def topic_edit(topic_id):
topic = db.query(Topic).get(int(topic_id))
if request.method == "GET":
return render_template("topic_edit.html", topic=topic)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# check if user is logged in and user is author
if not user:
return redirect(url_for('login'))
elif topic.author.id != user.id:
return "You are not the author!"
else:
# update the topic fields
topic.title = title
topic.text = text
db.add(topic)
db.commit()
return redirect(url_for('topic_details', topic_id=topic_id))
def comment_edit(comment_id):
comment = db.query(Comment).get(
int(comment_id)) # get comment from db by ID
# get current user
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# check if user is logged in and user is author
if not user:
redirect(url_for("auth/login"))
elif comment.author.id != user.id:
return "You are not an author"
if request.method == "GET":
return render_template("topics/comment_edit.html", comment=comment)
# POST request
elif request.method == "POST":
text = request.form.get("text")
comment.text = text
db.add(comment)
db.commit()
return redirect(
url_for('topic.topic_details', topic_id=comment.topic.id))
def card_edit(card_id):
card = db.query(Card).get(int(card_id)) # get card from db by ID
if request.method == "GET":
return render_template("card/card_edit.html", card=card)
elif request.method == "POST":
bauhjahr = request.form.get("baujahr")
maschinennummer = request.form.get("maschinennummer")
standort = request.form.get("standort")
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# check if user is logged in and user is author
if not user:
return redirect(url_for('auth.login'))
elif card.author.id != user.id:
return "You are not the author!"
else:
# update the card fields
card.baujahr = bauhjahr
card.maschinennummer = maschinennummer
card.standort = standort
db.add(card)
db.commit()
return redirect(url_for('card/card.card_details', card_id=card_id))
def comment_edit(comment_id):
comment = db.query(Comment).get(int(comment_id)) # get comment from db by ID
# get current user
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token, verified=True).first()
# check if user logged in & if user is author
if not user:
return redirect(url_for('auth.login'))
elif comment.author.id != user.id:
return "You can only edit your own comments!"
# GET request
if request.method == "GET":
csrf_token = create_csrf_token(username=user.username)
return render_template("comment/comment_edit.html", comment=comment, csrf_token=csrf_token)
# POST request
elif request.method == "POST":
text = request.form.get("text")
# check CSRF tokens
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
# if it validates, edit the comment
comment.text = text
db.add(comment)
db.commit()
return redirect(url_for('topic.topic_details', topic_id=comment.topic.id))
else:
return "CSRF error: tokens don't match!"
def comment_delete(comment_id):
comment = db.query(Comment).get(int(comment_id)) # get comment from db by ID
# get current user
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token, verified=True).first()
# check if user logged in & if user is author
if not user:
return redirect(url_for('auth.login'))
elif comment.author.id != user.id:
return "You can only delete your own comments!"
# check CSRF tokens
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
# if it validates, delete the comment
topic_id = comment.topic.id # save the topic ID in a variable before you delete the comment
db.delete(comment)
db.commit()
return redirect(url_for('topic.topic_details', topic_id=topic_id))
else:
return "CSRF error: tokens don't match!"
def login():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if user:
return redirect(url_for('tasks'))
if request.method == "GET":
return render_template("signin.html")
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
password_hash = hashlib.sha256(password.encode()).hexdigest()
user = db.query(User).filter_by(username=username).first()
if not user:
return "This user does not exist"
else:
if password_hash == user.password_hash:
user.session_token = str(uuid.uuid4())
db.add(user)
db.commit()
response = make_response(redirect(url_for('tasks')))
response.set_cookie("session_token",
user.session_token,
httponly=True,
samesite='Strict')
return response
else:
return "password incorect"
def add_task():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
img = db.query(Image).filter_by(author_id=user.id).first()
tasks = db.query(Task).filter_by(author_id=user.id).all()
if not user:
return render_template("index.html")
if request.method == "GET":
return render_template("addtask.html", img=img, user=user)
if request.method == "POST":
text = request.form.get("text")
notification = len(tasks)
full_date = request.form.get("date")
datee = datetime.strptime(full_date, "%Y-%m-%d")
task_date = str(datee.day) + "." + " " + str(datee.month) + "."
name_day = date.weekday(datetime.strptime(full_date, "%Y-%m-%d"))
day = dayNameFromWeekday(name_day)
Task.create(text=text,
author=user,
day=day,
task_date=task_date,
full_date=full_date)
return redirect(url_for('tasks', notification=notification))
def task_delete(task_id):
task = db.query(Task).get(int(task_id))
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if request.method == "GET":
return "helo"
if not user:
return redirect(url_for('login'))
if request.form['action'] == 'delete':
task_id = task.id
db.delete(task)
db.commit()
if request.form['action'] == 'completed':
user.completed += 1
db.commit()
task_id = task.id
db.delete(task)
db.commit()
return redirect(url_for('tasks', task_id=task_id))
def new_topics_email():
print("Cron job: New topics daily email")
# find all topics created in the last 24 hours
yesterday_topics = db.query(Topic).filter(
Topic.created > (datetime.datetime.now() -
datetime.timedelta(days=1))).all()
print(yesterday_topics)
# if no topics, finish the task without sending the email
if not yesterday_topics:
print("No new topics created yesterday, so no email will be sent.")
