From af497b7da713f0a915211c07a622d15d8dd69d2b Mon Sep 17 00:00:00 2001
From: Fluffy-Bean <michal-gdula@protonmail.com>
Date: Mon, 3 Apr 2023 22:28:12 +0000
Subject: [PATCH] Add alt_id to database for cookie management update version

---
 gallery/__init__.py                     | 13 +++++++++----
 gallery/auth.py                         |  5 +++--
 gallery/db.py                           | 22 +++++-----------------
 gallery/static/js/pre/main.js           |  2 +-
 gallery/templates/layout.html           | 12 +++++++++---
 gallery/templates/settings/account.html |  6 ++++++
 gallery/views/settings.py               |  2 +-
 pyproject.toml                          |  2 +-
 run.py                                  |  2 +-
 9 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/gallery/__init__.py b/gallery/__init__.py
index bd76ae7..58e5150 100644
--- a/gallery/__init__.py
+++ b/gallery/__init__.py
@@ -27,6 +27,7 @@ from gallery import db
 
 USER_DIR = platformdirs.user_config_dir('onlylegs')
 
+
 db_session = sessionmaker(bind=db.engine)
 db_session = db_session()
 login_manager = LoginManager()
@@ -67,10 +68,16 @@ def create_app(test_config=None):
 
     login_manager.init_app(app)
     login_manager.login_view = 'gallery.index'
+    login_manager.session_protection = 'strong'
 
     @login_manager.user_loader
     def load_user(user_id):
-        return db_session.query(db.Users).filter_by(id=user_id).first()
+        return db_session.query(db.Users).filter_by(alt_id=user_id).first()
+
+    @login_manager.unauthorized_handler
+    def unauthorized():
+        return render_template('error.html', error=401,
+                               msg='You are not authorized to view this page!!!!'), 401
 
     # Load JS assets
     # TODO: disable caching for sass files as it makes it hard to work on when it is enabled
@@ -83,9 +90,7 @@ def create_app(test_config=None):
     def error_page(err):  # noqa
         if not isinstance(err, HTTPException):
             abort(500)
-        return render_template('error.html',
-                               error=err.code,
-                               msg=err.description), err.code
+        return render_template('error.html', error=err.code, msg=err.description), err.code
 
     # Load login, registration and logout manager
     from gallery import auth
diff --git a/gallery/auth.py b/gallery/auth.py
index b51c885..bc2d117 100644
--- a/gallery/auth.py
+++ b/gallery/auth.py
@@ -3,10 +3,11 @@ OnlyLegs - Authentication
 User registration, login and logout and locking access to pages behind a login
 """
 import re
+from uuid import uuid4
 import logging
 from datetime import datetime as dt
 
-from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify
+from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify, session
 from werkzeug.security import check_password_hash, generate_password_hash
 
 from flask_login import login_user, logout_user, login_required
@@ -87,7 +88,7 @@ def register():
     if error:
         return jsonify(error)
 
-    register_user = db.Users(username=username, email=email,
+    register_user = db.Users(alt_id=str(uuid4()), username=username, email=email,
                              password=generate_password_hash(password, method='sha256'),
                              created_at=dt.utcnow())
     db_session.add(register_user)
diff --git a/gallery/db.py b/gallery/db.py
index df1f389..f3ff844 100644
--- a/gallery/db.py
+++ b/gallery/db.py
@@ -27,7 +27,9 @@ class Users (base, UserMixin):  # pylint: disable=too-few-public-methods, C0103
     """
     __tablename__ = 'users'
 
+    # Gallery used information
     id = Column(Integer, primary_key=True)
+    alt_id = Column(String, unique=True, nullable=False)
     username = Column(String, unique=True, nullable=False)
     email = Column(String, unique=True, nullable=False)
     password = Column(String, nullable=False)
@@ -35,9 +37,11 @@ class Users (base, UserMixin):  # pylint: disable=too-few-public-methods, C0103
 
     posts = relationship('Posts', backref='users')
     groups = relationship('Groups', backref='users')
-    session = relationship('Sessions', backref='users')
     log = relationship('Logs', backref='users')
 
+    def get_id(self):
+        return str(self.alt_id)
+
 
 class Posts (base):  # pylint: disable=too-few-public-methods, C0103
     """
@@ -91,22 +95,6 @@ class GroupJunction (base):  # pylint: disable=too-few-public-methods, C0103
     post_id = Column(Integer, ForeignKey('posts.id'))
 
