login added

server/app.py

@@ -1,9 +1,11 @@
 # server/app.py
-from flask import Flask, request, jsonify, render_template, redirect, url_for, send_from_directory
+from flask import Flask, request, jsonify, render_template, redirect, url_for, session
 from flask_talisman import Talisman
 import os
+from security import validate_user, identify_uploader
 
 app = Flask(__name__, template_folder='../templates')
+app.secret_key = 'super_secret_key'  # Change this to a more secure key for production
 Talisman(app)
 
 RECEIVED_FILES_DIR = "../assets"
@@ -16,33 +18,58 @@ uploaded_images = []
 
 @app.route('/')
 def index():
+    if 'username' not in session:
+        return redirect(url_for('login'))
     return render_template("index.html")
 
+@app.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        if validate_user(username, password):
+            session['username'] = username
+            return redirect(url_for('index'))
+        else:
+            return "Invalid credentials. Please try again.", 403
+    return render_template("login.html")
+
+@app.route('/logout')
+def logout():
+    session.pop('username', None)
+    return redirect(url_for('login'))
+
 @app.route('/upload/link', methods=['POST'])
 def upload_link():
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
     data = request.form
-    if 'link' not in data or 'uploader' not in data:
-        return jsonify({"error": "Link and uploader's name are required"}), 400
+    if 'link' not in data:
+        return jsonify({"error": "No link provided"}), 400
     
-    link_info = {'link': data['link'], 'uploader': data['uploader']}
+    uploader = identify_uploader()
+    link_info = {'link': data['link'], 'uploader': uploader}
     uploaded_links.append(link_info)
     
     with open(os.path.join(RECEIVED_FILES_DIR, "links.txt"), "a") as f:
-        f.write(f"{data['uploader']}: {data['link']}\n")
+        f.write(f"{uploader}: {data['link']}\n")
 
     return redirect(url_for('index'))
 
 @app.route('/upload/image', methods=['POST'])
 def upload_image():
-    if 'file' not in request.files or 'uploader' not in request.form:
-        return jsonify({"error": "File and uploader's name are required"}), 400
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
+    if 'file' not in request.files:
+        return jsonify({"error": "No file provided"}), 400
 
     file = request.files['file']
-    uploader = request.form['uploader']
-    
     if file.filename == '':
         return jsonify({"error": "No selected file"}), 400
 
+    uploader = identify_uploader()
     save_path = os.path.join(RECEIVED_FILES_DIR, file.filename)
     file.save(save_path)
     
@@ -52,6 +79,9 @@ def upload_image():
 
 @app.route('/uploads')
 def view_uploads():
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
     return render_template("uploads.html", links=uploaded_links, images=uploaded_images)
 
 @app.route('/assets/<filename>')
@@ -60,11 +90,13 @@ def get_image(filename):
 
 @app.route('/rename/<filename>', methods=['POST'])
 def rename_file(filename):
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
     new_name = request.form.get('new_name')
     if new_name and os.path.exists(os.path.join(RECEIVED_FILES_DIR, filename)):
         os.rename(os.path.join(RECEIVED_FILES_DIR, filename), os.path.join(RECEIVED_FILES_DIR, new_name))
         
-        # Update internal records
         for image in uploaded_images:
             if image['filename'] == filename:
                 image['filename'] = new_name
@@ -75,4 +107,3 @@ def rename_file(filename):
 
 if __name__ == '__main__':
     app.run(host='0.0.0.0', port=5000, ssl_context='adhoc')
-