Add alt_id to database for cookie management

update version
2024-12-28 18:36:21 +00:00 · 2023-04-03 22:28:12 +00:00 · 2023-04-03 22:28:12 +00:00 · af497b7da7
parent 4e50a66514
commit af497b7da7
9 changed files with 36 additions and 30 deletions
--- a/gallery/init.py
+++ b/gallery/init.py
@ -27,6 +27,7 @@ from gallery import db

 USER_DIR = platformdirs.user_config_dir('onlylegs')

+
 db_session = sessionmaker(bind=db.engine)
 db_session = db_session()
 login_manager = LoginManager()
@ -67,10 +68,16 @@ def create_app(test_config=None):

    login_manager.init_app(app)
    login_manager.login_view = 'gallery.index'
+    login_manager.session_protection = 'strong'

    @login_manager.user_loader
    def load_user(user_id):
-        return db_session.query(db.Users).filter_by(id=user_id).first()
+        return db_session.query(db.Users).filter_by(alt_id=user_id).first()
+
+    @login_manager.unauthorized_handler
+    def unauthorized():
+        return render_template('error.html', error=401,
+                               msg='You are not authorized to view this page!!!!'), 401

    # Load JS assets
    # TODO: disable caching for sass files as it makes it hard to work on when it is enabled
@ -83,9 +90,7 @@ def create_app(test_config=None):
    def error_page(err):  # noqa
        if not isinstance(err, HTTPException):
            abort(500)
-        return render_template('error.html',
-                               error=err.code,
-                               msg=err.description), err.code
+        return render_template('error.html', error=err.code, msg=err.description), err.code

    # Load login, registration and logout manager
    from gallery import auth
--- a/gallery/auth.py
+++ b/gallery/auth.py
@ -3,10 +3,11 @@ OnlyLegs - Authentication
 User registration, login and logout and locking access to pages behind a login
 """
 import re
+from uuid import uuid4
 import logging
 from datetime import datetime as dt

-from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify
+from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify, session
 from werkzeug.security import check_password_hash, generate_password_hash

 from flask_login import login_user, logout_user, login_required
@ -87,7 +88,7 @@ def register():
    if error:
        return jsonify(error)

-    register_user = db.Users(username=username, email=email,
+    register_user = db.Users(alt_id=str(uuid4()), username=username, email=email,
                             password=generate_password_hash(password, method='sha256'),
                             created_at=dt.utcnow())
    db_session.add(register_user)
--- a/gallery/db.py
+++ b/gallery/db.py
@ -27,7 +27,9 @@ class Users (base, UserMixin):  # pylint: disable=too-few-public-methods, C0103
    """
    __tablename__ = 'users'

+    # Gallery used information
    id = Column(Integer, primary_key=True)
+    alt_id = Column(String, unique=True, nullable=False)
    username = Column(String, unique=True, nullable=False)
    email = Column(String, unique=True, nullable=False)
    password = Column(String, nullable=False)
@ -35,9 +37,11 @@ class Users (base, UserMixin):  # pylint: disable=too-few-public-methods, C0103

    posts = relationship('Posts', backref='users')
    groups = relationship('Groups', backref='users')
-    session = relationship('Sessions', backref='users')
    log = relationship('Logs', backref='users')

+    def get_id(self):
+        return str(self.alt_id)
+

 class Posts (base):  # pylint: disable=too-few-public-methods, C0103
    """
@ -91,22 +95,6 @@ class GroupJunction (base):  # pylint: disable=too-few-public-methods, C0103
    post_id = Column(Integer, ForeignKey('posts.id'))


-class Sessions (base):  # pylint: disable=too-few-public-methods, C0103
-    """
-    Session table
-    Joins with user
-    """
-    __tablename__ = 'sessions'
-
-    id = Column(Integer, primary_key=True)
-    user_id = Column(Integer, ForeignKey('users.id'))
-    session_uuid = Column(String, nullable=False)
-    ip_address = Column(String, nullable=False)
-    user_agent = Column(String, nullable=False)
-    active = Column(Boolean, nullable=False)
-    created_at = Column(DateTime, nullable=False)
-
-
 class Logs (base):  # pylint: disable=too-few-public-methods, C0103
    """
    Log table
--- a/gallery/static/js/pre/main.js
+++ b/gallery/static/js/pre/main.js
@ -65,7 +65,7 @@ window.onload = function () {
                      'Using <a href="https://phosphoricons.com/">Phosphoricons</a> and ' +
                      '<a href="https://www.gent.media/manrope">Manrope</a> <br>' +
                      'Made by Fluffy and others with ❤️ <br>' +
-                      '<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.02</a>');
+                      '<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.03</a>');
        }
    }
 };
--- a/gallery/templates/layout.html
+++ b/gallery/templates/layout.html
@ -26,17 +26,23 @@
        media="(prefers-color-scheme: dark)"/>

    {% assets "js_pre" %}
-    <script type="text/javascript" src="{{ ASSET_URL }}"></script>
+        <script type="text/javascript" src="{{ ASSET_URL }}"></script>
    {% endassets %}
    
    {% assets "js_post" %}
-    <script type="text/javascript" src="{{ ASSET_URL }}" defer></script>
+        <script type="text/javascript" src="{{ ASSET_URL }}" defer></script>
    {% endassets %}

    {% assets "styles" %}
-    <link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer>
+        <link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer>
    {% endassets %}

+    <style>
+        #modifyGroup {
+            padding: 0.5rem;
+        }
+    </style>
+
    {% block head %}{% endblock %}
 </head>
 <body>
--- a/gallery/templates/settings/account.html
+++ b/gallery/templates/settings/account.html
@ -4,4 +4,10 @@
 {% block settings_content %}
    <h2>Account</h2>
    <a href="{{ url_for( 'auth.logout' ) }}">Logout</a>
+    <p>Is session fresh?</p>
+    {% if fresh %}
+        <p>Yes</p>
+    {% else %}
+        <p>No</p>
+    {% endif %}
 {% endblock %}
--- a/gallery/views/settings.py
+++ b/gallery/views/settings.py
@ -2,7 +2,7 @@
 OnlyLegs - Settings page
 """
 from flask import Blueprint, render_template
-from flask_login import login_required
+from flask_login import login_required, current_user

 blueprint = Blueprint('settings', __name__, url_prefix='/settings')

--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,6 +1,6 @@
 [tool.poetry]
 name = "onlylegs"
-version = "23.04.02"
+version = "23.04.03"
 description = "Gallery built for fast and simple image management"
 authors = ["Fluffy-Bean <michal-gdula@protonmail.com>"]
 license = "MIT"
--- a/run.py
+++ b/run.py
@ -14,7 +14,7 @@ print("""
 #+#    #+# #+#   #+#+# #+#        #+#    #+#        #+#       #+#    #+# #+#    #+#
 ########  ###    #### ########## ###    ########## ######### #########   ########

-                     Created by Fluffy Bean - Version 23.04.02
+                     Created by Fluffy Bean - Version 23.04.03
 """)