#!/usr/bin/env python # -*- coding: utf-8 import os import datetime import bcrypt import binascii import math import psycopg2 from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash from flask_sqlalchemy import SQLAlchemy from functools import wraps ######################################################################## # App settings ######################################################################## app = Flask(__name__) app.config.from_pyfile('config.py') app.secret_key = '446307a5f61c2bb810436b2ee0f903f2' app.debug = True app.static_url_path='/static' db = SQLAlchemy(app) ######################################################################## # Database ######################################################################## class Stock_users(db.Model): id = db.Column(db.Integer, primary_key=True) mail = db.Column(db.Text, nullable=False) password = db.Column(db.Text, nullable=False) name = db.Column(db.Text, nullable=False) class Stock_componants(db.Model): id = db.Column(db.Integer, primary_key=True) reference = db.Column(db.Text, nullable=False) designation = db.Column(db.Text, nullable=False) last_price = db.Column(db.Float) mean_price = db.Column(db.Float) quantity = db.Column(db.Integer) min_quantity = db.Column(db.Integer) place = db.Column(db.Text, nullable=False) provider_id = db.Column(db.Integer, nullable=False) class Stock_providers(db.Model): id = db.Column(db.Integer, primary_key=True) name = db.Column(db.Text, nullable=False) address = db.Column(db.Text) mail = db.Column(db.Text) url = db.Column(db.Text) comment = db.Column(db.Text) class Stock_kits(db.Model): id = db.Column(db.Integer, primary_key=True) name = db.Column(db.Text, nullable=False) designation = db.Column(db.Text, nullable=False) class Stock_kit_compositions(db.Model): id = db.Column(db.Integer, primary_key=True) kit_id = db.Column(db.Integer, db.ForeignKey('Stock_kits.id'), nullable=False) componant_id = db.Column(db.Integer, db.ForeignKey('Stock_componants.id'), nullable=False) quantity = db.Column(db.Integer, nullable=False) price = db.Column(db.Integer, nullable=False) class Stock_orders(db.Model): id = db.Column(db.Integer, primary_key=True) componant_id = db.Column(db.Integer, db.ForeignKey('Stock_componants.id')) componant_quantity = db.Column(db.Integer, nullable=False) date = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow) injected = db.Column(db.Boolean, nullable=False, default=False) def sync_cookies(response, session): """ Sync cookies from session """ for key in session: response.set_cookie(key, value=str(session[key])) if key != u'session': print '[c]', key, session[key] def sync_session(request, session, offset_reset): """ Sync session with cookies""" for key in request.cookies: try: old = str(session[key]) session[key] = int(str(request.cookies[key].encode('utf8'))) except ValueError: # Value is not an int, will be treated as string session[key] = str(request.cookies[key].encode('utf8')) except KeyError: # Key does not exist in session try: session[key] = int(str(request.cookies[key].encode('utf8'))) except ValueError: # Value is not an int, will be treated as string session[key] = str(request.cookies[key].encode('utf8')) if key in offset_reset and len(str(session[key])) > 0 and old != str(session[key]): session['c_offset'] = 0 session['p_offset'] = 0 session['k_offset'] = 0 if key != u'session': print '[s]', key, request.cookies[key] def check_user(request, session): """ Check user credentials """ if session['token'] and request.cookies['token']: if len(session['token']) > 0 and len(request.cookies['token']) > 0: if session['token'] == request.cookies['token']: return True return False if 'login' not in request.cookies or 'password' not in request.cookies: return False if request.cookies['login'] and request.cookies['password']: if request.cookies['login'] > 0 and request.cookies['password'] > 0: hashed = Stock_users.query.filter_by(mail=request.cookies['login']).with_entities(Stock_users.password).first() if hashed is None: # User is unknown return False password = request.cookies['password'].encode('utf8') hashed = hashed[0].encode('utf8') if bcrypt.checkpw(password, hashed): session['password'] = '' session['login'] = '' session['token'] = binascii.hexlify(os.urandom(42)) return True # Password mismatch return False def resume_session(func): @wraps(func) def check(*args, **kwargs): # Motherfuckin' bunch of defaults values empty=u'' limit = 10 offset = 0 page = 1 nexthop = offset + limit prevhop = offset order = u'asc' order_refresh = 0 c_sort = u'reference' c_provider = 0 c_count = 0 p_sort = u'name' p_count = 0 k_sort = u'name' k_count = 0 offset_reset = [u'c_reference', u'c_designation', u'c_place', u'c_provider', u'p_name', u'p_address', u'p_mail', u'p_url', u'k_name', u'k_designation'] if not u'token' in session: session[u'token'] = empty if not u'password' in session: session[u'password'] = empty if not u'login' in session: session[u'login'] = empty if not u'session' in session: session[u'session'] = empty if not u'c_limit' in session: session[u'c_limit'] = limit if not u'c_offest' in session: session[u'c_offset'] = offset if not u'c_sort' in session: session['c_sort'] = c_sort if not u'c_order' in session: session[u'c_order'] = order if not u'c_order_refresh' in session: session[u'c_order_refresh'] = order_refresh if not u'c_page' in session: session[u'c_page'] = page if not u'c_nexthop' in session: session[u'c_nexthop'] = nexthop if not u'c_prevhop' in session: session['c_prevhop'] = prevhop if not u'c_reference' in session: session[u'c_reference'] = empty if not u'c_designation' in session: session[u'c_designation'] = empty if not u'c_place' in session: session[u'c_place'] = empty if not u'c_provider' in session: session[u'c_provider'] = c_provider if not u'c_count' in session: session[u'c_count'] = c_count if not u'p_sort' in session: session[u'p_sort'] = p_sort if not u'p_order' in session: session[u'p_order'] = order if not u'p_order_refresh' in session: session[u'p_order_refresh'] = order_refresh if not u'p_page' in session: session[u'p_page'] = page if not u'p_nexthop' in session: session[u'p_nexthop'] = nexthop if not u'p_prevhop' in session: session[u'p_prevhop'] = prevhop if not u'p_offset' in session: session[u'p_offset'] = offset if not u'p_limit' in session: session[u'p_limit'] = limit if not u'p_name' in session: session[u'p_name'] = empty if not u'p_address' in session: session[u'p_address'] = empty if not u'p_mail' in session: session[u'p_mail'] = empty if not u'p_url' in session: session[u'p_url'] = empty if not u'p_comment' in session: session[u'p_comment'] = empty if not u'p_count' in session: session['p_count'] = p_count if not u'k_sort' in session: session[u'k_sort'] = k_sort if not u'k_order' in session: session[u'k_order'] = order if not u'k_order_refresh' in session: session[u'k_order_refresh'] = order_refresh if not u'k_page' in session: session[u'k_page'] = page if not u'k_nexthop' in session: session[u'k_nexthop'] = nexthop if not u'k_prevhop' in session: session[u'k_prevhop'] = prevhop if not u'k_offset' in session: session[u'k_offset'] = offset if not u'k_limit' in session: session[u'k_limit'] = limit if not u'k_name' in session: session[u'k_name'] = empty if not u'k_address' in session: session[u'k_address'] = empty if not u'k_mail' in session: session[u'k_mail'] = empty if not u'k_url' in session: session[u'k_url'] = empty if not u'k_designation' in session: session[u'k_designation'] = empty if not u'k_count' in session: session[u'k_count'] = k_count # Cookies/session sync sync_session(request, session, offset_reset) # Switch sort order refresh = {u'desc': u'asc', u'asc': u'desc'} if session[u'c_order_refresh'] == 1: session[u'c_order'] = refresh[session[u'c_order']] session[u'c_order_refresh'] = 0 if session[u'p_order_refresh'] == 1: session[u'p_order'] = refresh[session[u'p_order']] session[u'p_order_refresh'] = 0 if session[u'k_order_refresh'] == 1: session[u'k_order'] = refresh[session[u'k_order']] session[u'k_order_refresh'] = 0 # Check for valid session if not check_user(request, session): # User is not logged in, send him back to login page return render_template('login.html') # Everything's fine return func(*args, **kwargs) return check ######################################################################## # Routes ######################################################################## @app.errorhandler(404) def page_not_found(e): return render_template('error.html'), 404 @app.route("/", methods=['GET', 'POST']) @resume_session def authenticate(): response = app.make_response(render_template('index.html')) sync_cookies(response, session) return response ######################################################################## # Componants ######################################################################## @app.route('/componants', methods=['GET', 'POST']) @resume_session def componants(): """ Main page """ providers = Stock_providers.query.order_by(Stock_providers.id).all() return