python-web-microfeedback/app.py at main · hmffa/python-web-microfeedback · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import datetime
import os
import time

from flask import Flask, render_template, request, session, redirect
from pymongo import MongoClient
from bson.objectid import ObjectId
from functools import wraps
from datetime import timedelta


# from flask_ipban import IpBan

app = Flask(__name__)
# ip_ban = IpBan(app=app,ban_seconds=60)
# ip_ban.init_app(app)
# ip_ban.load_nuisances()
client = MongoClient(os.environ.get("MONGODB_URI"))
app.db = client.securify
app.secret_key = str(os.environ.get("APP_SECRET"))

def requires_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if "logged_in" not in session:
            return render_template("login.html")
        return f(*args, **kwargs)

    return decorated

@app.route("/", methods=["GET", "POST"])
def home():
    if request.method == "POST":
        ip_address = request.remote_addr
        print(ip_address)
        entry_content = request.form.get("content")
        formatted_date = datetime.datetime.today().strftime("%Y-%m-%d/%H:%M")
        app.db.entries.insert({"content": entry_content, "date": formatted_date, "IP": ip_address})
        time.sleep(3)

    # entries_with_date = [
    #     (
    #         entry["content"],
    #         entry["date"],
    #         datetime.datetime.strptime(entry["date"], "%Y-%m-%d").strftime("%b %d")
    #     )
    #     for entry in app.db.entries.find({})
    # ]
    return render_template("home.html")


# @app.route("/login", methods=["GET","POST"])
# def login():
#     if request.method == "POST":
#         data = request.form.to_dict()
#         serverData = [
#             (entry["password"]) for entry in
#             app.db.users.find({"username": data["username"]})
#         ]
#     return render_template("login.html")


# @app.route("/delete/<string:id>", methods=["GET", "POST"])
# def delete(id):
#     if request.method == "POST":
#         print(id)


@app.route("/posts", methods=["GET", "POST"])
def posts():

    if request.method == "POST":
        if request.form.get("delete"):
            id = request.form.get("delete")
            app.db.entries.delete_one({"_id":ObjectId(id)})
            print(request.form.get("delete"))

        else:
            data = request.form.to_dict()
            server_data = [
                (entry["password"]) for entry in
                app.db.users.find({"username": data["username"]})
            ]
            if server_data:
                print(data["password"].encode("UTF-8"), server_data[0].encode("UTF-8"))
                if data["password"].encode("UTF-8") == server_data[0].encode("UTF-8"):
                    print("Credentials Match!")
                    session.permanent = True
                    app.permanent_session_lifetime = timedelta(seconds=25)
                    session["logged_in"] = {"user":"admin"}
                    print(session["logged_in"])
                    return redirect("/posts")
                else:
                    print("Credentials Do Not Match!")
                    return "Credentials Do Not Match!"
            else:
                print("No such a user!")
                return "No such a user!"

    if "logged_in" not in session:
        return render_template("login.html")
    else:
        entries_with_date = [
            (
                entry["content"],
                entry["date"],
                datetime.datetime.strptime(entry["date"], "%Y-%m-%d/%H:%M").strftime("%b %d/%H:%M"),
                entry["IP"],
                entry["_id"]
            )
            for entry in app.db.entries.find({})
        ]
        print(entries_with_date)
        return render_template("posts.html", entries=entries_with_date)