2021-09-09 06:29:31 -07:00
|
|
|
from flask import *
|
|
|
|
import pyrebase
|
|
|
|
from datetime import datetime
|
|
|
|
import pytz
|
|
|
|
import os
|
2021-09-10 07:30:39 -07:00
|
|
|
from dotenv import load_dotenv
|
2021-09-23 07:21:59 -07:00
|
|
|
import requests
|
2021-09-26 06:37:34 -07:00
|
|
|
from manage import manage
|
|
|
|
from upload import upload
|
2021-09-10 07:30:39 -07:00
|
|
|
load_dotenv()
|
2021-09-09 06:29:31 -07:00
|
|
|
app = Flask(__name__)
|
2021-09-26 06:37:34 -07:00
|
|
|
app.register_blueprint(manage)
|
|
|
|
app.register_blueprint(upload)
|
2021-09-09 06:29:31 -07:00
|
|
|
|
|
|
|
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY')
|
|
|
|
config = {
|
|
|
|
"apiKey": os.environ.get('apiKey'),
|
|
|
|
"authDomain": os.environ.get('authDomain'),
|
|
|
|
"databaseURL": os.environ.get('databaseURL'),
|
|
|
|
"storageBucket": os.environ.get('storageBucket'),
|
|
|
|
"serviceAccount": os.environ.get('serviceAccount'),
|
|
|
|
"messagingSenderId": os.environ.get('messagingSenderId'),
|
|
|
|
"appId": os.environ.get('appId'),
|
|
|
|
"measurementId": os.environ.get('measurementId'),
|
|
|
|
}
|
|
|
|
firebase = pyrebase.initialize_app(config)
|
2021-10-02 20:00:21 -07:00
|
|
|
db = firebase.database()
|
2021-09-09 06:29:31 -07:00
|
|
|
auth = firebase.auth()
|
|
|
|
tz = pytz.timezone('Asia/Taipei')
|
|
|
|
|
|
|
|
|
|
|
|
def check_login_status():
|
|
|
|
return ('is_logged_in' not in session or
|
|
|
|
session['is_logged_in'] == False or
|
|
|
|
(datetime.now(tz) - session['loginTime']).total_seconds() > 3600)
|
|
|
|
|
|
|
|
|
2021-09-23 07:21:59 -07:00
|
|
|
def verify_recaptcha(response):
|
2021-10-01 19:38:28 -07:00
|
|
|
return True
|
2021-09-23 07:21:59 -07:00
|
|
|
data = {
|
|
|
|
'secret': os.environ.get('RECAPTCHA_SECRET'),
|
|
|
|
'response': response,
|
|
|
|
'remoteip': request.remote_addr
|
|
|
|
}
|
|
|
|
r = requests.post(
|
|
|
|
'https://www.google.com/recaptcha/api/siteverify', data=data)
|
2021-10-01 19:40:39 -07:00
|
|
|
print(r.json())
|
2021-09-23 07:21:59 -07:00
|
|
|
return r.json()['success']
|
|
|
|
|
|
|
|
|
2021-09-24 22:31:36 -07:00
|
|
|
@ app.route('/', methods=['GET', 'POST'])
|
2021-09-10 07:30:39 -07:00
|
|
|
def index():
|
|
|
|
if request.method == 'GET':
|
|
|
|
if check_login_status():
|
2021-09-24 22:31:36 -07:00
|
|
|
return render_template('login.html')
|
2021-10-02 20:00:21 -07:00
|
|
|
return redirect('/select')
|
2021-09-10 07:30:39 -07:00
|
|
|
elif request.method == 'POST':
|
2021-10-02 20:00:21 -07:00
|
|
|
email = request.form['username']
|
2021-09-10 07:30:39 -07:00
|
|
|
if check_login_status():
|
|
|
|
try:
|
2021-10-01 19:38:28 -07:00
|
|
|
if (verify_recaptcha("")):
|
2021-09-23 07:21:59 -07:00
|
|
|
user = auth.sign_in_with_email_and_password(
|
2021-10-01 08:08:10 -07:00
|
|
|
email, request.form['password'])
|
2021-10-02 20:00:21 -07:00
|
|
|
usrData = db.child("Users").child(user['localId']).child("permission").get(
|
|
|
|
user['idToken']).val()
|
|
|
|
if (usrData == 'realPerson'):
|
|
|
|
print("RealPerson Login SUCC:", email, flush=True)
|
|
|
|
session['is_logged_in'] = True
|
|
|
|
session['email'] = user['email']
|
|
|
|
session['uid'] = user['localId']
|
|
|
|
session['token'] = user['idToken']
|
|
|
|
session['refreshToken'] = user['refreshToken']
|
|
|
|
session['loginTime'] = datetime.now(tz)
|
|
|
|
return redirect('/select')
|
|
|
|
if (usrData == 'admin'):
|
|
|
|
print("Admin Login SUCC:", email, flush=True)
|
|
|
|
session['subuser_type'] = 'admin'
|
|
|
|
session['is_logged_in'] = True
|
|
|
|
session['email'] = user['email']
|
|
|
|
session['uid'] = user['localId']
|
|
|
|
