Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from functools import wraps
- from tornado.database import Connection
- from gevent import monkey
- from gevent.event import Event
- from gevent.wsgi import WSGIServer
- import config
- from forms import LoginForm
- from flask import Flask, g, jsonify, render_template, request, session, redirect, \
- url_for, flash
- monkey.patch_socket()
- debug = True
- app = Flask(__name__)
- app.config.from_object(__name__)
- app.config.from_object(config)
- class Room(object):
- def __init__(self):
- self.messages = []
- self.event = Event()
- def add_message(self, message):
- self.messages.append(message)
- self.event.set()
- self.event.clear()
- def wait(self):
- self.event.wait()
- def get_messages(self):
- return self.messages
- room = Room()
- def admin_required(f):
- @wraps(f)
- def decorated(*args, **kwargs):
- auth = session.get('auth', None)
- if not auth or not auth['is_staff']:
- return redirect(url_for('admin_login'))
- return f(*args, **kwargs)
- return decorated
- @app.before_request
- def connect_db():
- g.db = Connection(config.DB_HOST,
- config.DB_NAME,
- config.DB_USER,
- config.DB_PASSWD)
- @app.after_request
- def close_connection(response):
- g.db.close()
- return response
- @app.route("/")
- def index():
- """
- Display the page containing chat room
- """
- return render_template("index.html", messages=room.get_messages())
- @app.route("/new/", methods=("POST",))
- def new_message():
- """
- Create a new message
- """
- body = request.form['body'].strip()
- if body:
- room.add_message(body)
- return jsonify(success=True)
- @app.route("/update/", methods=("POST",))
- def update_messages():
- """
- Return list of updated messages
- """
- room.wait()
- return jsonify(messages=room.get_messages())
- @app.route("/admin/", methods=("POST","GET"))
- @admin_required
- def admin():
- """
- back end main admin page
- """
- return render_template("admin_index.html")
- @app.route("/admin/login", methods=("POST", "GET",))
- def admin_login():
- """
- Admin login page
- """
- form = LoginForm(request.form)
- error = None
- if request.method == "POST":
- if not form.validate():
- error = "Enter a username or password"
- else:
- import pdb
- # unsanitized data!
- user = g.db.get("select * from live_user where username='%s' and password='%s'" % (form.username.data, form.password.data,))
- if not user:
- error = "Invalid username of password"
- elif not user['is_active']:
- error = "Account is disabled"
- elif not user['is_staff']:
- error = "You do not have permission to access area of the site"
- else:
- flash("Login successful")
- session['auth'] = {
- 'id':user.id,
- 'is_staff':user.is_staff,
- 'first_name':user.first_name
- }
- return redirect(url_for('admin'))
- return render_template("login.html", error=error, form=form)
- @app.route("/admin/logout", methods=("GET",))
- def admin_logout():
- """
- Admin logout
- """
- session.pop('auth', None)
- return redirect(url_for('admin_login'))
- app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
- if __name__ == "__main__":
- WSGIServer(('', 8080), app.wsgi_app).serve_forever()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement