def topic_edit(topic_id):
topic = db.query(Topic).get(int(topic_id))
if request.method == "GET":
return render_template("topic/topic_edit.html", topic=topic)
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
elif topic.author.id != user.id:
return "Nie jestes autorem posta!!!"
else:
topic.title = title
topic.text = text
db.add(topic)
db.commit()
return redirect(
url_for('topic.topic_details', topic=topic, topic_id=topic_id))
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id))
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
return render_template("topic_details.html", topic=topic, user=user)
def index():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
topics = db.query(Topic).all()
return render_template("topic/index.html", user=user, topics=topics)
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id))
if os.getenv('REDIS_URL'):
get_random_num
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
comments = db.query(Comment).filter_by(topic=topic).all()
return render_template("topic/topic_details.html",
topic=topic,
user=user,
csrf_token=create_csrf_token(user.username),
comments=comments)
def topic_create():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
if request.method == "GET":
csrf_token = create_csrf_token(user.username)
return render_template("topic/topic_create.html",
user=user,
csrf_token=csrf_token)
elif request.method == "POST":
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
title = request.form.get("title")
text = request.form.get("text")
topic = Topic.create(title=title, text=text, author=user)
print(topic)
return redirect(url_for('topic.index'))
else:
return "CSRF token is not valid!"
def login():
if request.method == "GET":
return render_template("auth/login.html")
elif request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
user = db.query(User).filter_by(username=username).first()
if not user:
return "Bledne haslo lub nazwa uzytkownika"
else:
password_hash = hashlib.sha256(password.encode()).hexdigest()
if password_hash == user.password_hash:
user.session_token = str(uuid.uuid4())
db.add(user)
db.commit()
response = make_response(redirect(url_for('topic.index')))
response.set_cookie("session_token",
user.session_token,
httponly=True,
samesite='Strict')
return response
else:
return "Bledne haslo lub nazwa uzytkownika"
def comment_create(topic_id):
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
text = request.form.get("text")
topic = db.query(Topic).get(int(topic_id))
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username)))
else:
return "CSRF token jest bledny!!!"
def topic_delete(topic_id):
topic = db.query(Topic).get(int(topic_id))
if request.method == "GET":
return render_template("topic/topic_delete.html", topic=topic)
elif request.method == "POST":
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
elif topic.author.id != user.id:
return "Nie jestes autorem!!!"
else:
db.delete(topic)
db.commit()
return redirect(url_for('topic.index'))
def topic_create():
if request.method == "GET":
return render_template("topic_create.html")
elif request.method == "POST":
title = request.form.get("title")
text = request.form.get("text")
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('login'))
topic = Topic.create(title=title, text=text, author=user)
print(topic)
return redirect(url_for('index'))