TableOrder/Server/Host/flaskApp.py

from Server.DB.handler import Order, User
from flask import Flask, abort,flash, render_template, request, redirect, url_for, jsonify
# create a session to manage the connection to the database 
import time
import configparser


from Server.DB.handler import session, QR
from Server.DB.querys import compare, get, set, add

from flask_login import LoginManager, login_required, login_user, logout_user
from flask_wtf import FlaskForm
from flask_wtf.csrf import CSRFProtect
from wtforms import StringField, PasswordField, SubmitField, BooleanField
from Tools.qrGenerator import generate_QR_Code
import os

config = configparser.ConfigParser()
config.sections()
config.read('Options.ini')

login_manager = LoginManager()

csrf = CSRFProtect()

app = Flask(__name__)
SECRET_KEY = os.urandom(32)
app.config['SECRET_KEY'] = SECRET_KEY
csrf.init_app(app)


login_manager.init_app(app)

#default db values
# create the Base if not present whit default values like admin+password and qr codes.

if config['OTHER']['first_startup'] == 'True':
    print("Please enter a Secure Admin Password:")
    add._create_user('Admin',input())
    config.set('OTHER', 'first_startup', 'False')
    with open('Options.ini', 'w') as configfile:
        config.write(configfile)
    generate_QR_Code()
    

@login_manager.user_loader
def user_loader(username):
    user = User()
    user.id = username 
    print(username, user.id)
    return user



class LoginForm(FlaskForm):
    username = StringField('name')
    password = PasswordField('Password')
    remember_me = BooleanField('Remember Me') #TODO
    submit = SubmitField('Submit')


@app.route("/",)
def view_form():
    return "loaded"

@app.route("/login", methods=['GET','POST'])
def login():
    form = LoginForm()
    if form.validate_on_submit():
        user = user_loader(form.username.data)
        #TODO if username not in User:
        #TODO return if username or pass wrong a red textbox in ui...
        if user and compare.is_user_pass_valid(form.username.data, form.password.data):
            login_user(user) # store user id in session
            
            #TODO url_has_allowed_host_and_scheme should check if the url is safe
            # for redirects, meaning it matches the request host.
            # See Django's url_has_allowed_host_and_scheme for an example.
            # if not url_has_allowed_host_and_scheme(next, request.host):
            #    return abort(400)
            #next = request.args.get('next') is written in documentaion FLASK 
            #return redirect(next, url_for('orders')) # redirect to orders page
            return redirect(url_for('orders')) # redirect to orders page
    return render_template('login.html', form=form)

@app.route("/logout") #TODO make a button
@login_required
def logout():
    logout_user()
    return redirect('/')

@app.route("/orders", methods=['GET','POST'])
@login_required
def orders(): #TODO on new orderGet refresh orders list
    if request.method == 'POST':
        order_id = request.form.get('order_id')
        action = request.form.get('action')  # 'finish' or 'undo'
        
        order = session.get(Order, int(order_id))
        if order: #SQL error handeling just in case
            if action == 'finish':
                order.finished = True
            elif action == 'undo':
                order.finished = False
            session.commit()
            return jsonify(success=True)
        return jsonify(success=False)

    return render_template('orders.html', orders=get.all_orders())

@app.route("/order_get", methods=['GET','POST'])
def order_get():
    desk= 1

    #POST order
    if request.method == 'POST' and config['SETTINGS']['lockqrcode_whit_secret'] == True:
        ordered_list = []
        desk = request.form['desk']
        form = request.form
        for key in form:
            if key.startswith('order-name.'):
                name = key.partition('.')[-1]
                value = request.form[key]
                ordered_list.append([value,name])

        # Adding order to DB        
        if compare.process_main(ordered_list, desk):
            return '<h1>your order got ressived!</h1>'
        return '<h1>your order coudnt be ressived try again Error:SQL </h1>'

    # Veriefie if auth or not from GET     
    elif request.method == 'GET':
        desk = int(request.args['desk'])
        secret = int(request.args['secret'])
        try:#TODO FIX! #Feature = True #TODO:Encryption Salting hasing and anti rainbow attack for qr code?? (needed?) 
            if config['SETTINGS']['lockqrcode_whit_secret'] and compare.is_QRSecret_valid(desk,secret):
                return render_template('index.html', desk=desk, MAX_DESKS=config['DEFAULT']['max_desks'], orderableItems = get.valid_products(get_json_=True))
            elif config['SETTINGS']['lockqrcode_whit_secret'] == False:
                return render_template('index.html', desk=desk, MAX_DESKS=config['DEFAULT']['max_desks'],orderableItems = get.valid_products(get_json_=True))
            return '<h1>404 wrong Secret?</h1>' #TODO Make the HTML prettier for all 
        except:
            return '<h1>Server/code issue?</h1>'
    elif config['SETTINGS']['lockqrcode_whit_secret'] == True:
        return '<h1>your LOCKQRCODE is invalid.</h1>'
    else:
        return render_template('index.html',desk=desk, MAX_DESKS=config['DEFAULT']['max_desks'],orderableItems = get.valid_products(get_json_=True))

app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///db.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False