Commit 8ee7c0dd authored by Daniel Niecke's avatar Daniel Niecke

closing #13

parent c52368a3
......@@ -30,6 +30,7 @@ class User(db.Model, UserMixin):
username = db.Column(db.String(256), nullable=False, unique=True)
password = db.Column(db.String(256), nullable=True)
removed = db.Column(db.Boolean, default=False)
key = db.Column(db.String(512))
roles = db.relationship(
'Role',
......
......@@ -40,5 +40,5 @@ with app.app_context():
identity.provides.add(RoleNeed(role.name))
app.run()
app.run(host='0.0.0.0')
......@@ -9,6 +9,7 @@ from server.models import User, db
from server.forms import LoginForm, PWForm, RegisterForm, DateForm
from datetime import date
from datetime import datetime
import hashlib
app = Flask(__name__)
......@@ -56,6 +57,31 @@ def home():
return render_template('index.html', form=form)
@app.route('/activate', methods=['POST'])
def activate():
username = request.form.get('username', None)
password = request.form.get('password', None)
if not username or not password:
return Response('Missing values', 400)
user = User.query.filter_by(username=username).one()
if not user.check_password(password):
return Response('Wrong credentials', 403)
m = hashlib.sha3_512()
key_raw = f'{user.username}|{user.password}'
m.update(key_raw.encode('utf-8'))
server_key = m.digest()
user.key = server_key
db.session.commit()
print(f'User: {username} activated.')
return Response(f'{server_key}', 200)
def get_data(begin, end, format_type='list'):
if format_type not in ['list', 'plain', 'csv']:
......@@ -133,15 +159,25 @@ def login():
return render_template('login.html', form=form)
@app.route("/<int:user>/<string:date>")
def index(user, date):
gps_work = GPSWork()
gps_work.user_id = user
gps_work.datetime = datetime.utcfromtimestamp(int(date))
db.session.add(gps_work)
db.session.commit()
print("New data added.")
return ""
@app.route("/<string:username>/<string:date>", methods=['POST'])
def index(username, date):
key = request.form['key', None]
if not key:
return Response('Missing key.', 400)
# check that key is correct
user = User.query.filter_by(username=username).one()
if key != user.key:
return Response('Wrong credentials.', 403)
else:
gps_work = GPSWork()
gps_work.user_id = user
gps_work.datetime = datetime.utcfromtimestamp(int(date))
db.session.add(gps_work)
db.session.commit()
print("New data added.")
return Response("OK", 200)
@app.route("/show_user_data")
@login_required
......@@ -222,7 +258,3 @@ def show_raw(user_id):
d = datetime.fromtimestamp(gps_work.timestamp/1000)
content += f'{d}\n'
return Response(content, mimetype='text/plain')
if __name__ == "__main__":
app.run()
db.create_all()
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment