Chris/devopsexam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

For Private page, add feature 'take note'

Browse Source 
This makes this app much more meaningful. For this feature, a new database table is added. More complicated logics are also needed, for example, we use hash(user ID + timestamp + note contant) as the unique id of each note (it's necessary when we try to delete a note)
This commit is contained in:
XD-DENG
2017-07-03 22:34:58 +08:00
parent 8ff8bb625c
commit c072aa771d
8 changed files with 150 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
app.py
View File

@@ -1,5 +1,6 @@
from flask import Flask, session, url_for, redirect, render_template, request, abort, flash
from database import list_users, verify, delete_user_from_db, add_user
from database import read_note_from_db, write_note_into_db, delete_note_from_db, match_user_id_with_note_id
app = Flask(__name__)
app.config.from_object('config')
@@ -10,6 +11,10 @@ app.config.from_object('config')
def FUN_401(error):
return render_template("page_401.html"), 401
@app.errorhandler(403)
def FUN_403(error):
return render_template("page_403.html"), 403
@app.errorhandler(404)
def FUN_404(error):
return render_template("page_404.html"), 404
@@ -33,7 +38,12 @@ def FUN_public():
@app.route("/private/")
def FUN_private():
if "current_user" in session.keys():
return render_template("private_page.html")
notes_list = read_note_from_db(session['current_user'])
notes_table = zip([x[0] for x in notes_list],\
[x[1] for x in notes_list],\
[x[2] for x in notes_list],\
["/delete_note/" + x[0] for x in notes_list])
return render_template("private_page.html", notes = notes_table)
else:
return abort(401)
@@ -53,6 +63,26 @@ def FUN_admin():
@app.route("/write_note", methods = ["POST"])
def FUN_write_note():
text_to_write = request.form.get("text_note_to_take")
write_note_into_db(session['current_user'], text_to_write)
return(redirect(url_for("FUN_private")))
@app.route("/delete_note/<note_id>", methods = ["GET"])
def FUN_delete_note(note_id):
if session.get("current_user", None) == match_user_id_with_note_id(note_id): # Ensure the current user is NOT operating on other users' note.
delete_note_from_db(note_id)
else:
return abort(401)
return(redirect(url_for("FUN_private")))
@app.route("/login", methods = ["POST"])
def FUN_login():
id_submitted = request.form.get("id").upper()

71
database.py
View File

@@ -1,10 +1,12 @@
import sqlite3
import hashlib
import datetime
db_file_location = "database_file/users.db"
user_db_file_location = "database_file/users.db"
note_db_file_location = "database_file/notes.db"
def list_users():
_conn = sqlite3.connect(db_file_location)
_conn = sqlite3.connect(user_db_file_location)
_c = _conn.cursor()
_c.execute("select id from users;")
@@ -15,7 +17,7 @@ def list_users():
return result
def verify(id, pw):
_conn = sqlite3.connect(db_file_location)
_conn = sqlite3.connect(user_db_file_location)
_c = _conn.cursor()
_c.execute("select pw from users where id = '" + id + "';")
@@ -26,20 +28,75 @@ def verify(id, pw):
return result
def delete_user_from_db(id):
_conn = sqlite3.connect(db_file_location)
_conn = sqlite3.connect(user_db_file_location)
_c = _conn.cursor()
_c.execute("delete from users where id = '" + id + "';")
_conn.commit()
_conn.close()
# when we delete a user from database USERS, we also need to delete all his or her notes data from database NOTES
_conn = sqlite3.connect(note_db_file_location)
_c = _conn.cursor()
_c.execute("delete from notes where user = '" + id + "';")
_conn.commit()
_conn.close()
def add_user(id, pw):
_conn = sqlite3.connect(db_file_location)
_conn = sqlite3.connect(user_db_file_location)
_c = _conn.cursor()
command = "insert into users values('" + id.upper() + "', '" + hashlib.sha256(pw).hexdigest() + "');"
_c.execute(command)
_conn.commit()
_conn.close()
def read_note_from_db(id):
_conn = sqlite3.connect(note_db_file_location)
_c = _conn.cursor()
command = "select note_id, timestamp, note from notes where user = '" + id.upper() + "';"
_c.execute(command)
result = _c.fetchall()
_conn.commit()
_conn.close()
return result
def match_user_id_with_note_id(note_id):
# Given the note id, confirm if the current user is the owner of the note which is being operated.
_conn = sqlite3.connect(note_db_file_location)
_c = _conn.cursor()
command = "select user from notes where note_id = '" + note_id + "';"
_c.execute(command)
result = _c.fetchone()[0]
_conn.commit()
_conn.close()
return result
def write_note_into_db(id, note_to_write):
_conn = sqlite3.connect(note_db_file_location)
_c = _conn.cursor()
current_timestamp = str(datetime.datetime.now())
command = "insert into notes values('" + id.upper() + "', '" + \
current_timestamp + "', '" + note_to_write + \
"', '" + hashlib.sha1(id.upper() + current_timestamp + note_to_write).hexdigest() + "');"
_c.execute(command)
_conn.commit()
_conn.close()
def delete_note_from_db(note_id):
_conn = sqlite3.connect(note_db_file_location)
_c = _conn.cursor()
command = "delete from notes where note_id = '" + note_id + "';"
_c.execute(command)
_conn.commit()
_conn.close()
@@ -47,5 +104,7 @@ def add_user(id, pw):
if __name__ == "__main__":
print list_users()

