from flask import render_template, request, redirect, url_for from flask_login import login_user, logout_user, login_required from . import auth_bp from database import User, db from create_app import * import secrets from flask import make_response @auth_bp.route('/register', methods=['GET', 'POST']) def register(): if request.method == 'POST': email = request.form['email'] nickname = request.form['nickname'] password = request.form['password'] existing_email = User.query.filter_by(email=email).first() existing_nickname = User.query.filter_by(nickname=nickname).first() if existing_email: return render_template('register.html', message="Email already registered.") if existing_nickname: return render_template('register.html', message="Nickname already taken.") if len(password) < 8: return render_template('register.html', message="Password must be at least 8 characters long.") new_user = User(email=email, nickname=nickname) new_user.set_password(password) db.session.add(new_user) db.session.commit() return redirect(url_for('auth.login')) return render_template('register.html') @auth_bp.route('/login', methods=['GET', 'POST']) def login(): if request.method == 'POST': email = request.form['email'] password = request.form['password'] user = User.query.filter_by(email=email).first() if user and user.check_password(password): # Use Flask-Login's login_user login_user(user) # Generate token (if still needed for API calls) token = secrets.token_urlsafe(32) TOKEN_STORE[token] = user.id # Create response with token in cookie response = make_response(redirect(url_for('dashboard.dashboard'))) response.set_cookie('auth_token', token, httponly=True, secure=True) return response else: return render_template('login.html', message="Invalid email or password.") return render_template('login.html') @auth_bp.route('/logout') @login_required def logout(): logout_user() return redirect(url_for('auth.login'))