Add alt_id to database for cookie management

update version
This commit is contained in:
Michał 2023-04-03 22:28:12 +00:00
parent 4e50a66514
commit af497b7da7
9 changed files with 36 additions and 30 deletions

View file

@ -27,6 +27,7 @@ from gallery import db
USER_DIR = platformdirs.user_config_dir('onlylegs')
db_session = sessionmaker(bind=db.engine)
db_session = db_session()
login_manager = LoginManager()
@ -67,10 +68,16 @@ def create_app(test_config=None):
login_manager.init_app(app)
login_manager.login_view = 'gallery.index'
login_manager.session_protection = 'strong'
@login_manager.user_loader
def load_user(user_id):
return db_session.query(db.Users).filter_by(id=user_id).first()
return db_session.query(db.Users).filter_by(alt_id=user_id).first()
@login_manager.unauthorized_handler
def unauthorized():
return render_template('error.html', error=401,
msg='You are not authorized to view this page!!!!'), 401
# Load JS assets
# TODO: disable caching for sass files as it makes it hard to work on when it is enabled
@ -83,9 +90,7 @@ def create_app(test_config=None):
def error_page(err): # noqa
if not isinstance(err, HTTPException):
abort(500)
return render_template('error.html',
error=err.code,
msg=err.description), err.code
return render_template('error.html', error=err.code, msg=err.description), err.code
# Load login, registration and logout manager
from gallery import auth

View file

@ -3,10 +3,11 @@ OnlyLegs - Authentication
User registration, login and logout and locking access to pages behind a login
"""
import re
from uuid import uuid4
import logging
from datetime import datetime as dt
from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify
from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify, session
from werkzeug.security import check_password_hash, generate_password_hash
from flask_login import login_user, logout_user, login_required
@ -87,7 +88,7 @@ def register():
if error:
return jsonify(error)
register_user = db.Users(username=username, email=email,
register_user = db.Users(alt_id=str(uuid4()), username=username, email=email,
password=generate_password_hash(password, method='sha256'),
created_at=dt.utcnow())
db_session.add(register_user)

View file

@ -27,7 +27,9 @@ class Users (base, UserMixin): # pylint: disable=too-few-public-methods, C0103
"""
__tablename__ = 'users'
# Gallery used information
id = Column(Integer, primary_key=True)
alt_id = Column(String, unique=True, nullable=False)
username = Column(String, unique=True, nullable=False)
email = Column(String, unique=True, nullable=False)
password = Column(String, nullable=False)
@ -35,9 +37,11 @@ class Users (base, UserMixin): # pylint: disable=too-few-public-methods, C0103
posts = relationship('Posts', backref='users')
groups = relationship('Groups', backref='users')
session = relationship('Sessions', backref='users')
log = relationship('Logs', backref='users')
def get_id(self):
return str(self.alt_id)
class Posts (base): # pylint: disable=too-few-public-methods, C0103
"""
@ -91,22 +95,6 @@ class GroupJunction (base): # pylint: disable=too-few-public-methods, C0103
post_id = Column(Integer, ForeignKey('posts.id'))
class Sessions (base): # pylint: disable=too-few-public-methods, C0103
"""
Session table
Joins with user
"""
__tablename__ = 'sessions'
id = Column(Integer, primary_key=True)
user_id = Column(Integer, ForeignKey('users.id'))
session_uuid = Column(String, nullable=False)
ip_address = Column(String, nullable=False)
user_agent = Column(String, nullable=False)
active = Column(Boolean, nullable=False)
created_at = Column(DateTime, nullable=False)
class Logs (base): # pylint: disable=too-few-public-methods, C0103
"""
Log table

View file

@ -65,7 +65,7 @@ window.onload = function () {
'Using <a href="https://phosphoricons.com/">Phosphoricons</a> and ' +
'<a href="https://www.gent.media/manrope">Manrope</a> <br>' +
'Made by Fluffy and others with ❤️ <br>' +
'<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.02</a>');
'<a href="https://github.com/Fluffy-Bean/onlylegs">V23.04.03</a>');
}
}
};

View file

@ -37,6 +37,12 @@
<link rel="stylesheet" href="{{ ASSET_URL }}" type="text/css" defer>
{% endassets %}
<style>
#modifyGroup {
padding: 0.5rem;
}
</style>
{% block head %}{% endblock %}
</head>
<body>

View file

@ -4,4 +4,10 @@
{% block settings_content %}
<h2>Account</h2>
<a href="{{ url_for( 'auth.logout' ) }}">Logout</a>
<p>Is session fresh?</p>
{% if fresh %}
<p>Yes</p>
{% else %}
<p>No</p>
{% endif %}
{% endblock %}

View file

@ -2,7 +2,7 @@
OnlyLegs - Settings page
"""
from flask import Blueprint, render_template
from flask_login import login_required
from flask_login import login_required, current_user
blueprint = Blueprint('settings', __name__, url_prefix='/settings')

View file

@ -1,6 +1,6 @@
[tool.poetry]
name = "onlylegs"
version = "23.04.02"
version = "23.04.03"
description = "Gallery built for fast and simple image management"
authors = ["Fluffy-Bean <michal-gdula@protonmail.com>"]
license = "MIT"

2
run.py
View file

@ -14,7 +14,7 @@ print("""
#+# #+# #+# #+#+# #+# #+# #+# #+# #+# #+# #+# #+#
######## ### #### ########## ### ########## ######### ######### ########
Created by Fluffy Bean - Version 23.04.02
Created by Fluffy Bean - Version 23.04.03
""")