BIN
database_file/notes.db Normal file
View File

Binary file not shown.

BIN
database_file/users.db
View File

Binary file not shown.

BIN
static/img/private.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 77 KiB

20
templates/admin.html
View File

@@ -5,16 +5,18 @@
{# only invoked when failed adding new ID due to duplication #}
{% if id_to_add_is_duplicated %}
<div class="text-danger">
<strong>Warning!</strong> The account name already exists.
</div>
<div class="alert alert-dismissible alert-danger">
<button type="button" class="close" data-dismiss="alert">&times;</button>
<strong>Warning!</strong> The account name already exists.
</div>
{% endif %}
{# only invoked when failed adding new ID due to invalid character #}
{% if id_to_add_is_invalid %}
<div class="text-danger">
<strong>Warning!</strong> The account name is invalid.
</div>
<div class="alert alert-dismissible alert-danger">
<button type="button" class="close" data-dismiss="alert">&times;</button>
<strong>Warning!</strong> The account name is invalid.
</div>
{% endif %}
<div class = "container">
@@ -63,10 +65,4 @@
</div>
{% endblock %}

6
templates/page_403.html Normal file
View File

@@ -0,0 +1,6 @@
{% extends "layout.html" %}
{% block page_title %}Forbidden(403){% endblock %}
{% block body %}
{{ super() }}
This operation is forbidden.
{% endblock %}

42
templates/private_page.html
View File

@@ -2,6 +2,44 @@
{% block page_title %}Private Page{% endblock %}
{% block body %}
{{ super() }}
<img src="{{ url_for('static', filename='img/private.jpg') }}" class="img-circle" alt="Cinque Terre" width="304" height="236">
Only logged-in users, like you, can access this page.
<h4>You can take notes here. Only yourself can access them. They will be removed when your account is removed.</h4>
<hr>
<div class="form-group">
<label for="textArea" class="col-lg-3 control-label">Note to Take</label>
<div class="col-lg-9">
<form action="/write_note" method="post">
<input class="form-control" name="text_note_to_take"></input>
<button type="submit" class="btn btn-success">Submit</button>
</form>
</div>
</div>
<hr>
{% if notes %}
<h2>Your Notes</h2>
<table class="table">
<thead>
<tr>
<th>Note ID</th>
<th>Timestamp</th>
<th>Note</th>
<th>Action</th>
</tr>
</thead>
{% for note_id, timestamp, note, act in notes %}
<tr>
<td> {{ note_id }} </td>
<td> {{ timestamp }} </td>
<td> {{ note }} </td>
<td><a href={{act}}>Delete</a></td>
</tr>
{% endfor %}
</table>
{% endif %}
{% endblock %}