From b137cdc5223ddeba7e81f87e097a6b4aaafe022a Mon Sep 17 00:00:00 2001
From: Marijn Jansen <marijn@jansen.onl>
Date: Fri, 22 Mar 2019 16:28:47 +0100
Subject: [PATCH] secret key!

---
 app.py                        | 31 +++++++++++--------------------
 templates/adm/uploadfile.html |  5 +++++
 2 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/app.py b/app.py
index 20ab749..1f47c06 100644
--- a/app.py
+++ b/app.py
@@ -1,6 +1,6 @@
 import os
 
-from flask import Flask, render_template, jsonify, abort, send_file, request, redirect
+from flask import Flask, render_template, jsonify, abort, send_file, request, redirect, flash
 from sqlalchemy import func
 from base64 import standard_b64decode, standard_b64encode
 from io import BytesIO
@@ -8,7 +8,7 @@ from io import BytesIO
 from model import db, Post, Category, ImageBase64
 
 # Check for environment variable
-env_vars = ["DATABASE_URL", "PASSWORD"]
+env_vars = ["DATABASE_URL", "PASSWORD", 'SECRET_KEY']
 for env_var in env_vars:
     if not os.getenv(env_var):
         raise RuntimeError(f"{env_var} is not set")
@@ -18,6 +18,7 @@ app = Flask(__name__)
 app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv("DATABASE_URL")
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 app.config['JSON_SORT_KEYS'] = False
+app.secret_key = os.getenv('SECRET_KEY')
 
 # Bind db to application
 db.init_app(app)
@@ -68,33 +69,23 @@ def get_image(filename):
 def file_uploaded():
     if request.method == 'POST':
         if not request.form.get('password') == os.getenv('PASSWORD'):
-            abort(401)
+            flash("Wrong Password")
+            return redirect("/adm/uploadfile")
         # check if the post request has the file part
         if 'files' not in request.files:
-            # flash('No file part')
-            return abort(400)
-            # return redirect(request.url)
+            return redirect("/adm/uploadfile")
         files = request.files.getlist('files')
         # if user does not select file, browser also
         # submit an empty part without filename
-        print(files)
         for file in files:
             if file.filename == '':
-                # flash('No selected file')
-                return redirect(request.url)
-
-            if file:
-                data = standard_b64encode(file.read()).decode()
-                print(file.filename, file.mimetype)
-                database_object = ImageBase64(filename=file.filename, mimetype=file.mimetype, data=data)
-                db.session.add(database_object)
+                flash("No files")
+                return redirect("/adm/uploadfile")
+            data = standard_b64encode(file.read()).decode()
+            database_object = ImageBase64(filename=file.filename, mimetype=file.mimetype, data=data)
+            db.session.add(database_object)
 
         db.session.commit()
-        # if file and allowed_file(file.filename):
-        #     filename = secure_filename(file.filename)
-        #     file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
-        #     return redirect(url_for('uploaded_file',
-        #                             filename=filename))
     return render_template("adm/uploadfile.html")
 
 
diff --git a/templates/adm/uploadfile.html b/templates/adm/uploadfile.html
index d431773..cd48147 100644
--- a/templates/adm/uploadfile.html
+++ b/templates/adm/uploadfile.html
@@ -3,6 +3,11 @@
     Upload File - mvl
 {% endblock %}
 {% block main %}
+    {% if get_flashed_messages() %}
+                <div class="alert alert-primary border text-center" role="alert">
+                    {{ get_flashed_messages() | join(" ") }}
+                </div>
+        {% endif %}
     <main class="container">
         <h1>Upload new Photo</h1>
         <form class="" method=post enctype=multipart/form-data>