# API key = 1Z5ZDW86BILY5Z6Vimport osfrom cs50 import SQLfrom flask im

1. # API key = 1Z5ZDW86BILY5Z6V
2.  
3. import os
4.  
5. from cs50 import SQL
6. from flask import Flask, flash, redirect, render_template, request, session
7. from flask_session import Session
8. from tempfile import mkdtemp
9. from werkzeug.exceptions import default_exceptions
10. from werkzeug.security import check_password_hash, generate_password_hash
11.  
12. from helpers import apology, login_required, lookup, usd
13.  
14. # Ensure environment variable is set
15. if not os.environ.get("API_KEY"):
16. raise RuntimeError("API_KEY not set")
17.  
18. # Configure application
19. app = Flask(__name__)
20.  
21. # Ensure templates are auto-reloaded
22. app.config["TEMPLATES_AUTO_RELOAD"] = True
23.  
24. # Ensure responses aren't cached
25. @app.after_request
26. def after_request(response):
27. response.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
28. response.headers["Expires"] = 0
29. response.headers["Pragma"] = "no-cache"
30. return response
31.  
32. # Custom filter
33. app.jinja_env.filters["usd"] = usd
34.  
35. # Configure session to use filesystem (instead of signed cookies)
36. app.config["SESSION_FILE_DIR"] = mkdtemp()
37. app.config["SESSION_PERMANENT"] = False
38. app.config["SESSION_TYPE"] = "filesystem"
39. Session(app)
40.  
41. # Configure CS50 Library to use SQLite database
42. db = SQL("sqlite:///finance.db")
43.  
44.  
45. @app.route("/")
46. @login_required
47. def index():
48. """Show portfolio of stocks"""
49. return apology("TODO")
50.  
51.  
52. @app.route("/buy", methods=["GET", "POST"])
53. @login_required
54. def buy():
55. """Buy shares of stock"""
56.  
57. # If user is inputting to form, execute the following
58. if request.method == "POST":
59.  
60. # Retrieve information for given symbol and integer value of number of shares
61. quote = lookup(request.form.get("symbol"))
62.  
63. # Retrive number of shares desired by user
64. # Number type in HTML ensures that input is an integer value
65. quantity = int(request.form.get("shares"))
66.  
67. # If symbol not found (ie invalid), return apology
68. if not quote:
69. return apology("Symbol not valid", 404)
70.  
71. # Return apology is value is not a positive integer
72. elif quantity < 0:
73. return apology("Invalid number of shares", 404)
74.  
75. # Determine price of shares that are intended tobe purchased
76. purchase = quote["price"] * quantity
77.  
78. # Retrieve cash available for user
79. row = db.execute("SELECT cash FROM users WHERE id = 5")
80.  
81. # Check if user has enough cash, if not return apology
82. if row[0]["cash"] < purchase:
83. return apology("Not enough cash", 403)
84.  
85. db.execute("UPDATE users SET cash = cash - :p WHERE id = 1", p=purchase)
86. db.execute("UPDATE shares SET stock = :s WHERE id = 1", s = quote['symbol'])
87. db.execute("UPDATE shares SET quantity = :q WHERE id = 1", q = quantity)
88. else:
89. return render_template("buy.html")
90.  
91. @app.route("/history")
92. @login_required
93. def history():
94. """Show history of transactions"""
95. return apology("TODO")
96.  
97.  
98. @app.route("/login", methods=["GET", "POST"])
99. def login():
100. """Log user in"""
101.  
102. # Forget any user_id
103. session.clear()
104.  
105. # User reached route via POST (as by submitting a form via POST)
106. if request.method == "POST":
107.  
108. # Ensure username was submitted
109. if not request.form.get("username"):
110. return apology("must provide username", 403)
111.  
112. # Ensure password was submitted
113. elif not request.form.get("password"):
114. return apology("must provide password", 403)
115.  
116. # Query database for username
117. rows = db.execute("SELECT * FROM users WHERE username = :username",
118. username=request.form.get("username"))
119.  
120. # Ensure username exists and password is correct
121. if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
122. return apology("invalid username and/or password", 403)
123.  
124. # Remember which user has logged in
125. session["user_id"] = rows[0]["id"]
126.  
127. # Redirect user to home page
128. return redirect("/")
129.  
130. # User reached route via GET (as by clicking a link or via redirect)
131. else:
132. return render_template("login.html")
133.  
134.  
135. @app.route("/logout")
136. def logout():
137. """Log user out"""
138.  
139. # Forget any user_id
140. session.clear()
141.  
142. # Redirect user to login form
143. return redirect("/")
144.  
145. @app.route("/quote", methods=["GET", "POST"])
146. @login_required
147. def quote():
148. """Get stock quote."""
149. if request.method == "POST":
150. quote = lookup(request.form.get("symbol"))
151.  
152. if not quote:
153. return apology("Symbol not valid", 404)
154.  
155. return render_template("quoted.html", price = quote["price"], symbol = quote["symbol"])
156.  
157. else:
158. return render_template("quote.html")
159.  
160.  
161. @app.route("/register", methods=["GET", "POST"])
162. def register():
163. """Register user"""
164.  
165. session.clear()
166.  
167. #User reached route via POST (as by submitting a form via POST)
168. if request.method == "POST":
169.  
170. # Ensure username was submitted
171. if not request.form.get("username"):
172. return apology("must provide username", 403)
173.  
174. # Ensure password was submitted
175. elif not request.form.get("password"):
176. return apology("must provide password", 403)
177.  
178. # Ensure passwords match
179. elif request.form.get("password") != request.form.get("confirmation"):
180. return apology("Passwords must match")
181.  
182. # Hash password
183. hashpassword = generate_password_hash(request.form.get("password"))
184.  
185. # Add username and password to database
186. result = db.execute("INSERT INTO users (username, hash) VALUES(:username, :hash)",
187. username = request.form.get("username"), hash = hashpassword)
188.  
189. # Return apology is username is not unique in database
190. if not result:
191. return apology("Username already taken")
192.  
193. # Query database for username
194. rows = db.execute("SELECT * FROM users WHERE username = :username",
195. username = request.form.get("username"))
196.  
197. # Once registered, store their id in session
198. session["user_id"] = rows[0]["id"]
199.  
200. # Redirect user to home page
201. return redirect("/")
202.  
203. # User reached route via GET (as by clicking a link or via redirect)
204. else:
205. return render_template("register.html")
206.  
207.  
208. @app.route("/sell", methods=["GET", "POST"])
209. @login_required
210. def sell():
211. """Sell shares of stock"""
212. return apology("TODO")
213.  
214. def errorhandler(e):
215. """Handle error"""
216. return apology(e.name, e.code)
217.  
218.  
219. # listen for errors
220. for code in default_exceptions:
221. app.errorhandler(code)(errorhandler)