pyrom/app/routes/users.py

from flask import (
    Blueprint, render_template, request, redirect, url_for, flash, session
    )
from ..models import Users, Sessions
from ..constants import InfoboxKind
from ..auth import digest, verify
import secrets
import time

bp = Blueprint("users", __name__, url_prefix = "/users/")


def is_logged_in():
    return "pyrom_session_key" in session


def get_active_user():
    if not is_logged_in():
        return None
    sess = Sessions.find({"key": session["pyrom_session_key"]})
    if not sess:
        return None
    return Users.find({"id": sess.user_id})


@bp.get("/log_in")
def log_in():
    return render_template("users/log_in.html")


@bp.post("/log_in")
def log_in_post():
    target_user = Users.find({
        "username": request.form['username']
    })
    if not target_user:
        flash("Incorrect username or password.", InfoboxKind.ERROR)
        return redirect(url_for("users.log_in"))

    if not verify(target_user.password_hash, request.form['password']):
        flash("Incorrect username or password.", InfoboxKind.ERROR)
        return redirect(url_for("users.log_in"))

    session_obj = Sessions.create({
        "key": secrets.token_hex(16),
        "user_id": target_user.id,
        "expires_at": int(time.time()) + 30 * 24 * 60 * 60,
    })

    session['pyrom_session_key'] = session_obj.key
    flash("Logged in!", InfoboxKind.INFO)
    return redirect(url_for("users.log_in"))


@bp.get("/sign_up")
def sign_up():
    return "not yet"


@bp.get("/<username>")
def page(username):
    return "stub"


@bp.get("/<username>/setings")
def settings(username):
    return "stub"


@bp.get("/<username>/inbox")
def inbox(username):
    return "stub"


@bp.get("/list")
def user_list():
    return "stub"