else:
# create an email message
message = "Topics created yesterday:\n"
for topic in yesterday_topics:
message += "- {0}\n".format(
topic.title) # add every new topic title in the email message
print(message) # print message in the console
users = db.query(User).all() # get all users from the database
for user in users:
if user.email_address: # if user has email address, send her/him an email
send_email(receiver_email=user.email_address,
subject="See new topics at Ninja Tech Forum",
text=message)
def my_profile():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
img = db.query(Image).filter_by(author_id=user.id).first()
tasks = db.query(Task).filter_by(author_id=user.id).all()
if not user:
return redirect(url_for("index"))
notification = len(tasks)
today = date.today()
this_week_count = 0
for tsk in tasks:
if datetime.strptime(
tsk.full_date,
"%Y-%m-%d").isocalendar()[1] == today.isocalendar()[1]:
this_week_count = this_week_count + 1
return render_template("myProfile.html",
user=user,
img=img,
this_week_count=this_week_count,
notification=notification)
def comment_create(topic_id):
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
text = request.form.get("text")
topic = db.query(Topic).get(int(topic_id))
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(
url_for('topic.topic_details',
topic_id=topic_id,
csrf_token=create_csrf_token(user.username)))
else:
return "CSRF Token ist not valid"
#Handler comment_edit
#Handler comment_delete
def topic_edit(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
if request.method == "GET":
return render_template("topic/topic_edit.html", topic=topic)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# check if user is logged in and user is author
if not user:
return redirect(url_for('auth.login'))
elif topic.author.id != user.id:
return "You are not the author!"
else:
# update the topic fields
topic.title = title
topic.text = text
db.add(topic)
db.commit()
# START test background tasks (TODO: delete this code later)
if os.getenv('REDIS_URL'):
from tasks import get_random_num
get_random_num()
# END test background tasks
return redirect(url_for('topic/topic.topic_details', topic_id=topic_id))
def index():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
topics = db.query(Topic).all()
return render_template("topic/index.html", user=user, topics=topics)
def comment_create(topic_id):
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
text = request.form.get("text")
topic = db.query(Topic).get(int(topic_id))
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username)))
else:
return "CSRF Token ist not valid"
@classmethod
def create(cls, text, author, topic):
comment = cls(text=text, author=author, topic=topic)
db.add(comment)
db.commit()
# only send of topic author has her/his email in the database
if topic.author.email_address:
send_email(receiver_email=topic.author.email_address, subject="New comment for your topic!",
text="Your topic {} has a new comment.".format(topic.title))
return comment
def comment_create(topic_id):
# get current user (comment author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a comment
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf") # csrf from HTML
if validate_csrf(csrf, user.username):
text = request.form.get("text")
# query the topic object from the database
topic = db.query(Topic).get(int(topic_id))
# create a Comment object
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(
url_for('topic.topic_details',
topic_id=topic_id,
csrf_token=create_csrf_token(user.username)))
else:
return "CSRF token is not valid!"
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id))
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
return render_template("topic_details.html", topic=topic, user=user)
def index():
session_token = request.cookies.get("session_token")
if session_token:
user = db.query(User).filter_by(session_token=session_token).first()
topics = db.query(Topic).all()
return render_template("index.html", user=user, topics=topics)
else:
return redirect(url_for("signup"))
def index():
# check if user is authenticated based on session_token
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# get all topics from db
topics = db.query(Topic).all()
return render_template("topics/index.html", user=user, topics=topics)
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
comments = db.query(Comment).filter_by(topic=topic).all()
return render_template("topic/topic_details.html", topic=topic, user=user, csrf_token=create_csrf_token(user.username), comments=comments)
def card_details(card_id):
card = db.query(Card).get(int(card_id)) # get card from db by ID
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
machine = db.query(Machine).filter_by(
name=name).all() #Verbindung zwischen machine und card db herstellen
return render_template("card/card_details.html",
card=card,
user=user,
csrf_token=create_csrf_token(user.email_adresse),
machine=machine)
def topic_create():
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a topic
if not user:
return redirect(url_for('auth.login'))
if request.method == "GET":
csrf_token = create_csrf_token(user.username)
return render_template("topic/topic_create.html",
user=user,
csrf_token=csrf_token)
elif request.method == "POST":
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
title = request.form.get("title")
text = request.form.get("text")
# create a Topic object
topic = Topic.create(title=title, text=text, author=user)
return redirect(url_for('topic.index'))
else:
return "CSRF token is not valid!"
def login():
if request.method == "GET":
return render_template("auth/login.html")
elif request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
password_hash = hashlib.sha256(password.encode()).hexdigest()
user = db.query(User).filter_by(username=username).first()
if not user:
return "This user does not exist"
else:
if password_hash == user.password_hash:
user.session_token = str(uuid.uuid4(
)) # if password hashes match, create a session token
db.add(user)
db.commit()
# save user's session token into a cookie
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token",
user.session_token,
httponly=True,
samesite='Strict')
return response
else:
return "Your password is incorrect!"