session['token'] = user['idToken']
|
|
|
|
session['refreshToken'] = user['refreshToken']
|
|
|
|
session['loginTime'] = datetime.now(tz)
|
|
|
|
session['showUpload'] = db.child("Users").child(
|
|
|
|
session['uid']).child("showUpload").get(session['token']).val()
|
|
|
|
return redirect('/manage')
|
|
|
|
raise Exception("not real person or admin")
|
2021-09-23 07:21:59 -07:00
|
|
|
else:
|
2021-10-01 08:08:10 -07:00
|
|
|
print("ReC Error:", email, flush=True)
|
2021-09-24 22:31:36 -07:00
|
|
|
flash(
|
|
|
|
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
|
|
|
|
return redirect('/')
|
2021-09-10 07:30:39 -07:00
|
|
|
except Exception as e:
|
2021-10-01 08:10:07 -07:00
|
|
|
print("Error:", email, str(e), flush=True)
|
|
|
|
flash(
|
2021-09-24 22:31:36 -07:00
|
|
|
'帳號或密碼錯誤,請重新輸入<br>Incorrect username or password')
|
2021-10-01 08:10:07 -07:00
|
|
|
return redirect('/')
|
2021-09-10 07:30:39 -07:00
|
|
|
else:
|
2021-10-02 20:00:21 -07:00
|
|
|
return redirect('/select')
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/select', methods=['GET', 'POST'])
|
|
|
|
def selSubUser():
|
|
|
|
if check_login_status():
|
|
|
|
print(session)
|
|
|
|
session.clear()
|
|
|
|
flash("Timeout. 遇時,請重新登入")
|
|
|
|
return redirect('/')
|
|
|
|
if 'subuser_type' in session and session['subuser_type'] == 'admin':
|
|
|
|
return redirect('/manage')
|
|
|
|
if request.method == 'GET':
|
|
|
|
usrData = db.child("Users").child(session['uid']).get(
|
|
|
|
session['token']).val()
|
|
|
|
session['subuser_type'] = ''
|
|
|
|
return render_template('selSubUser.html', data=usrData['accounts'], name=usrData['name'])
|
|
|
|
else:
|
|
|
|
data = request.form['subuser_sel'].split('^')
|
|
|
|
try:
|
|
|
|
if (verify_recaptcha("")):
|
|
|
|
if (data[0] == 'homeroom'):
|
|
|
|
session['homeroom'] = data[1] + '^' + data[2]
|
|
|
|
session['subuser_type'] = 'homeroom'
|
|
|
|
elif (data[0] == 'group'):
|
|
|
|
session['category'] = data[1]
|
|
|
|
session['class'] = data[2]
|
|
|
|
session['subuser_type'] = 'group'
|
|
|
|
return redirect('/manage')
|
|
|
|
else:
|
|
|
|
print("ReC Error:", data, flush=True)
|
|
|
|
flash(
|
|
|
|
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
|
|
|
|
return redirect('/select')
|
|
|
|
except Exception as e:
|
|
|
|
print("Error:", data, str(e), flush=True)
|
|
|
|
flash(str(e))
|
|
|
|
return redirect('/select')
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/chgPassword', methods=['POST', 'GET'])
|
|
|
|
def chgPassword():
|
|
|
|
data = {}
|
|
|
|
if request.method == 'GET':
|
|
|
|
if not check_login_status():
|
|
|
|
return render_template('chgPassword.html')
|
|
|
|
else:
|
|
|
|
return abort(404)
|
|
|
|
elif request.method == 'POST':
|
|
|
|
oldEmail = session['email']
|
|
|
|
delUser = False
|
|
|
|
if not check_login_status():
|
|
|
|
try:
|
|
|
|
if (verify_recaptcha("")):
|
|
|
|
oldUsr = auth.sign_in_with_email_and_password(
|
|
|
|
oldEmail, request.form['password'])
|
|
|
|
print("chgPwd oldUser:", oldEmail, flush=True)
|
|
|
|
old = {}
|
|
|
|
old['uid'] = oldUsr['localId']
|
|
|
|
old['token'] = oldUsr['idToken']
|
|
|
|
data = db.child("Users").child(
|
|
|
|
oldUsr['localId']).get(oldUsr['idToken']).val()
|
|
|
|
print("data:", data, flush=True)
|
|
|
|
|
|
|
|
auth.delete_user_account(oldUsr['idToken'])
|
|
|
|
delUser = True
|
|
|
|
|
|
|
|
newUsr = auth.create_user_with_email_and_password(
|
|
|
|
request.form['new_username'], request.form['new_password'])
|
|
|
|
db.child("Users").child(newUsr['localId']).set(
|
|
|
|
data, newUsr['idToken'])
|
|
|
|
session.clear()
|
|
|
|
flash(
|
|
|
|
'修改密碼成功,請重新登入<br>Password changed successfully. Please login again.')
