diff --git a/src/app.py b/src/app.py index 4a5907574..a1836d0c7 100644 --- a/src/app.py +++ b/src/app.py @@ -1,22 +1,17 @@ -import os - -import base64 -from flask import Flask, request, send_from_directory -from flask import render_template, redirect +from flask import Flask from flask_cors import CORS -from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user +import config_provider +import routes +from audit_api import audit_api +from migration_api import migration_api from notes_api import notes_api -from sql import connect, getOption -from tree_api import tree_api +from notes_history_api import notes_history_api from notes_move_api import notes_move_api from password_api import password_api from settings_api import settings_api -from notes_history_api import notes_history_api -from audit_api import audit_api -from migration_api import migration_api, APP_DB_VERSION -import config_provider -import my_scrypt +from sql import connect, getOption +from tree_api import tree_api config = config_provider.getConfig() @@ -31,6 +26,7 @@ if not flask_secret_key: app = Flask(__name__) app.secret_key = flask_secret_key +app.register_blueprint(routes.routes) app.register_blueprint(tree_api) app.register_blueprint(notes_api) app.register_blueprint(notes_move_api) @@ -40,86 +36,15 @@ app.register_blueprint(notes_history_api) app.register_blueprint(audit_api) app.register_blueprint(migration_api) -class User(UserMixin): - pass +CORS(app) -@app.route('/login', methods=['GET']) -def login_form(): - return render_template('login.html') - -@app.route('/app', methods=['GET']) -@login_required -def show_app(): - db_version = int(getOption('db_version')) - - if db_version < APP_DB_VERSION: - return redirect('migration') - - return render_template('app.html') - -@app.route('/migration', methods=['GET']) -@login_required -def show_migration(): - return render_template('migration.html') - -@app.route('/logout', methods=['POST']) -@login_required -def logout(): - logout_user() - return redirect('login') - -user = User() -user.id = getOption('username') +routes.init(app) port = config['Network']['port'] https = config['Network']['https'] certPath = config['Network']['certPath'] certKeyPath = config['Network']['certKeyPath'] -def verify_password(guessed_password): - hashed_password = base64.b64decode(getOption('password_verification_hash')) - - guess_hashed = my_scrypt.getVerificationHash(guessed_password) - - return guess_hashed == hashed_password - -@app.route('/login', methods=['POST']) -def login_post(): - guessedPassword = request.form['password'].encode('utf-8') - - if request.form['username'] == user.id and verify_password(guessedPassword): - rememberMe = True if 'remember-me' in request.form else False - - login_user(user, remember=rememberMe) - - return redirect('app') - else: - return render_template('login.html', failedAuth=True) - -CORS(app) - -@app.route('/stat/') -def send_stc(path): - return send_from_directory(os.path.join(os.getcwd(), 'static'), path) - -login_manager = LoginManager() -login_manager.init_app(app) -login_manager.login_view = 'login_form' - -@login_manager.user_loader -def load_user(user_id): - if user_id == user.id: - return user - else: - return None - -@login_manager.unauthorized_handler -def unauthorized_handler(): - if request.path.startswith('/api'): - return 'Unauthorized', 401 - else: - return redirect('/login') - if __name__ == "__main__": ssl_context = None diff --git a/src/notes_history_api.py b/src/notes_history_api.py index 23b36ed56..063195e2f 100644 --- a/src/notes_history_api.py +++ b/src/notes_history_api.py @@ -1,16 +1,7 @@ -import base64 -import math -import random -import string -import time - from flask import Blueprint, jsonify -from flask import request from flask_login import login_required -from sql import delete -from sql import execute, insert, commit -from sql import getResults, getSingleResult +from sql import getResults notes_history_api = Blueprint('notes_history_api', __name__) diff --git a/src/routes.py b/src/routes.py new file mode 100644 index 000000000..1ef845915 --- /dev/null +++ b/src/routes.py @@ -0,0 +1,101 @@ +import base64 +import os + +from flask import render_template, redirect +from flask import request, send_from_directory, Blueprint +from flask_login import UserMixin, login_user, logout_user, LoginManager +from flask_login import login_required + +import my_scrypt +from migration_api import APP_DB_VERSION +from sql import getOption + + +class User(UserMixin): + pass + + +login_manager = LoginManager() +user = User() + + +def init(app): + login_manager.init_app(app) + login_manager.login_view = 'login_form' + + user.id = getOption('username') + + +routes = Blueprint('routes', __name__) + + +@routes.route('/login', methods=['GET']) +def login_form(): + return render_template('login.html') + + +@routes.route('/app', methods=['GET']) +@login_required +def show_app(): + db_version = int(getOption('db_version')) + + if db_version < APP_DB_VERSION: + return redirect('migration') + + return render_template('app.html') + + +@routes.route('/migration', methods=['GET']) +@login_required +def show_migration(): + return render_template('migration.html') + + +@routes.route('/logout', methods=['POST']) +@login_required +def logout(): + logout_user() + return redirect('login') + + +def verify_password(guessed_password): + hashed_password = base64.b64decode(getOption('password_verification_hash')) + + guess_hashed = my_scrypt.getVerificationHash(guessed_password) + + return guess_hashed == hashed_password + + +@routes.route('/login', methods=['POST']) +def login_post(): + guessedPassword = request.form['password'].encode('utf-8') + + if request.form['username'] == user.id and verify_password(guessedPassword): + rememberMe = True if 'remember-me' in request.form else False + + login_user(user, remember=rememberMe) + + return redirect('app') + else: + return render_template('login.html', failedAuth=True) + + +@routes.route('/stat/') +def send_stc(path): + return send_from_directory(os.path.join(os.getcwd(), 'static'), path) + + +@login_manager.user_loader +def load_user(user_id): + if user_id == user.id: + return user + else: + return None + + +@login_manager.unauthorized_handler +def unauthorized_handler(): + if request.path.startswith('/api'): + return 'Unauthorized', 401 + else: + return redirect('/login') \ No newline at end of file