-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
192 lines (163 loc) · 5.31 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
from flask import Flask, request, render_template, session
from flask import redirect, make_response, jsonify
from functools import wraps
import os
from flask_restful import Resource, Api
from flask_jwt_extended import create_access_token
from flask_jwt_extended import jwt_required, verify_jwt_in_request
from flask_jwt_extended import JWTManager, get_jwt_identity, get_jwt
from flask_jwt_extended import set_access_cookies
app = Flask(__name__)
app.config["JWT_SECRET_KEY"] = "secretkey"
app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
app.config["JWT_COOKIE_SECURE"] = False
jwt = JWTManager(app)
jwt.init_app(app)
app = Flask(__name__)
app.secret_key = "secretkey"
app.config["UPLOADED_PHOTOS_DEST"] = "static"
app.config["JWT_SECRET_KEY"] = "secretkey"
app.config["JWT_TOKEN_LOCATION"] = ["cookies"]
app.config["JWT_COOKIE_SECURE"] = False
app.config["JWT_COOKIE_CSRF_PROTECT"] = False
jwt = JWTManager(app)
jwt.init_app(app)
books = [
{
"id": 1,
"author": "Eric Reis",
"country": "USA",
"language": "English",
"title": "Lean Startup",
"year": 2011,
},
{
"id": 2,
"author": "Mark Schwartz",
"country": "USA",
"language": "English",
"title": "A Seat at the Table",
"year": 2017,
},
{
"id": 3,
"author": "James Womak",
"country": "USA",
"language": "English",
"title": "Lean Thinking",
"year": 1996,
},
{
"id": 4,
"author": "Peter Heller",
"country": "USA",
"language": "English",
"title": "The Dog Stars",
"year": 2012,
},
{
"id": 5,
"author": "Peter Heller",
"country": "USA",
"language": "English",
"title": "The River",
"year": 2019,
}
]
users = [
{"username": "testuser", "password": "testuser", "role": "admin"},
{"username": "John", "password": "John", "role": "reader"},
{"username": "Anne", "password": "Anne", "role": "admin"},
{"username": "Sean", "password": "Sean", "role": "admin"},
{"username": "Nicole", "password": "Nicole", "role": "reader"}
]
def admin_required(fn):
@wraps(fn)
def wrapper(*args, **kwargs):
verify_jwt_in_request()
claims = get_jwt()
# print(claims)
# print(claims['fresh']['role'])
# return fn(*args, **kwargs)
if claims['fresh']['role'] != 'admin':
return jsonify(msg='Admins only!'), 403
else:
return fn(*args, **kwargs)
return wrapper
def checkUser(username, password):
for user in users:
if username in user["username"] and password in user["password"]:
return {"username": user["username"], "role": user["role"]}
return None
@app.route("/", methods=["GET"])
def firstRoute():
return render_template("register.html")
@app.route("/login", methods=["GET", "POST"])
def login():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
validUser = checkUser(username, password)
if validUser != None:
# set JWT token
user_claims = {"role": validUser["role"]}
print(user_claims)
access_token = create_access_token(
username, user_claims)
response = make_response(
render_template(
"index.html", title="books", username=username, books=books
)
)
response.status_code = 200
# add jwt-token to response headers
# response.headers.extend({"jwt-token": access_token})
set_access_cookies(response, access_token)
return response
return render_template("register.html")
@app.route("/logout")
def logout():
# invalidate the JWT token
return "Logged Out of Books"
@app.route("/books", methods=["GET"])
@jwt_required()
def getBooks():
try:
username = get_jwt_identity()
return render_template('books.html', username=username, books=books)
except:
return render_template("register.html")
@app.route("/addbook", methods=["GET", "POST"])
@jwt_required()
@admin_required
def addBook():
username = get_jwt_identity()
if request.method == "GET":
return render_template("addBook.html", username=username)
if request.method == "POST":
# expects pure json with quotes everywheree
author = request.form.get("author")
title = request.form.get("title")
newbook = {"author": author, "title": title}
books.append(newbook)
return render_template(
"books.html", books=books, username=username, title="books"
)
else:
return 400
@app.route("/addimage", methods=["GET", "POST"])
@jwt_required()
@admin_required
def addimage():
if request.method == "GET":
return render_template("addimage.html")
elif request.method == "POST":
image = request.files["image"]
id = request.form.get("number") # use id to number the image
imagename = "image" + id + ".png"
image.save(os.path.join(app.config["UPLOADED_PHOTOS_DEST"], imagename))
print(image.filename)
return "image loaded"
return "all done"
if __name__ == "__main__":
app.run(debug=True, host="0.0.0.0", port=5000)