royalnet/webserver.py

from flask import Flask, render_template, request, abort, redirect, url_for
from flask import session as fl_session
import db
import bcrypt
import configparser

app = Flask(__name__)

app.jinja_env.trim_blocks = True
app.jinja_env.lstrip_blocks = True

config = configparser.ConfigParser()
config.read("config.ini")

app.secret_key = config["Flask"]["secret_key"]


@app.route("/")
def page_main():
    if fl_session.get("user_id"):
        db_session = db.Session()
        royals = db_session.query(db.Royal).all()
        db_session.close()
        return render_template("main.html", royals=royals)
    return redirect(url_for("page_login"))


@app.route("/profile/<name>")
def page_profile(name: str):
    db_session = db.Session()
    user = db_session.query(db.Royal).filter_by(username=name).one_or_none()
    if user is None:
        db_session.close()
        abort(404)
        return
    css = db_session.query(db.CustomCSS).filter_by(royal=user).one_or_none()
    steam = db_session.query(db.Steam).filter_by(royal=user).one_or_none()
    osu = db_session.query(db.Osu).filter_by(royal=user).one_or_none()
    rl = db_session.query(db.RocketLeague).join(db.Steam).filter_by(royal=user).one_or_none()
    dota = db_session.query(db.Dota).join(db.Steam).filter_by(royal=user).one_or_none()
    lol = db_session.query(db.LeagueOfLegends).filter_by(royal=user).one_or_none()
    ow = db_session.query(db.Overwatch).filter_by(royal=user).one_or_none()
    db_session.close()
    return render_template("profile.html", royal=user, css=css, osu=osu, rl=rl, dota=dota, lol=lol, steam=steam, ow=ow)


@app.route("/login")
def page_login():
    return render_template("login.html")


@app.route("/loggedin", methods=["POST"])
def page_loggedin():
    username = request.form.get("username", "")
    password = request.form.get("password", "")
    db_session = db.Session()
    user = db_session.query(db.Royal).filter_by(username=username).one_or_none()
    db_session.close()
    if user is None:
        abort(403)
        return
    if user.password is None:
        fl_session["user_id"] = user.id
        return redirect(url_for("page_password"))
    if bcrypt.checkpw(bytes(password, encoding="utf8"), user.password):
        fl_session["user_id"] = user.id
        return redirect(url_for("page_main"))
    else:
        abort(403)
        return


@app.route("/password", methods=["GET", "POST"])
def page_password():
    user_id = fl_session.get("user_id")
    if request.method == "GET":
        if user_id is None:
            abort(403)
            return
        return render_template("password.html")
    elif request.method == "POST":
        new_password = request.form.get("new", "")
        db_session = db.Session()
        user = db_session.query(db.Royal).filter_by(id=user_id).one()
        if user.password is None:
            user.password = bcrypt.hashpw(bytes(new_password, encoding="utf8"), bcrypt.gensalt())
            db_session.commit()
            db_session.close()
            return redirect(url_for("page_main"))
        else:
            db_session.close()
            abort(403)
            return


@app.route("/setcss", methods=["GET", "POST"])
def page_setcss():
    user_id = fl_session.get("user_id")
    db_session = db.Session()
    ccss = db_session.query(db.CustomCSS).filter_by(royal_id=user_id).one_or_none()
    if request.method == "GET":
        db_session.close()
        if user_id is None:
            abort(403)
            return
        return render_template("setcss.html", css=ccss.css)
    elif request.method == "POST":
        if user_id is None:
            abort(403)
            return
        css = request.form.get("css", "")
        if "</style" in css:
            abort(400)
            return
        if ccss is None:
            ccss = db.CustomCSS(royal_id=user_id, css=css)
            db_session.add(ccss)
        else:
            ccss.css = request.form.get("css", "")
        db_session.commit()
        royal = db_session.query(db.Royal).filter_by(id=user_id).one()
        db_session.close()
        return redirect(url_for("page_profile", name=royal.username))


if __name__ == "__main__":
    try:
        app.run(host="0.0.0.0", port=1234, debug=__debug__)
    except KeyboardInterrupt:
        pass
some web stuff 2018-05-07 10:51:24 +00:00			`from flask import Flask, render_template, request, abort, redirect, url_for`
			`from flask import session as fl_session`
			`import db`
			`import bcrypt`
			`import configparser`
robe! 2017-10-25 09:09:06 +00:00
			`app = Flask(__name__)`

			`app.jinja_env.trim_blocks = True`
			`app.jinja_env.lstrip_blocks = True`

some web stuff 2018-05-07 10:51:24 +00:00			`config = configparser.ConfigParser()`
			`config.read("config.ini")`

