CSP-Reporter/src/app.py

from flask import Flask, render_template, g, request, url_for, flash, redirect, session
from rethinkdb import r
from rethinkdb.errors import RqlRuntimeError, RqlDriverError
from werkzeug.exceptions import abort
from werkzeug.security import generate_password_hash, check_password_hash

app = Flask(__name__)
app.config.from_envvar("ENVIRONMENTFILE")


def dbSetup():
    connection = r.connect(
        host=app.config.get("RDB_HOST"), port=app.config.get("RDB_PORT")
    )
    try:
        r.db_create(app.config.get("RDB_DB")).run(connection)
        r.db(app.config.get("RDB_DB")).table_create("cspreport").run(connection)
        r.db(app.config.get("RDB_DB")).table_create("users").run(connection)
        r.db(app.config.get("RDB_DB")).table_create("website").run(connection)
        print("Database setup completed")
    except RqlRuntimeError:
        print("Database already exists.")
    finally:
        connection.close()


dbSetup()


@app.before_request
def before_request():
    try:
        g.rdb_conn = r.connect(
            host=app.config.get("RDB_HOST"),
            port=app.config.get("RDB_PORT"),
            db=app.config.get("RDB_DB"),
        )
    except RqlDriverError:
        abort(503, "Database connection could be established.")


@app.teardown_request
def teardown_request(exception):
    try:
        g.rdb_conn.close()
    except AttributeError:
        pass


@app.route("/")
def index():
    return render_template("index.html")


@app.route("/register", methods=("GET", "POST"))
def register():
    """
    csp = list(r.table("cspreport").run(g.rdb_conn))
    """
    if request.method == "POST":
        login = request.form["login"]
        email = request.form["email"]
        password = request.form["password"]
        if not login or not password or not email:
            flash("Missing field")
        else:
            r.table("users").insert(
                {
                    "login": login,
                    "email": email,
                    "password": generate_password_hash(password),
                }
            ).run(g.rdb_conn)
            return redirect("/login", code=302)
    return render_template("register.html")


@app.route("/login", methods=("GET", "POST"))
def login():
    """
    csp = list(r.table("cspreport").run(g.rdb_conn))
    """
    if request.method == "POST":
        login = request.form["login"]
        password = request.form["password"]
        if not login or not password:
            flash("Missing field")
        else:
            users = r.table("users").filter({"login": login}).run(g.rdb_conn)
            for user in users:
                if check_password_hash(user["password"], password):
                    session["login"] = login
                    session["id"] = user["id"]
                    return redirect("/manager", code=302)
    return render_template("login.html")

@app.route("/manager")
def manager():
    return render_template("index.html")