API tools faq
paste
Guest User

Untitled

a guest
Oct 4th, 2018
188
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.37 KB | None | 0 0
raw download clone embed print report
  1. from flask import request, redirect, render_template, session, flash
  2. import cgi
  3.  
  4. from app import app, db
  5. from models import Movie, User
  6.  
  7. # a list of movie names that nobody should have to watch
  8. terrible_movies = [
  9. "Gigli",
  10. "Star Wars Episode 1: Attack of the Clones",
  11. "Paul Blart: Mall Cop 2",
  12. "Nine Lives",
  13. "Starship Troopers"
  14. ]
  15.  
  16. def get_current_watchlist(user):
  17. return Movie.query.filter_by(watched=False, user_id=user.id).all()
  18.  
  19. def get_watched_movies(user):
  20. return Movie.query.filter_by(watched=True, user_id=user.id).all()
  21.  
  22. @app.route("/login", methods=['GET', 'POST'])
  23. def login():
  24. if request.method == 'GET':
  25. return render_template('login.html')
  26. elif request.method == 'POST':
  27. email = request.form['email']
  28. password = request.form['password']
  29. users = User.query.filter_by(email=email)
  30. if users.count() == 1:
  31. user = users.first()
  32. if password == user.password:
  33. session['user'] = user.email
  34. flash('welcome back, '+user.email)
  35. return redirect("/")
  36. flash('bad username or password')
  37. return redirect("/login")
  38.  
  39. @app.route("/register", methods=['GET', 'POST'])
  40. def register():
  41. if request.method == 'POST':
  42. email = request.form['email']
  43. password = request.form['password']
  44. verify = request.form['verify']
  45. if not is_email(email):
  46. flash('zoiks! "' + email + '" does not seem like an email address')
  47. return redirect('/register')
  48. email_db_count = User.query.filter_by(email=email).count()
  49. if email_db_count > 0:
  50. flash('yikes! "' + email + '" is already taken and password reminders are not implemented')
  51. return redirect('/register')
  52. if password != verify:
  53. flash('passwords did not match')
  54. return redirect('/register')
  55. user = User(email=email, password=password)
  56. db.session.add(user)
  57. db.session.commit()
  58. session['user'] = user.email
  59. return redirect("/")
  60. else:
  61. return render_template('register.html')
  62.  
  63. def is_email(string):
  64. # for our purposes, an email string has an '@' followed by a '.'
  65. # there is an embedded language called 'regular expression' that would crunch this implementation down
  66. # to a one-liner, but we'll keep it simple:
  67. atsign_index = string.find('@')
  68. atsign_present = atsign_index >= 0
  69. if not atsign_present:
  70. return False
  71. else:
  72. domain_dot_index = string.find('.', atsign_index)
  73. domain_dot_present = domain_dot_index >= 0
  74. return domain_dot_present
  75.  
  76. @app.route("/logout", methods=['POST'])
  77. def logout():
  78. del session['user']
  79. return redirect("/")
  80.  
  81. # Create a new route called rate_movie which handles a POST request on /rating-confirmation
  82. @app.route("/rating-confirmation", methods=['POST'])
  83. def rate_movie():
  84. movie_id = request.form['movie_id']
  85. rating = request.form['rating']
  86.  
  87. user_email = session["user"]
  88. user = User.query.filter_by(email=user_email).first()
  89.  
  90. movie = Movie.query.get(movie_id)
  91. if movie not in get_watched_movies(user):
  92. # the user tried to rate a movie that isn't in their list,
  93. # so we redirect back to the front page and tell them what went wrong
  94. error = "'{0}' is not in your Watched Movies list, so you can't rate it!".format(movie)
  95.  
  96. # redirect to homepage, and include error as a query parameter in the URL
  97. return redirect("/?error=" + error)
  98.  
  99. # if we didn't redirect by now, then all is well
  100. movie.rating = rating
  101. db.session.add(movie)
  102. db.session.commit()
  103. return render_template('rating-confirmation.html', movie=movie, rating=rating)
  104.  
  105.  
  106. # Creates a new route called movie_ratings which handles a GET on /ratings
  107. @app.route("/ratings", methods=['GET'])
  108. def movie_ratings():
  109. user = User.get_authed_user(session, "user")
  110. return render_template('ratings.html', movies = get_watched_movies(user))
  111.  
  112. @app.route("/crossoff", methods=['POST'])
  113. def crossoff_movie():
  114. crossed_off_movie_id = request.form['crossed-off-movie']
  115.  
  116. crossed_off_movie = Movie.query.get(crossed_off_movie_id)
  117. if not crossed_off_movie:
  118. return redirect("/?error=Attempt to watch a movie unknown to this database")
  119.  
  120. # if we didn't redirect by now, then all is well
  121. crossed_off_movie.watched = True
  122. db.session.add(crossed_off_movie)
  123. db.session.commit()
  124. return render_template('crossoff.html', crossed_off_movie=crossed_off_movie)
  125.  
  126. @app.route("/add", methods=['POST'])
  127. def add_movie():
  128. # look inside the request to figure out what the user typed
  129. new_movie_name = request.form['new-movie']
  130.  
  131. # get the logged in user
  132. user_email = session["user"]
  133. user = User.query.filter_by(email=user_email).first()
  134.  
  135. if not user:
  136. error = "User not found"
  137. return redirect(f"/?error={error}")
  138.  
  139. # if the user typed nothing at all, redirect and tell them the error
  140. if (not new_movie_name) or (new_movie_name.strip() == ""):
  141. error = "Please specify the movie you want to add."
  142. return redirect("/?error=" + error)
  143.  
  144. # if the user wants to add a terrible movie, redirect and tell them the error
  145. if new_movie_name in terrible_movies:
  146. error = "Trust me, you don't want to add '{0}' to your Watchlist".format(new_movie_name)
  147. return redirect("/?error=" + error)
  148.  
  149. movie = Movie(new_movie_name)
  150. movie.user = user
  151.  
  152. db.session.add(movie)
  153. db.session.commit()
  154. return render_template('add-confirmation.html', movie=movie)
  155.  
  156. @app.route("/")
  157. def index():
  158. encoded_error = request.args.get("error")
  159.  
  160. user_email = session["user"]
  161. user = User.query.filter_by(email=user_email).first()
  162.  
  163. return render_template('edit.html', watchlist=get_current_watchlist(user), error=encoded_error and cgi.escape(encoded_error, quote=True))
  164.  
  165.  
  166. endpoints_without_login = ['login', 'register']
  167.  
  168. @app.before_request
  169. def require_login():
  170. if not ('user' in session or request.endpoint in endpoints_without_login):
  171. return redirect("/register")
  172.  
  173.  
  174. # In a real application, this should be kept secret (i.e. not on github)
  175. # As a consequence of this secret being public, I think connection snoopers or
  176. # rival movie sites' javascript could hijack our session and act as us,
  177. # perhaps giving movies bad ratings - the HORROR.
  178. app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RU'
  179.  
  180. if __name__ == "__main__":
  181. app.run()
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!