render_template('componants.html', providers=providers, reference=session[u'c_reference'].decode('utf8'), designation=session[u'c_designation'].decode('utf8'), place=session[u'c_place'].decode('utf8'), provider_id=session[u'c_provider']) @app.route('/componants/') @resume_session def get_componant(componant_id): """ Edit componant """ try: componant_id = int(componant_id) except ValueError as e: return render_template('error.html'), 404 componant = Stock_componants.query.filter_by(id=componant_id).first() if componant: providers = Stock_providers.query.order_by(Stock_providers.name).all() provider = componant.provider_id provider = Stock_providers.query.filter_by(id=provider).first() return render_template('componant.html', componant=componant, providers=providers, provider=provider) return render_template('error.html'), 404 @app.route('/componants/update/', methods=['POST']) @resume_session def update_componant(componant_id): """ Update componant field""" field = request.form['field'] value = request.form['value'] if field and value: try: componant = Stock_componants.query.filter_by(id=componant_id).first() setattr(componant, field, value) commit = db.session.commit() if commit == None: return 'OK' except Exception as e: pass return 'KO' @app.route('/componants/delete/') @resume_session def delete_componant(componant_id): """ Delete componant """ try: componant_id = int(componant_id) Stock_componants.query.filter_by(id=componant_id).delete() db.session.commit() except ValueError as e: return render_template('error.html'), 404 except Exception as e: print "[+] Error at delete_componant:" print "------------------------------" print "%s" % e.message print "------------------------------" return componants() @app.route('/componants/new', methods=['POST']) @resume_session def new_componant(): """ Add componant """ componant = Stock_componants(reference=session[u'c_reference'].decode('utf8'), designation=session[u'c_designation'].decode('utf8'), last_price=0, mean_price=0, quantity=0, min_quantity=0, place=session[u'c_place'].decode('utf8'), provider_id=session[u'c_provider']) try: db.session.add(componant) commit = db.session.commit() except Exception as e: print "[+] Error at new_componant:" print "------------------------------" print "%s" % e.message print "------------------------------" return 'KO' if commit != None: return 'KO' return 'OK' @app.route('/componants/in/') @resume_session def in_componants(): """ Incoming order """ return render_template('wip.html') @app.route('/componants/out/') @resume_session def out_componants(): """ Outgoing order """ return render_template('wip.html') ## Componants update result set @app.route('/componants/update', methods=['POST']) @resume_session def update_componants(): """ Display componants list """ # search by reference like = '%s%s%s' % ('%', str(session[u'c_reference']), '%') componants = Stock_componants.query.filter(Stock_componants.reference.like(like)) # search by designation like = '%s%s%s' % ('%', str(session[u'c_designation']), '%') componants = componants.filter(Stock_componants.designation.like(like)) # search by place like = '%s%s%s' % ('%', str(session[u'c_place']),'%') componants = componants.filter(Stock_componants.place.like(like)) # search by provider if session['c_provider'] > 1: componants = componants.filter_by(provider_id=session[u'c_provider']) # Pages calculation session[u'c_count'] = componants.count() session[u'c_pagecount'] = int(math.ceil(session[u'c_count'] / float(session[u'c_limit']))) session[u'c_page'] = int(math.ceil(float(float(session[u'c_offset']) + 1) / float(session[u'c_limit']))) if session[u'c_page'] > session[u'c_pagecount']: session[u'c_page'] = session[u'c_pagecount'] session[u'c_offset'] = 0 session[u'c_nexthop'] = session[u'c_offset'] + session[u'c_limit'] if session[u'c_nexthop'] > session[u'c_count'] - 1: session[u'c_nexthop'] = int(session[u'c_offset']) session[u'c_prevhop'] = int(session[u'c_offset']) - session[u'c_limit'] if session[u'c_prevhop'] < 0: session[u'c_prevhop'] = 0 # Sorting sort = getattr(Stock_componants, session[u'c_sort']) if session[u'c_order'] == u'desc': sort = getattr(Stock_componants, session[u'c_sort']).desc() componants = componants.order_by(sort) # Applying offset componants = componants.offset(session[u'c_offset']) # Applying limit componants = componants.limit(session[u'c_limit']) # Get result componants = componants.all() response = app.make_response(render_template('result_componants.html', componants=componants, offset=session[u'c_offset'] , nexthop=session[u'c_nexthop'], prevhop=session[u'c_prevhop'], page_count=session[u'c_pagecount'], page=session[u'c_page'], sort=session[u'c_sort'].decode('utf8'), order=session[u'c_order'].decode('utf8'), row_count=session[u'c_count'])) sync_cookies(response, session) return response ######################################################################## # Providers ######################################################################## @app.route('/providers', methods=['GET', 'POST']) @resume_session def providers(): return render_template('providers.html', name=session[u'p_name'].decode('utf8'), address=session[u'p_address'].decode('utf8'), mail=session[u'p_mail'].decode('utf8'), url=session[u'p_url'].decode('utf8'), comment=session[u'p_comment'].decode('utf8')) @app.route('/providers/') @resume_session def get_provider(provider_id): """ Edit provider """ try: provider_id = int(provider_id) except ValueError as e: return render_template('error.html'), 404 provider = Stock_providers.query.filter_by(id=provider_id).first() if provider: return render_template('provider.html', provider=provider) return render_template('error.html'), 404 @app.route('/providers/update/', methods=['POST']) @resume_session def update_provider(provider_id): """ Update provider field""" field = request.form['field'] value = request.form['value'] if field and value: try: provider = Stock_providers.query.filter_by(id=provider_id).first() setattr(provider, field, value) commit = db.session.commit() if commit == None: return 'OK' except Exception as e: pass return 'KO' @app.route('/providers/new', methods=['POST']) @resume_session def new_provider(): """ Add provider """ provider = Stock_providers(name=session[u'p_name'].decode('utf8'), address=session[u'p_address'].decode('utf8'), mail=session[u'p_mail'].decode('utf8'), url=session[u'p_url'].decode('utf8'), comment=session[u'p_comment'].decode('utf8')) try: db.session.add(provider) commit = db.session.commit() except Exception as e: print "[+] Error at new_provider:" print "------------------------------" print "%s" % e.message print "------------------------------" return 'KO' if commit != None: return 'KO' return 'OK' @app.route('/providers/delete/') @resume_session def delete_provider(provider_id): """ Delete provider """ try: provider_id = int(provider_id) Stock_providers.query.filter_by(id=provider_id).delete() db.session.commit() except ValueError as e: return render_template('error.html'), 404 except Exception as e: print "[+] Error at delete_provider:" print "------------------------------" print "%s" % e.message print "------------------------------" return providers() @app.route('/providers/update', methods=['POST']) @resume_session def search_providers(): """ Display componants list """ # search by reference like = '%s%s%s' % ('%', str(session[u'p_name']), '%') providers = Stock_providers.query.filter(Stock_providers.name.like(like)) # search by address like = '%s%s%s' % ('%', str(session[u'p_address']), '%') providers = providers.filter(Stock_providers.address.like(like)) # search by place like = '%s%s%s' % ('%', str(session[u'p_mail']),'%') providers = providers.filter(Stock_providers.mail.like(like)) # search by place like = '%s%s%s' % ('%', str(session[u'p_url']),'%') providers = providers.filter(Stock_providers.url.like(like)) # search by place like = '%s%s%s' % ('%', str(session[u'p_comment']),'%') providers = providers.filter(Stock_providers.comment.like(like)) # Don't take 'all' and 'none' entry providers = providers.filter(Stock_providers.id > 2) # Pages calculation session[u'p_count'] = providers.count() session[u'p_pagecount'] = int(math.ceil(session[u'p_count'] / float(session[u'p_limit']))) session[u'p_page'] = int(math.ceil(float(float(session[u'p_offset']) + 1) / float(session[u'p_limit']))) if session[u'p_page'] > session[u'p_pagecount']: session[u'p_page'] = session[u'p_pagecount'] session[u'p_offset'] = 0 session[u'p_nexthop'] = session[u'p_offset'] + session[u'p_limit'] if session[u'p_nexthop'] > session[u'p_count'] - 1: session[u'p_nexthop'] = int(session[u'p_offset']) session[u'p_prevhop'] = int(session[u'p_offset']) - session[u'p_limit'] if session[u'p_prevhop'] < 0: session[u'p_prevhop'] = 0 # Sorting sort = getattr(Stock_providers, session[u'p_sort']) if session[u'p_order'] == u'desc': sort = getattr(Stock_providers, session[u'p_sort']).desc() providers = providers.order_by(sort) # Applying offset providers = providers.offset(session[u'p_offset']) # Applying limit providers = providers.limit(session[u'p_limit']) # Get result providers = providers.all() response = app.make_response(render_template('result_providers.html', providers=providers, offset=session[u'p_offset'] , nexthop=session[u'p_nexthop'], prevhop=session[u'p_prevhop'], page_count=session[u'p_pagecount'], page=session[u'p_page'], sort=session[u'p_sort'].decode('utf8'), order=session[u'p_order'].decode('utf8'), row_count=session[u'p_count'])) sync_cookies(response, session) return response ######################################################################## # Kits ######################################################################## @app.route('/kits', methods=['GET', 'POST']) @resume_session def kits(): return render_template('kits.html', name=session[u'k_name'].decode('utf8'), designation=session[u'k_designation'].decode('utf8')) @app.route('/kits/') @resume_session def get_kit(kit_id): """ Edit kit """ try: kit_id = int(kit_id) except ValueError as e: return render_template('error.html'), 404 kit = Stock_kits.query.filter_by(id=kit_id).first() if kit: return render_template('kit.html', kit=kit) return render_template('error.html'), 404 @app.route('/kits/update/', methods=['POST']) @resume_session def update_kit(kit_id): """ Update kit field""" field = request.form['field'] value = request.form['value'] if field and value: try: kit = Stock_kits.query.filter_by(id=kit_id).first() setattr(kit, field, value) commit = db.session.commit() if commit == None: return 'OK' except Exception as e: pass return 'KO' @app.route('/kits/new', methods=['POST']) @resume_session def new_kit(): """ Add kit """ kit = Stock_kits(name=session[u'k_name'].decode('utf8'), designation=session[u'k_designation'].decode('utf8')) try: db.session.add(kit) commit = db.session.commit() except Exception as e: print "[+] Error at new_kit:" print "------------------------------" print "%s" % e.message print "------------------------------" return 'KO' if commit != None: return 'KO' return 'OK' @app.route('/kits/delete/') @resume_session def delete_kit(kit_id): """ Delete kit """ try: kit_id = int(kit_id) Stock_kit_compositions.query.filter_by(kit_id=kit_id).delete() Stock_kits.query.filter_by(id=kit_id).delete() db.session.commit() except ValueError as e: return render_template('error.html'), 404 except Exception as e: print "[+] Error at delete_kit:" print "------------------------------" print "%s" % e.message print "------------------------------" return kits() @app.route('/kits/update', methods=['POST']) @resume_session def search_kits(): """ Display componants list """ # search by name like = '%s%s%s' % ('%', str(session[u'k_name']), '%') kits = Stock_kits.query.filter(Stock_kits.name.like(like)) # search by designation like = '%s%s%s' % ('%', str(session[u'k_designation']), '%') kits = kits.filter(Stock_kits.designation.like(like)) # Pages calculation session[u'k_count'] = kits.count() session[u'k_pagecount'] = int(math.ceil(session[u'k_count'] / float(session[u'k_limit']))) session[u'k_page'] = int(math.ceil(float(float(session[u'k_offset']) + 1) / float(session[u'k_limit']))) if session[u'k_page'] > session[u'k_pagecount']: session[u'k_page'] = session[u'k_pagecount'] session[u'k_offset'] = 0 session[u'k_nexthop'] = session[u'k_offset'] + session[u'k_limit'] if session[u'k_nexthop'] > session[u'k_count'] - 1: session[u'k_nexthop'] = int(session[u'k_offset']) session[u'k_prevhop'] = int(session[u'k_offset']) - session[u'k_limit'] if session[u'k_prevhop'] < 0: session[u'k_prevhop'] = 0 # Sorting sort = getattr(Stock_kits, session[u'k_sort'].decode('utf8')) if session[u'k_order'] == 'desc': sort = getattr(Stock_kits, session[u'k_sort'].decode('utf8')).desc() kits = kits.order_by(sort) # Applying offset kits = kits.offset(session[u'k_offset']) # Applying limit kits = kits.limit(session[u'k_limit']) # Get result kits = kits.all() response = app.make_response(render_template('result_kits.html', kits=kits, offset=session[u'k_offset'] , nexthop=session[u'k_nexthop'], prevhop=session[u'k_prevhop'], page_count=session[u'k_pagecount'], page=session[u'k_page'], sort=session[u'k_sort'].decode('utf8'), order=session[u'k_order'].decode('utf8'), row_count=session[u'k_count'])) for key in session: response.set_cookie(key, value=str(session[key])) if key != 'session': print '[c]', key, session[key] return response ######################################################################## # Users ######################################################################## # Main ####################################### if __name__ == '__main__': app.run(host='0.0.0.0')