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
comments = db.query(Comment).filter_by(topic=topic).all()
# START test background tasks (TODO: delete this code later)
if os.getenv('REDIS_URL'):
from tasks import get_random_num
get_random_num()
# END test background tasks
return render_template("topic/topic_details.html", topic=topic, user=user, csrf_token=create_csrf_token(user.username), comments=comments)
def get_all_bitts(cls):
bitts = db.query(cls).order_by(desc(
cls.created)).all() # get all bitts from the database
if not bitts:
# some pre-made bitts (you can delete them)
bitt1 = cls(username="******",
text="I'm fine. Thanks for not asking.")
db.add(bitt1)
bitt2 = cls(
username="******",
text="Sometimes you have to unfollow people in real life.")
db.add(bitt2)
bitt3 = cls(username="******",
text="I hope karma slaps you in the face before I do.")
db.add(bitt3)
db.commit()
bitts.append(bitt1)
bitts.append(bitt2)
bitts.append(bitt3)
return bitts
def get_by_session(cls):
session_token = request.cookies.get("session_token")
if not session_token:
return None
user = db.query(User).filter_by(session_token=session_token).first()
return user
def signup():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if user:
return redirect(url_for('tasks'))
if request.method == "GET":
return render_template("signup.html")
if request.method == "POST":
username = request.form.get("username")
email = request.form.get("email")
password = request.form.get("password")
repeat = request.form.get("repeat")
if password != repeat:
return "Passwords don't match! Go back try again"
password_hash = hashlib.sha256(password.encode()).hexdigest()
user = User.create(username=username,
password_hash=password_hash,
email=email)
response = make_response(redirect(url_for('tasks')))
response.set_cookie("session_token",
user.session_token,
httponly=True,
samesite='Strict')
return response
def topic_edit(topic_id):
topic = db.query(Topic).get(int(topic_id))
if request.method == "GET":
return render_template("topics/topic_edit.html", topic=topic)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
user = user_from_session_token()
# check if user is logged in and user is author
if not user:
redirect(url_for("auth/login"))
elif topic.author_id != user.id:
return "You are not an author"
else:
# update the topic fields
topic.title = title
topic.text = text
db.add(topic)
db.commit()
return redirect(url_for('topic.topic_details', topic_id=topic_id))
def login():
if request.method == "GET":
return render_template("auth/login.html")
elif request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
# get password hash out of password
password_hash = hashlib.sha256(password.encode()).hexdigest()
# get user from database by her/his username and password
user = db.query(User).filter_by(username=username).first()
if not user:
return "This user does not exist"
else:
# if user exists, check if password hashes match
if password_hash == user.password_hash:
user.session_token = str(uuid.uuid4(
)) # if password hashes match, create a session token
db.add(user)
db.commit()
# save user's session token into a cookie
response = make_response(redirect(url_for('topic.index')))
response.set_cookie(
"session_token", user.session_token
) # you might want to set httponly=True on production
return response
else:
return "Your password is incorrect!"
def topic_create():
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a topic
if not user:
return redirect(url_for('login'))
if request.method == "GET":
csrf_token = str(uuid.uuid4()) # create CSRF token
redis.set(name=csrf_token, value=user.username
) # store CSRF token into Redis for that specific user
return render_template("topic_create.html",
user=user,
csrf_token=csrf_token)
elif request.method == "POST":
csrf = request.form.get("csrf") # csrf from HTML
redis_csrf_username = redis.get(name=csrf).decode(
) # username value stored under the csrf name from redis
if redis_csrf_username and redis_csrf_username == user.username: # if they match, allow user to create a topic
title = request.form.get("title")
text = request.form.get("text")
# create a Topic object
topic = Topic.create(title=title, text=text, author=user)
return redirect(url_for('index'))
else:
return "CSRF token is not valid!"
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id))
user = user_from_session_token()
comments = db.query(Comment).filter_by(topic=topic).all()
# START test background tasks (TODO: delete this code later)
if os.getenv('REDIS_URL'):
from task import get_random_num
get_random_num()
# END test background tasks €wsee¸dx;:
return render_template("topics/topic_details.html",
topic=topic,
user=user,
csrf_token=create_csrf_token(user.username),
comments=comments)