|
|
|
|
return redirect('/')
|
|
|
|
else:
|
|
|
|
print("ReC Error:", oldEmail, flush=True)
|
|
|
|
flash(
|
|
|
|
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
|
|
|
|
return redirect('/chgPassword')
|
|
|
|
except Exception as e:
|
|
|
|
if delUser:
|
|
|
|
try:
|
|
|
|
usr = auth.create_user_with_email_and_password(
|
|
|
|
oldEmail, request.form['password'])
|
|
|
|
db.child("Users").child(usr['localId']).set(
|
|
|
|
data, usr['idToken'])
|
|
|
|
except:
|
|
|
|
pass
|
|
|
|
print("Error:", oldEmail, str(e), flush=True)
|
|
|
|
flash(str(e))
|
|
|
|
return redirect('/chgPassword')
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/iforgot', methods=['GET', 'POST'])
|
|
|
|
def iforgot():
|
|
|
|
if request.method == 'GET':
|
|
|
|
return render_template('iforgot.html')
|
|
|
|
elif request.method == 'POST':
|
|
|
|
email = request.form['username']
|
|
|
|
try:
|
|
|
|
if (verify_recaptcha("")):
|
|
|
|
auth.send_password_reset_email(email)
|
|
|
|
print("iforgot email sent:", email, flush=True)
|
|
|
|
flash(
|
|
|
|
'重置密碼信件已寄出,請至信箱收取<br>Password reset email has been sent to your email. Please check your email.')
|
|
|
|
return redirect('/')
|
|
|
|
else:
|
|
|
|
print("ReC Error:", email, flush=True)
|
|
|
|
flash(
|
|
|
|
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
|
|
|
|
return redirect('/iforgot')
|
|
|
|
except Exception as e:
|
|
|
|
print("Error:", email, str(e), flush=True)
|
|
|
|
flash(str(e))
|
|
|
|
return redirect('/iforgot')
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/resetPassword', methods=['GET', 'POST'])
|
|
|
|
def resetPassword():
|
|
|
|
if request.method == 'GET':
|
|
|
|
session['oobCode'] = request.args.get('oobCode')
|
|
|
|
return render_template('verifiedChgPassword.html')
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
if (verify_recaptcha("")):
|
|
|
|
auth.verify_password_reset_code(
|
|
|
|
session['oobCode'], request.form['password'])
|
|
|
|
print("resetPassword success:", flush=True)
|
|
|
|
session.clear()
|
|
|
|
flash('重置密碼成功,請重新登入<br>Password reset success. Please login again.')
|
|
|
|
return redirect('/')
|
|
|
|
else:
|
|
|
|
print("ReC Error:", flush=True)
|
|
|
|
flash(
|
|
|
|
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
|
|
|
|
return redirect('/resetPassword')
|
|
|
|
except Exception as e:
|
|
|
|
print("Error:", str(e), flush=True)
|
|
|
|
flash(str(e))
|
|
|
|
return redirect('/resetPassword')
|
2021-09-10 07:30:39 -07:00
|
|
|
|
|
|
|
|
2021-09-12 02:39:09 -07:00
|
|
|
@ app.route('/logout', methods=['GET'])
|
2021-09-09 06:29:31 -07:00
|
|
|
def logout():
|
|
|
|
session.clear()
|
|
|
|
return redirect('/')
|
|
|
|
|
|
|
|
|
2021-09-10 07:30:39 -07:00
|
|
|
if __name__ == '__main__':
|
|
|
|
app.run(debug=True)
|