voldemort/CDRM-Project
1
0
Fork 0
forked from tpd94/CDRM-Project
Code Pull Requests Activity

Compare commits

base: voldemort:c82e493ef1e5179f9285e40245de0017b7be8391
Branches Tags
voldemort:main
voldemort:github
tpd94:main
tpd94:github
voldemort:2.31
voldemort:2.3
voldemort:2.2
tpd94:2.2
tpd94:2.3
tpd94:2.31
...
compare: voldemort:8940d57b252116b42ce7aa2208f33ef538797349
Branches Tags
voldemort:main
voldemort:github
tpd94:main
tpd94:github
voldemort:2.31
voldemort:2.3
voldemort:2.2
tpd94:2.2
tpd94:2.3
tpd94:2.31

2 Commits
c82e493ef1 ... 8940d57b25

Author SHA1 Message Date
voldemort
8940d57b25 Enhance registration process by adding input validation for username and password length, improve error handling for missing JSON data, and include API key in successful registration response. 2025-07-23 01:42:33 +07:00
voldemort
c756361da0 Add module docstrings to login routes for improved documentation and clarity; streamline login status check 2025-07-23 01:42:17 +07:00
2 changed files with 38 additions and 31 deletions
Show Stats Expand all files Collapse all files

43
routes/login.py
View File

@ -1,3 +1,5 @@
"""Module to handle the login process."""
from flask import Blueprint, request, jsonify, session from flask import Blueprint, request, jsonify, session
from custom_functions.database.user_db import verify_user from custom_functions.database.user_db import verify_user
@ -9,37 +11,32 @@ login_bp = Blueprint(
@login_bp.route("/login", methods=["POST"]) @login_bp.route("/login", methods=["POST"])
def login(): def login():
if request.method == "POST": """Handle the login process."""
data = request.get_json() data = request.get_json()
for required_field in ["username", "password"]: for required_field in ["username", "password"]:
if required_field not in data: if required_field not in data:
return ( return (
jsonify({"error": f"Missing required field: {required_field}"}), jsonify({"error": f"Missing required field: {required_field}"}),
400, 400,
) )
if verify_user(data["username"], data["password"]): if verify_user(data["username"], data["password"]):
session["username"] = data[ session["username"] = data[
"username" "username"
].lower() # Stored securely in a signed cookie ].lower() # Stored securely in a signed cookie
return jsonify({"message": "Successfully logged in!"}) return jsonify({"message": "Successfully logged in!"})
else: return jsonify({"error": "Invalid username or password!"}), 401
return jsonify({"error": "Invalid username or password!"}), 401
@login_bp.route("/login/status", methods=["POST"]) @login_bp.route("/login/status", methods=["POST"])
def login_status(): def login_status():
try: """Check if the user is logged in."""
username = session.get("username") username = session.get("username")
if username: return jsonify({"message": "True" if username else "False"})
return jsonify({"message": "True"})
else:
return jsonify({"message": "False"})
except:
return jsonify({"message": "False"})
@login_bp.route("/logout", methods=["POST"]) @login_bp.route("/logout", methods=["POST"])
def logout(): def logout():
"""Logout the user."""
session.pop("username", None) session.pop("username", None)
return jsonify({"message": "Successfully logged out!"}) return jsonify({"message": "Successfully logged out!"})

26
routes/register.py
View File

@ -1,7 +1,9 @@
"""Module to handle the register process."""
import re import re
import uuid
from flask import Blueprint, request, jsonify from flask import Blueprint, request, jsonify
from custom_functions.database.user_db import add_user from custom_functions.database.user_db import add_user
import uuid
register_bp = Blueprint("register_bp", __name__) register_bp = Blueprint("register_bp", __name__)
@ -11,20 +13,26 @@ PASSWORD_REGEX = re.compile(r"^\S+$")
@register_bp.route("/register", methods=["POST"]) @register_bp.route("/register", methods=["POST"])
def register(): def register():
if request.method != "POST": """Handle the register process."""
return jsonify({"error": "Method not supported"}), 405
data = request.get_json() data = request.get_json()
if data is None:
return jsonify({"error": "Invalid or missing JSON in request body."}), 400
# Check required fields # Check required fields
for required_field in ["username", "password"]: for required_field in ["username", "password"]:
if required_field not in data: if required_field not in data:
return jsonify({"error": f"Missing required field: {required_field}"}), 400 return jsonify({"error": f"Missing required field: {required_field}"}), 400
username = data["username"] username = data["username"].lower()
password = data["password"] password = data["password"]
api_key = str(uuid.uuid4()) api_key = str(uuid.uuid4())
# Length checks
if not (3 <= len(username) <= 32):
return jsonify({"error": "Username must be 3-32 characters."}), 400
if not (8 <= len(password) <= 128):
return jsonify({"error": "Password must be 8-128 characters."}), 400
# Validate username and password # Validate username and password
if not USERNAME_REGEX.fullmatch(username): if not USERNAME_REGEX.fullmatch(username):
return ( return (
@ -41,6 +49,8 @@ def register():
# Attempt to add user # Attempt to add user
if add_user(username, password, api_key): if add_user(username, password, api_key):
return jsonify({"message": "User successfully registered!"}), 201 return (
else: jsonify({"message": "User successfully registered!", "api_key": api_key}),
return jsonify({"error": "User already exists!"}), 409 201,
)
return jsonify({"error": "User already exists!"}), 409