-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.py
125 lines (97 loc) · 3.52 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
import os
import urllib
from hashlib import md5
from google.appengine.ext import db, webapp
from google.appengine.ext.webapp import template
from google.appengine.ext.webapp.util import run_wsgi_app
from gaesessions import get_current_session
# Let's create our own simple users model to store the user's data and password hash
class MyUser(db.Model):
email = db.EmailProperty()
display_name = db.StringProperty()
password_hash = db.StringProperty()
# and any other application specific data:
past_view_count = db.IntegerProperty(default=0)
# A few helpful functions to keep the usage simple
def redirect_with_msg(h, msg, dst='/'):
get_current_session()['msg'] = msg
h.redirect(dst)
def render_template(h, file, template_vals):
path = os.path.join(os.path.dirname(__file__), 'templates', file)
h.response.out.write(template.render(path, template_vals))
def login_required(handler_method, *args):
def check_login(self, *args):
session = get_current_session()
if not session.has_key('me'):
self.redirect('/login')
return
else:
handler_method(self, *args)
return check_login
# The handlers for web pages
class MainPage(webapp.RequestHandler):
@login_required
def get(self):
d = dict()
session = get_current_session()
if session.has_key('msg'):
d['msg'] = session['msg']
del session['msg'] # only show the flash message once
if session.has_key('me'):
d['user'] = session['me'] # THIS IS THE SERIALIZED DATASTORE USER OBJECT, SESSION IS SECURE!
if session.has_key('pvsli'):
session['pvsli'] += 1
else:
session['pvsli'] = 0
d['num_now'] = session['pvsli']
render_template(self, "index.html", d)
class LoginPage(webapp.RequestHandler):
"""This page displays the login dialog"""
def get(self):
d = {}
session = get_current_session()
if session.has_key('msg'):
d['msg'] = session['msg']
del session['msg'] # only show the flash message once
render_template(self, 'login.html', d)
class PasswordCheck(webapp.RequestHandler):
"""This page receive the POST with login+password (it should always be accessed with SSL: app.yaml secure)"""
def post(self):
email = self.request.get('email')
pas = md5( self.request.get('pas') ).hexdigest()
display_name='Web user'
# Here should be a true test for validity of the email and password (via a query to the database)
user = MyUser.get_by_key_name(email)
if not user:
# In this moment we are creating all non-existing users
user = MyUser(key_name=email, email=email, display_name=display_name, password_hash=pas)
user.put()
if user.password_hash != pas:
redirect_with_msg(self, 'Wrong password', '/login')
return
session = get_current_session()
if session.is_active():
session.terminate()
session['me'] = user
session['pvsli'] = 0 # pages viewed since logging in
redirect_with_msg(self, 'success!')
class LogoutPage(webapp.RequestHandler):
def get(self):
session = get_current_session()
if session.has_key('me'):
# update the user's record with total views
user = session['me']
user.past_view_count += session['pvsli']
user.put()
session.terminate()
redirect_with_msg(self, 'Logout complete: goodbye ' + user.display_name)
else:
redirect_with_msg(self, "How silly, you weren't logged in")
# The WSGI Application
application = webapp.WSGIApplication([('/', MainPage),
('/login', LoginPage),
('/logout', LogoutPage),
('/password_check', PasswordCheck), # should be on SSL!!!
])
def main(): run_wsgi_app(application)
if __name__ == '__main__': main()