			`app.secret_key = config["Flask"]["secret_key"]`

a lot of stuff 2018-03-12 12:29:12 +00:00
ho regalato undertale al papa 2018-01-25 14:24:17 +00:00			`@app.route("/")`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`def page_main():`
More updates 2018-06-05 10:31:11 +00:00			`if fl_session.get("user_id"):`
			`db_session = db.Session()`
			`royals = db_session.query(db.Royal).all()`
			`db_session.close()`
			`return render_template("main.html", royals=royals)`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`return redirect(url_for("page_login"))`
Stuff 2018-02-02 10:46:27 +00:00
wow it works?!? 2017-11-07 17:44:00 +00:00
Add profiles and osu! mini 2018-06-04 09:58:27 +00:00			`@app.route("/profile/<name>")`
			`def page_profile(name: str):`
			`db_session = db.Session()`
			`user = db_session.query(db.Royal).filter_by(username=name).one_or_none()`
			`if user is None:`
			`db_session.close()`
			`abort(404)`
			`return`
More updates 2018-06-05 10:31:11 +00:00			`css = db_session.query(db.CustomCSS).filter_by(royal=user).one_or_none()`
New profile stuff 2018-06-05 08:34:59 +00:00			`steam = db_session.query(db.Steam).filter_by(royal=user).one_or_none()`
Add profiles and osu! mini 2018-06-04 09:58:27 +00:00			`osu = db_session.query(db.Osu).filter_by(royal=user).one_or_none()`
è il momento di giocare a worms 2018-06-04 11:13:59 +00:00			`rl = db_session.query(db.RocketLeague).join(db.Steam).filter_by(royal=user).one_or_none()`
Add dota mini 2018-06-04 16:08:18 +00:00			`dota = db_session.query(db.Dota).join(db.Steam).filter_by(royal=user).one_or_none()`
Add lol mini, more stuff 2018-06-04 20:54:12 +00:00			`lol = db_session.query(db.LeagueOfLegends).filter_by(royal=user).one_or_none()`
Cose che mi sono dimenticato sul portatile 2018-06-07 09:47:04 +00:00			`ow = db_session.query(db.Overwatch).filter_by(royal=user).one_or_none()`
Add lol mini, more stuff 2018-06-04 20:54:12 +00:00			`db_session.close()`
Cose che mi sono dimenticato sul portatile 2018-06-07 09:47:04 +00:00			`return render_template("profile.html", royal=user, css=css, osu=osu, rl=rl, dota=dota, lol=lol, steam=steam, ow=ow)`
Add profiles and osu! mini 2018-06-04 09:58:27 +00:00

some web stuff 2018-05-07 10:51:24 +00:00			`@app.route("/login")`
			`def page_login():`
			`return render_template("login.html")`


Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`@app.route("/loggedin", methods=["POST"])`
some web stuff 2018-05-07 10:51:24 +00:00			`def page_loggedin():`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`username = request.form.get("username", "")`
			`password = request.form.get("password", "")`
			`db_session = db.Session()`
			`user = db_session.query(db.Royal).filter_by(username=username).one_or_none()`
			`db_session.close()`
			`if user is None:`
			`abort(403)`
			`return`
			`if user.password is None:`
More updates 2018-06-05 10:31:11 +00:00			`fl_session["user_id"] = user.id`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`return redirect(url_for("page_password"))`
			`if bcrypt.checkpw(bytes(password, encoding="utf8"), user.password):`
More updates 2018-06-05 10:31:11 +00:00			`fl_session["user_id"] = user.id`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`return redirect(url_for("page_main"))`
			`else:`
			`abort(403)`
			`return`
some web stuff 2018-05-07 10:51:24 +00:00

			`@app.route("/password", methods=["GET", "POST"])`
			`def page_password():`
More updates 2018-06-05 10:31:11 +00:00			`user_id = fl_session.get("user_id")`
some web stuff 2018-05-07 10:51:24 +00:00			`if request.method == "GET":`
More updates 2018-06-05 10:31:11 +00:00			`if user_id is None:`
some web stuff 2018-05-07 10:51:24 +00:00			`abort(403)`
			`return`
			`return render_template("password.html")`
			`elif request.method == "POST":`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`new_password = request.form.get("new", "")`
some web stuff 2018-05-07 10:51:24 +00:00			`db_session = db.Session()`
More updates 2018-06-05 10:31:11 +00:00			`user = db_session.query(db.Royal).filter_by(id=user_id).one()`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`if user.password is None:`
some web stuff 2018-05-07 10:51:24 +00:00			`user.password = bcrypt.hashpw(bytes(new_password, encoding="utf8"), bcrypt.gensalt())`
			`db_session.commit()`
			`db_session.close()`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`return redirect(url_for("page_main"))`
some web stuff 2018-05-07 10:51:24 +00:00			`else:`
			`db_session.close()`
			`abort(403)`
Costruita centrale nucleare 2018-06-01 11:45:45 +00:00			`return`


More updates 2018-06-05 10:31:11 +00:00			`@app.route("/setcss", methods=["GET", "POST"])`
			`def page_setcss():`
			`user_id = fl_session.get("user_id")`
			`db_session = db.Session()`
			`ccss = db_session.query(db.CustomCSS).filter_by(royal_id=user_id).one_or_none()`
			`if request.method == "GET":`
			`db_session.close()`
			`if user_id is None:`
			`abort(403)`
			`return`
			`return render_template("setcss.html", css=ccss.css)`
			`elif request.method == "POST":`
			`if user_id is None:`
			`abort(403)`
			`return`
do not escape css 2018-06-05 13:11:58 +00:00			`css = request.form.get("css", "")`
Prevent injections 2018-06-07 09:59:15 +00:00			`if "</style" in css:`
do not escape css 2018-06-05 13:11:58 +00:00			`abort(400)`
			`return`
More updates 2018-06-05 10:31:11 +00:00			`if ccss is None:`
do not escape css 2018-06-05 13:11:58 +00:00			`ccss = db.CustomCSS(royal_id=user_id, css=css)`
More updates 2018-06-05 10:31:11 +00:00			`db_session.add(ccss)`
			`else:`
			`ccss.css = request.form.get("css", "")`
			`db_session.commit()`
			`royal = db_session.query(db.Royal).filter_by(id=user_id).one()`
			`db_session.close()`
			`return redirect(url_for("page_profile", name=royal.username))`


robe! 2017-10-25 09:09:06 +00:00			`if __name__ == "__main__":`
get_or_create -> create 2017-10-27 09:53:05 +00:00			`try:`
asdfasdfasfdaf 2018-05-26 08:50:54 +00:00			`app.run(host="0.0.0.0", port=1234, debug=__debug__)`
get_or_create -> create 2017-10-27 09:53:05 +00:00			`except KeyboardInterrupt:`
No debug 2018-01-25 14:29:38 +00:00			`pass`