miniBase/webinterface/minibase/route.py

import os
import secrets
from PIL import Image
from flask import render_template, url_for, flash, redirect, request, abort
from minibase import app, db, bcrypt
from minibase.forms import registrationForm, loginForm, updateAccountForm, postForm
from minibase.models import User, Post
from flask_login import login_user, current_user, logout_user, login_required


#Redirect from / and also /home routes to the /
@app.route("/") 
@app.route("/home") 
def home():
    page = request.args.get('page', 1, type=int)
    posts = Post.query.order_by(Post.date_posted.asc()).paginate(per_page=2)
    return render_template('home.html', posts=posts)


@app.route("/about") 
def about():
    return render_template('about.html', title='About')

@app.route("/register", methods=['GET', 'POST']) 
def register():
    if current_user.is_authenticated:
        return redirect(url_for('home'))  

    form = registrationForm()
    if form.validate_on_submit(): 
        hashed_pw = bcrypt.generate_password_hash(form.password.data).decode('utf-8')        
        user = User(username=form.username.data, email=form.email.data, password=hashed_pw)
        db.session.add(user)
        db.session.commit()
        flash(f'Your account has benn created you can now log in!','success')
        return redirect(url_for('home'))  

    return render_template('register.html', title='Register', form=form)

@app.route("/login", methods=['GET', 'POST']) 
def login():
    if current_user.is_authenticated:
        return redirect(url_for('home'))  
    form = loginForm()
    if form.validate_on_submit(): 
        user = User.query.filter_by(email=form.email.data).first()
        if user and bcrypt.check_password_hash(user.password, form.password.data):
            login_user(user,remember=form.remember.data)
            next_page = request.args.get('next')
            return redirect(next_page) if next_page else redirect(url_for('home'))
        else:
            flash('Login unsuccessful. Please chek your Email and Password!','danger')
    return render_template('login.html', title='Login', form=form)

@app.route("/logout") 
def logout():
    logout_user()
    return redirect(url_for('home'))

def save_picture(form_picture): 
    random_hex = secrets.token_hex(8)
    _, f_ext =os.path.splitext(form_picture.filename)
    picture_fn = random_hex + f_ext
    picture_path = os.path.join(app.root_path, 'static/pics', picture_fn)
    output_size = (125,125)
    i = Image.open(form_picture)
    i.thumbnail(output_size) 
    i.save(picture_path)
    return picture_fn

@app.route("/account", methods=['GET', 'POST']) 
@login_required
def account():
    form = updateAccountForm()
    if form.validate_on_submit():
        if form.picture.data:
            picture_file = save_picture(form.picture.data) 
            current_user.image_file = picture_file
        current_user.username = form.username.data
        current_user.email = form.email.data
        db.session.commit()
        flash('Your account has been updated!', 'success')
        return redirect(url_for('account'))
    elif request.method == 'GET':
        form.username.data = current_user.username
        form.email.data = current_user.email
    image_file = url_for('static', filename='pics/'+ current_user.image_file)
    return render_template('account.html', title='Account', image_file = image_file, form=form)

@app.route("/post/new", methods=['GET', 'POST']) 
@login_required
def new_post():
    form = postForm()
    if form.validate_on_submit():
        post = Post(title=form.title.data, content=form.content.data, author=current_user)
        db.session.add(post)
        db.session.commit()
        flash('Your post has been created', 'success')
        return redirect(url_for('home'))
    return render_template('create_post.html', title='Create Post', legend='Create Post', form=form)  

@app.route("/post/<int:post_id>") 
def post(post_id):
    post = Post.query.get_or_404(post_id)
    return render_template('post.html', title=post.title, post=post)  

@app.route("/post/<int:post_id>/update", methods=['GET', 'POST']) 
@login_required
def post_update(post_id):
    post = Post.query.get_or_404(post_id)
    if post.author != current_user:
        abort(403)
    form = postForm()
    if form.validate_on_submit():
        post.title = form.title.data
        post.content = form.content.data
        db.session.commit()
        flash('Your post has been updated', 'success')
        return redirect(url_for('post', post_id=post.id))
    elif request.method == 'GET':
        form.title.data = post.title
        form.content.data = post.content
    return render_template('create_post.html', title='Update Post', legend='Update Post', form=form)  

@app.route("/post/<int:post_id>/delete", methods=['POST']) 
@login_required
def post_delete(post_id):
    post = Post.query.get_or_404(post_id)
    if post.author != current_user:
        abort(403)
    db.session.delete(post)
    db.session.commit()
    flash('Your post has been deleted', 'success')
    return redirect(url_for('home'))

@app.route("/user/<string:username>") 
def user_posts(username):
    user = User.query.filter_by(username=username).first_or_404()
    page = request.args.get('page', 1, type=int)
    posts = Post.query.filter_by(author=user)\
            .order_by(Post.date_posted.asc())\
            .paginate(page=page, per_page=2)
    return render_template('user_posts.html', posts=posts, user=user)