 
-class Sessions (base):  # pylint: disable=too-few-public-methods, C0103
-    """
-    Session table
-    Joins with user
-    """
-    __tablename__ = 'sessions'
-
-    id = Column(Integer, primary_key=True)
-    user_id = Column(Integer, ForeignKey('users.id'))
-    session_uuid = Column(String, nullable=False)
-    ip_address = Column(String, nullable=False)
-    user_agent = Column(String, nullable=False)
-    active = Column(Boolean, nullable=False)
-    created_at = Column(DateTime, nullable=False)
-
-
 class Logs (base):  # pylint: disable=too-few-public-methods, C0103
     """
     Log table
diff --git a/gallery/static/js/pre/main.js b/gallery/static/js/pre/main.js
index d73bcb5..c5ba3cf 100644
--- a/gallery/static/js/pre/main.js
+++ b/gallery/static/js/pre/main.js
@@ -65,7 +65,7 @@ window.onload = function () {
                       'Using <a href="https://phosphoricons.com/">Phosphoricons</a> and ' +
                       '<a href="https://www.gent.media/manrope">Manrope</a> <br>' +
                       'Made by Fluffy and others with ❤️ <br>' +
-                      '<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.02</a>');
+                      '<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.03</a>');
         }
     }
 };
diff --git a/gallery/templates/layout.html b/gallery/templates/layout.html
index f047879..4dc94e0 100644
--- a/gallery/templates/layout.html
+++ b/gallery/templates/layout.html
@@ -26,17 +26,23 @@
         media="(prefers-color-scheme: dark)"/>
 
     {% assets "js_pre" %}
-    <script type="text/javascript" src="{{ ASSET_URL }}"></script>
+        <script type="text/javascript" src="{{ ASSET_URL }}"></script>
     {% endassets %}
     
     {% assets "js_post" %}
-    <script type="text/javascript" src="{{ ASSET_URL }}" defer></script>
+        <script type="text/javascript" src="{{ ASSET_URL }}" defer></script>
     {% endassets %}
 
     {% assets "styles" %}
-    <link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer>
+        <link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer>
     {% endassets %}
 
+    <style>
+        #modifyGroup {
+            padding: 0.5rem;
+        }
+    </style>
+
     {% block head %}{% endblock %}
 </head>
 <body>
diff --git a/gallery/templates/settings/account.html b/gallery/templates/settings/account.html
index c6f0dc4..aad5c2e 100644
--- a/gallery/templates/settings/account.html
+++ b/gallery/templates/settings/account.html
@@ -4,4 +4,10 @@
 {% block settings_content %}
     <h2>Account</h2>
     <a href="{{ url_for( 'auth.logout' ) }}">Logout</a>
+    <p>Is session fresh?</p>
+    {% if fresh %}
+        <p>Yes</p>
+    {% else %}
+        <p>No</p>
+    {% endif %}
 {% endblock %}
\ No newline at end of file
diff --git a/gallery/views/settings.py b/gallery/views/settings.py
index 94926e9..6475132 100644
--- a/gallery/views/settings.py
+++ b/gallery/views/settings.py
@@ -2,7 +2,7 @@
 OnlyLegs - Settings page
 """
 from flask import Blueprint, render_template
-from flask_login import login_required
+from flask_login import login_required, current_user
 
 blueprint = Blueprint('settings', __name__, url_prefix='/settings')
 
diff --git a/pyproject.toml b/pyproject.toml
index 3b4bd29..a7eb497 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "onlylegs"
-version = "23.04.02"
+version = "23.04.03"
 description = "Gallery built for fast and simple image management"
 authors = ["Fluffy-Bean <michal-gdula@protonmail.com>"]
 license = "MIT"
diff --git a/run.py b/run.py
index 2261f0f..2f5ac66 100644
--- a/run.py
+++ b/run.py
@@ -14,7 +14,7 @@ print("""
 #+#    #+# #+#   #+#+# #+#        #+#    #+#        #+#       #+#    #+# #+#    #+#
  ########  ###    #### ########## ###    ########## ######### #########   ########
 
-                     Created by Fluffy Bean - Version 23.04.02
+                     Created by Fluffy Bean - Version 23.04.03
 """)