name="password">
 				{% if signup %}
 				<p class="small">
 					Passwords must be at least eight characters long.

webui.py

@@ -1,15 +1,23 @@
-from flask import Flask, render_template, session
-import json
+from flask import Flask, render_template, session, request, redirect, url_for
+from flask_mysqldb import MySQL
+import MySQLdb
+import bcrypt
+import json, hashlib
 
 cfg = json.load(open("config.json"))
 
 app = Flask(__name__)
 app.secret_key = cfg['secret_key']
 
+app.config['MYSQL_HOST'] = cfg['db_host']
+app.config['MYSQL_DB'] = cfg['db_name']
+app.config['MYSQL_USER'] = cfg['db_user']
+app.config['MYSQL_PASSWORD'] = cfg['db_pass']
+
+mysql = MySQL(app)
+
 @app.route("/")
-def hello():
-	session['userid'] = 1
-	# session.clear()
+def home():
 	if 'userid' in session:
 		session['step'] = 1
 		return render_template("home.html")
@@ -29,7 +37,8 @@ def show_login_page():
 	return render_template("login.html", signup = False)
 
 @app.route("/signup")
-def show_signup_page():
+def show_signup_page(error = None):
+	#TODO: display error if any
 	return render_template("login.html", signup = True)
 
 @app.route("/settings")
@@ -54,7 +63,48 @@ def bot_accounts_add():
 
 @app.route("/bot/create/")
 def bot_create():
-	session['step'] = 4
-	session['instance'] = "botsin.space"
-	session['instance_type'] = "Mastodon"
 	return render_template("bot_create.html")
+
+@app.route("/do/signup", methods=['POST'])
+def do_signup():
+	# email validation is basically impossible without actually sending an email to the address
+	# because fedibooks can't send email yet, we'll just check if the string contains an @ ;)
+	if "@" not in request.form['email']:
+		return show_signup_page("Invalid email address.")
+
+	if len(request.form['password']) < 8:
+		return show_signup_page("Password too short.")
+
+	user_id = hashlib.sha256(request.form['email'].encode('utf-8')).digest()
+
+	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
+	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
+
+	# try to sign up
+	c = mysql.connection.cursor()
+	c.execute("INSERT INTO `users` (email, password) VALUES (%s, %s)", (request.form['email'], pw))
+	mysql.connection.commit()
+	c.close()
+
+	# success!
+	session['userid'] = user_id
+	return redirect(url_for('home'))
+
+@app.route("/do/signout")
+def do_signout():
+	session.clear()
+	return redirect(url_for("home"))
+
+@app.route("/do/login", methods=['POST'])
+def do_login():
+	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
+	c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
+	c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))
+	data = c.fetchone()
+	c.close()
+	if bcrypt.checkpw(pw_hashed, data['password']):
+		session['userid'] = data['id']
+		return redirect(url_for("home"))
+
+	else:
+		return "invalid login"