from flask import Flask, render_template, request, redirect, url_for, flash, send_from_directory from flask_login import LoginManager, UserMixin, login_user, login_required, current_user, logout_user from werkzeug.utils import secure_filename from werkzeug.security import generate_password_hash, check_password_hash import os from uuid import uuid4 import requests from config import Config from geopy.geocoders import Nominatim from forms import * from db import mongo geolocator = Nominatim(user_agent="Bachemapa @ baches.qro.mx") def create_app(config=Config): app = Flask(__name__) app.config.from_object(config) mongo.init_app(app) login_manager = LoginManager(app) login_manager.session_protection = "strong" @app.route('/', methods=['GET', 'POST']) def index(): if request.method == 'GET': form = PinForm() pins = mongo.db.pins.find() return render_template('index.html', pins=pins, form=form) else: form = request.form try: photo = request.files["photo"] except Exception as e: print(e) if photo and allowed_file(photo.filename): #try: filename = secure_filename(photo.filename) filepath = os.path.join(app.config['UPLOAD_FOLDER'], filename) photo.save(filepath) pin = { 'time': datetime.now(), 'photo': filepath, 'lat': request.form['lat'], 'lng': request.form['lng'], 'typeofpin': request.form['typeofpin'], 'added_by': current_user.id, 'description': request.form['description'], 'address': str(geolocator.reverse(str(request.form['lat'])+ ", "+request.form['lng'])) } print(geolocator.reverse(str(request.form['lat'])+ ", "+request.form['lng'])) mongo.db.pins.insert_one(pin) flash('¡Gracias por tu aportación!') return redirect(url_for('index')) else: return allowed_file(photo.filename), 404 @app.route('/quienes') def quienes(): return render_template('quienes.html') @app.route('/uploads/') def download_file(name): return send_from_directory(app.config["UPLOAD_FOLDER"], name) @login_manager.user_loader def load_user(user_id): return User.get(user_id) @app.route('/registrame/', methods=['GET', 'POST']) def registrame(referral_code): inviter = mongo.db.users.find_one({"referral_code": referral_code}) if not inviter: message = "Ooops, parece que nadie te invitó aquí" return render_template('error.html', message = message), 406 if request.method == 'POST': username = request.form['username'] pwd = request.form['pwd'] new_user_data = { "username": username, "pwd": generate_password_hash(pwd), "referral_code": str(uuid4()), "invited_by": str(inviter['_id']), "is_admin": False } new_user_id = mongo.db.users.insert_one(new_user_data).inserted_id invite_link = url_for('registrame', referral_code=new_user_data['referral_code'], _external=True) login_user(load_user(new_user_id)) return redirect(url_for('index')) #return render_template('dashboard.html', invite_link=invite_link) if request.method == 'GET': return render_template('register.html', form=RegistrationForm()) @app.route('/thelogin', methods=['GET', 'POST']) def thelogin(): form2 = LoginForm() if request.method == 'POST': username = request.form['username'] pwd = request.form['pwd'] user_data = mongo.db.users.find_one({"username": username}) if user_data and check_password_hash(user_data['pwd'], pwd): user = User(user_data) login_user(user) return redirect(url_for('index')) else: return render_template('login.html', messages = 'Ooops, no hay tal usuario', form=form2) return render_template('login.html',form=form2) @app.route('/logout') @login_required def logout(): logout_user() flash('Cerraste sesión exitosamente') return redirect('/') @app.route('/desheredame/') @login_required def desheredame(user_id): if not current_user.is_admin: return redirect(url_for('index')) else: user_to_remove = mongo.db.users.find_one({"_id": ObjectId(user_id)}) if not user_to_remove: message = "A este ya me lo desheredaron" return render_template('error.html', message=message), 404 else: # invited_by es un string con el user id, pero para eliminar a un usuario por id, ocupamos el ObjectId(string del user id) # encontrando todos los usuarios invitados por el traidor para eliminar todos los pines que pusieron for user in mongo.db.users.find({'invited_by': user_to_remove.id}): mongo.db.pins.delete_many({"added_by": user.id}) # luego eliminamos a todos los usuarios cuyos pines acabamos de eliminar mongo.db.users.delete_many({"invited_by": user_id}) #eliminamos los pines del usuario infractor mongo.db.pins.delete_many({"added_by": user_to_remove.id}) # finalmente, eliminamos al usuario infractor mongo.db.users.delete_one({"_id": ObjectId(user_id)}) return redirect(url_for('dashboard')) @app.route("/remove_pin/") @login_required def remove_pin(pin_id): actual_pin = mongo.db.pins.find_one({"_id": ObjectId(pin_id)}) print(actual_pin) added_by = actual_pin.get("added_by") print(added_by) print(current_user.id) if current_user.is_admin or current_user.id == added_by: mongo.db.pins.delete_one({"_id": ObjectId(pin_id)}) return redirect(url_for('dashboard')) else: return redirect(url_for('index')) @app.route('/dashboard') @login_required def dashboard(): if request.method == 'GET': if not current_user.is_authenticated: return redirect(url_for('thelogin')) if not current_user.is_admin: pins = list(mongo.db.pins.find({"added_by": current_user.id})) invite_code = str(uuid4()) qr_update = mongo.db.users.update_one({'_id': ObjectId(current_user.id)}, {'$set': {'referral_code': invite_code}}) print(qr_update) return render_template('dashboard.html', pins=pins, invite_code=invite_code) if current_user.is_admin: users = list(mongo.db.users.find()) pins = list(mongo.db.pins.find()) invite_code = str(uuid4()) qr_update = mongo.db.users.update_one({'_id': ObjectId(current_user.id)}, {'$set': {'referral_code': invite_code}}) print(qr_update) return render_template('dashboard.html', users=users, pins=pins, invite_code=invite_code) #if request.method == 'POST': # pass @app.cli.command('add_user') def add_user(): username = input("Enter Username:\n") pwd = input("Add pass:\n") admin_user = { "username": username, "pwd": generate_password_hash(pwd), "referral_code": str(uuid4()), "invited_by": None, "is_admin": True } mongo.db.users.insert_one(admin_user) print(f"Admin {username} added! Referral code is {admin_user['referral_code']}") return app app=create_app() if __name__ == '__main__': app.run(debug=True)