lynnesbian/curious-greg
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

updated database schema (hopefully for the last time now), started work on home page and login functions

Browse source
This commit is contained in:
Lynne Megido 2018-11-11 17:30:33 +10:00
parent 70e8d55c56
commit b3ecbbbbc2
Signed by: lynnesbian
GPG key ID: FB7B970303ACE499
3 changed files with 70 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
templates/create_password.html
View file

@ -9,7 +9,7 @@
<h2>Please enter a password for your new Curious Greg account.</h2> <h2>Please enter a password for your new Curious Greg account.</h2>
<!-- <div id='logo-main'></div> --> <!-- <div id='logo-main'></div> -->
<form action='/internal/create_account' method='POST'> <form action='/internal/create_account' method='POST'>
<div id='form-avi' style='background-image:url("")'></div> <div id='form-avi' style={{ bg }}></div>
<span id='form-avi-label'>{{ session['acct'] }}</span><br /><br /> <span id='form-avi-label'>{{ session['acct'] }}</span><br /><br />
<label for='pw'>Password</label><br /> <label for='pw'>Password</label><br />
<input type='password' name='pw' placeholder='••••••••' required /><br /> <input type='password' name='pw' placeholder='••••••••' required /><br />

12
templates/home.html
View file

@ -6,10 +6,16 @@
</head> </head>
<body> <body>
<h1>Welcome</h1> <h1>Welcome</h1>
<h2>You're all set up and ready to go.</h2>
<!-- <div id='logo-main'></div> --> <!-- <div id='logo-main'></div> -->
<div id='body'> <div class='profilecard left'>
You haven't posted to Curious Cat in a while, so we'll wait <strong>14 minutes</strong> until we check for new answers. <div class='pc-title'>Mastodon</div>
<div id='pc-avi' style={{ mabg }}></div>
<span id='pc-avi-label'>{{ session['acct'] }}</span><br /><br />
</div>
<div class='profilecard right'>
<div class='pc-title'>Curious Cat</div>
<div id='pc-avi' style={{ ccbg }}></div>
<span id='pc-avi-label'>{{ session['cc'] }}</span><br /><br />
</div> </div>
{% include 'footer.html' %} {% include 'footer.html' %}
</body> </body>

