git rekt — myprecious.git: b4381fb7f21f9230bd9f1ecfbc8e3c35728fddb3

add admin and register

Andronaco Marco marco.andronaco@olivetti.com

Wed, 19 Jul 2023 17:32:34 +0200

commit

b4381fb7f21f9230bd9f1ecfbc8e3c35728fddb3

parent

e8c2016807a630fd6f00a7c7061ab15a0f7ffd9b

8 files changed, 113 insertions(+), 17 deletions(-)

jump to

.vscode/launch.json

migrations/init.sql

myprecious/db.py

myprecious/static/style.css

myprecious/templates/admin.html

myprecious/templates/register.html

myprecious/utils.py

myprecious/views.py

A .vscode/launch.json

@@ -0,0 +1,27 @@
+{
+    // Usare IntelliSense per informazioni sui possibili attributi.
+    // Al passaggio del mouse vengono visualizzate le descrizioni degli attributi esistenti.
+    // Per altre informazioni, visitare: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python: Flask",
+            "type": "python",
+            "request": "launch",
+            "module": "flask",
+            "env": {
+                "FLASK_APP": "myprecious",
+                "FLASK_DEBUG": "1"
+            },
+            "args": [
+                "run",
+                "--no-debugger",
+                "--no-reload",
+                "--port",
+                "1111"
+            ],
+            "jinja": true,
+            "justMyCode": true
+        }
+    ]
+}

M migrations/init.sql → migrations/init.sql

@@ -8,5 +8,6 @@
 create table if not exists queue (
     username text primary key,
     password text not null,
-    email text
+    email text,
+    requested datetime DEFAULT CURRENT_TIMESTAMP
 )

M myprecious/db.py → myprecious/db.py

@@ -39,15 +39,23 @@ query_str = "insert or ignore into login (username, password, email) values (?,?,?);"
     query_param = [username, password, email]
     return db_query(query_str, query_param)
 
-def accept_user(username):
-    r = get_user_from_username(username, "queue")
-    return add_user(r[0], r[1], r[2])
-
 def get_user_from_username(username: str, table="login"):
-    return db_query_one(f"SELECT * FROM { table } where username = (?)", [username])
+    return db_query_one(f"SELECT * FROM { table } where username = (?);", [username])
 
 def get_user_from_id(id: int):
-    return db_query_one("SELECT * from login where user_id = (?)", [id])
+    return db_query_one("SELECT * from login where user_id = (?);", [id])
+
+def get_queued_users():
+    res = db_query("SELECT * from queue;", [])
+    return res.fetchall()
+
+def deny_user(nick):
+    return db_query_one("DELETE FROM queue WHERE username = (?)", [nick])
+
+def allow_user(nick):
+    r = get_user_from_username(nick, "queue")
+    r = add_user(r[0], r[1], r[2])
+    return deny_user(nick)
 
 def init_db():
     run_sql(c.MIGRATIONS_INIT_PATH)

M myprecious/static/style.css → myprecious/static/style.css

@@ -48,4 +48,17 @@ }
 
 .error {
     color: lightcoral;
-}+}
+
+.t-row {
+    height: 50px;
+}
+
+.t-row > td {
+    padding-left: 10px;
+    padding-right: 10px;
+}
+
+.t-center {
+    text-align: center;
+}

M myprecious/templates/admin.html → myprecious/templates/admin.html

@@ -1,8 +1,35 @@
 {% extends "base.html" %}
 {% block title %}admin{% endblock %}
 {% block content %}
-to be implemented...
-<form action="/admin" method="POST" enctype="multipart/form-data">
-    <input type="submit" value="save" />
-</form>
+    <h2>queue</h2>
+    <table>
+        <thead>
+            <tr class="t-row">
+                <td>Requested</td>
+                <td>Username</td>
+                <td>E-Mail</td>
+                <td>Actions</td>
+            </tr>
+        </thead>
+        <tbody>
+        {% for entry in queue %}
+            <tr class="t-row">
+                <td>{{ entry[3] }}</td>
+                <td>{{ entry[0] }}</td>
+                <td>{% if entry[2] %}{{ entry[2] }}{% else %}&#8212;{% endif %}</td>
+                <td class="t-center" data-username="{{ entry[0] }}">
+                    <input type="button" onclick="allow_or_deny(this)" value="allow" />&nbsp;
+                    <input type="button" onclick="allow_or_deny(this, false)" value="deny" />
+                </td>
+            </tr>
+        {% endfor %}
+        </tbody>
+    </table>
+<script>
+    function allow_or_deny(button, allow=true) {
+        const username = button.parentElement.getAttribute("data-username");
+        action = allow ? "allow" : "deny";
+        window.location.href="/admin/" + action + "/" + username;
+    }
+</script>
 {% endblock %}

M myprecious/templates/register.html → myprecious/templates/register.html

@@ -1,7 +1,6 @@
 {% extends "base.html" %}
 {% block title %}register{% endblock %}
 {% block content %}
-to be implemented...
 <form action="/register" method="POST" enctype="multipart/form-data">
     <input type="text" name="username" placeholder="username" />
     <input type="email" name="email" placeholder="e-mail (optional)"/>

M myprecious/utils.py → myprecious/utils.py

@@ -27,4 +27,4 @@ def parse_remember(form):
     try:
         return bool(form["remember"])
     except KeyError:
-        return False+        return False

M myprecious/views.py → myprecious/views.py

@@ -4,6 +4,7 @@ from flask_login import login_user, logout_user, current_user
 import myprecious.constants as c
 from myprecious.utils import handle_response, parse_remember
 from myprecious.auth import handle_register, handle_login, get_logged_user
+from myprecious.db import get_queued_users, allow_user, deny_user
 from myprecious.files import handle_upload
 from myprecious.encoding import obj_decode
 if app.debug:
@@ -87,14 +88,34 @@ @app.route('/admin', methods=['GET', 'POST'])
 def route_admin():
     if not current_user.is_authenticated:
         return redirect('/')
-    
     if current_user.id != 1:
         return redirect('/')
     
     if request.method == "GET":
-        return render("admin.html")
+        queue = get_queued_users()
+        return render("admin.html", queue=queue)
+    return render("admin.html")
+
+@app.route('/admin/allow/<username>')
+def route_admin_allow(username):
+    if not current_user.is_authenticated:
+        return redirect('/')
+    if current_user.id != 1:
+        return redirect('/')
     
-    return render("admin.html")
+    allow_user(username)
+    return redirect("/admin")
+
+@app.route('/admin/deny/<username>')
+def route_admin_deny(username):
+    if not current_user.is_authenticated:
+        return redirect('/')
+    if current_user.id != 1:
+        return redirect('/')
+    
+    deny_user(username)
+    return redirect("/admin")
+    
 
 @app.route('/about')
 def route_about():

all repos — myprecious @ b4381fb7f21f9230bd9f1ecfbc8e3c35728fddb3

A lightweight web service to backup precious game saves.