75
web.py
View file

@ -4,7 +4,7 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this # License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/. # file, You can obtain one at http://mozilla.org/MPL/2.0/.
import requests, json, hashlib, urllib import requests, json, hashlib, urllib, time
from mastodon import Mastodon from mastodon import Mastodon
from flask import Flask, render_template, request, session, redirect, url_for from flask import Flask, render_template, request, session, redirect, url_for
import mysql.connector import mysql.connector
@ -15,7 +15,24 @@ scopes = ["read:accounts", "write:statuses"]
db = mysql.connector.connect(user=cfg['dbuser'], password=cfg['dbpass'], database=cfg['dbname']) db = mysql.connector.connect(user=cfg['dbuser'], password=cfg['dbpass'], database=cfg['dbname'])
c = db.cursor() c = db.cursor()
c.execute("CREATE TABLE IF NOT EXISTS `data` (username TINYTEXT NOT NULL, instance TINYTEXT NOT NULL, password TINYTEXT NOT NULL, avi TEXT NOT NULL, secret TINYTEXT NOT NULL, client_id TINYTEXT NOT NULL, client_secret TINYTEXT NOT NULL, cc TINYTEXT, latest_post TINYTEXT, latest_timestamp TIMESTAMP, time_between_checks INT)") # MariaDB [curiousgreg]> DESCRIBE data;
# +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
# | Field | Type | Null | Key | Default | Extra |
# +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
# | username | varchar(64) | NO | PRI | NULL | |
# | instance | varchar(128) | NO | PRI | NULL | |
# | password | tinytext | NO | | NULL | |
# | avi | text | NO | | NULL | |
# | secret | tinytext | NO | | NULL | |
# | client_id | varchar(128) | NO | | NULL | |
# | client_secret | tinytext | NO | | NULL | |
# | cc | tinytext | YES | | NULL | |
# | ccavi | varchar(128) | YES | | https://lynnesbian.space/res/ceres/cc.png | |
# | latest_post | tinytext | YES | | NULL | |
# | latest_timestamp | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
# | time_between_checks | int(11) | YES | | NULL | |
# +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
c.execute("CREATE TABLE IF NOT EXISTS `data` (username VARCHAR(64) NOT NULL, instance VARCHAR(128) NOT NULL, password TINYTEXT NOT NULL, avi TEXT NOT NULL, secret TINYTEXT NOT NULL, client_id VARCHAR(128) NOT NULL, client_secret TINYTEXT NOT NULL, cc TINYTEXT, ccavi VARCHAR(128) DEFAULT 'https://lynnesbian.space/res/ceres/cc.png', latest_post TINYTEXT, latest_timestamp TIMESTAMP, time_between_checks INT, PRIMARY KEY(username, instance))")
app = Flask(cfg['name']) app = Flask(cfg['name'])
app.secret_key = cfg['flask_key'] app.secret_key = cfg['flask_key']
@ -30,8 +47,29 @@ def main():
@app.route('/home') @app.route('/home')
def home(): def home():
if 'acct' in session: if 'acct' in session:
acct = session['acct'] if 'cc' not in session:
return render_template("home.html", acct=acct) session['cc'] = "None"
if session['cc'] == "None":
#every time home is rendered without cc being set
cc = c.execute("SELECT cc FROM `data` WHERE client_id LIKE ? AND instance LIKE ?", (session['client_id'], session['instance'])).fetchone()[0]
if cc != '':
session['cc'] = cc
if 'last_avi_update' not in session or session['last_avi_update'] + (24 * 60 * 60) < time.time():
#avatars haven't been updated for over 24 hours
# avis = c.execute("SELECT avi, ccavi FROM `data` WHERE client_id LIKE ?", (session['client_id'],)).fetchone()
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
session['avi'] = client.account_verify_credentials()['avatar']
if session['cc'] != None:
#update cc avi too
r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
j = r.json()
session['ccavi'] = j['userData']['avatar']
c.execute("UPDATE data SET avi = ?, ccavi = ? WHERE client_id LIKE ? AND instance LIKE ?", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
else:
c.execute("UPDATE data SET avi = ? WHERE client_id LIKE ? AND instance LIKE ?", (session['avi'], session['client_id'], session['instance']))
return render_template("home.html")
else: else:
return redirect(url_for('main')) return redirect(url_for('main'))
@ -54,18 +92,18 @@ def log_in():
@app.route('/internal/auth_a') @app.route('/internal/auth_a')
def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow
session['instance_url'] = request.args.get('instance', default='mastodon.social', type=str) session['instance'] = request.args.get('instance', default='mastodon.social', type=str)
if not session['instance_url'].startswith("https://"): if not session['instance'].startswith("https://"):
session['instance_url'] = "https://{}".format(session['instance_url']) session['instance'] = "https://{}".format(session['instance'])
session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'], session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'],
api_base_url=session['instance_url'], api_base_url=session['instance'],
scopes=scopes, scopes=scopes,
website=cfg['website'], website=cfg['website'],
redirect_uris=['https://cg.lynnesbian.space/internal/auth_b', 'http://localhost:5000/internal/auth_b'] redirect_uris=['https://cg.lynnesbian.space/internal/auth_b', 'http://localhost:5000/internal/auth_b']
) )
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url']) client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
url = client.auth_request_url(client_id=session['client_id'], redirect_uris='http://localhost:5000/internal/auth_b', scopes=scopes) url = client.auth_request_url(client_id=session['client_id'], redirect_uris='http://localhost:5000/internal/auth_b', scopes=scopes)
return redirect(url, code=307) return redirect(url, code=307)
@ -73,14 +111,16 @@ def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow
@app.route('/internal/auth_b') @app.route('/internal/auth_b')
def internal_auth_b(): def internal_auth_b():
#write details to DB #write details to DB
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url']) client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
session['secret'] = client.log_in(code = request.args.get('code'), scopes=scopes, redirect_uri='http://localhost:5000/internal/auth_b') session['secret'] = client.log_in(code = request.args.get('code'), scopes=scopes, redirect_uri='http://localhost:5000/internal/auth_b')
acct_info = client.account_verify_credentials() acct_info = client.account_verify_credentials()
session['username'] = acct_info['username'] session['username'] = acct_info['username']
session['avi'] = acct_info['avatar'] session['avi'] = acct_info['avatar']
session['acct'] = "@{}@{}".format(session['username'], session['instance_url'].replace("https://", "")) session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", ""))
if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance_url'])).fetchone()[0] > 0: if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance'])).fetchone()[0] > 0:
#user already has an account with CG #user already has an account with CG
#update the user's info to use the new info we just got, then redirect them to the login page
c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE ? AND instance LIKE ?", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
return redirect(url_for('log_in')) return redirect(url_for('log_in'))
else: else:
return redirect(url_for('home')) return redirect(url_for('home'))
@ -91,10 +131,15 @@ def do_login():
@app.route('/create_password') @app.route('/create_password')
def create_password(): def create_password():
return render_template("create_password.html") return render_template("create_password.html", bg = "\"background-image:url('{}')\"".format(session['avi']))
@app.route('/internal/create_account', methods=['POST']) @app.route('/internal/create_account', methods=['POST'])
def create_account(): def create_account():
pw = bcrypt.hashpw(request.form['pw'], bcrypt.gensalt(15)) pw_in = request.form['pw']
c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'], session['secret'], session['client_id'], session['client_secret'])) if len(pw_in < 6) or pw_in == 'password':
return redirect('/create_password?invalid')
pw_hashed = hashlib.sha256(pw_in.encode('utf-8'))
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15))
c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance'], session['secret'], session['client_id'], session['client_secret']))
db.commit() db.commit()
return redirect(url_for('home'))