-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathserver.py
346 lines (259 loc) · 11.8 KB
/
server.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
# ALI server file
# Flask imports
from flask import render_template
from flask import request
from flask import redirect
from flask import session
from flask import Response
from database import companies, saveUser, getUser, chart_table,isAdmin, db
from database import generateCredentials, stringToBytes, companyIdGenerator, saveCompany
from sessions import app
from translatetext import takeHomeTranslate, clearTextTags,clearHomeTags
import hashlib
import datetime
import time
import threading
import toget
import math
import random
# ----------------home page--------------------
@app.route("/home", methods=["GET", "POST"])
def homePage():
if request.method == 'POST':
#getting from forms
patientName = request.form["name"]
userNotes = request.form["notes"]
highlights = request.form["highlights"]
dateAndTime = str(datetime.datetime.now())
date = dateAndTime[0:10]
time = dateAndTime[11:19]
username = session.get("username")
try:
chart_table.insert({ # insert to chart
'username': username,
'patient': patientName,
'time' : time,
'date' : date,
'notes': userNotes,
'time_stamp': dateAndTime,
'highlights': highlights
})
except Exception as e: # throw 409 error if exception occurs
return Response(e, status=409)
if session.get("username") == "admin":
return render_template("home.html", isAdmin = True)
elif "username" not in session:
return redirect("/")
else:
return render_template("home.html", isAdmin = False)
else:
if session.get("username") == "admin":
return render_template("home.html", isAdmin = True)
elif "username" not in session:
return redirect("/")
else:
return render_template("home.html", isAdmin = False)
# -------------------translate---------------------------------
@app.route("/translate", methods=["GET", "POST"])
def dynamic_page():
if request.method == "POST":
#getting language input from page
languageOne = request.form["languages1"]
langaugeTwo = request.form["languages2"]
if languageOne and langaugeTwo:
session['languageOne'] = languageOne
session['langaugeTwo'] = langaugeTwo
l1 = session.get('languageOne')
l2 = session.get('langaugeTwo')
toget.main(languageOne, langaugeTwo) # run google APIS
return render_template("home.html", isAdmin = True,
l1 = l1, l2 = l2) if session.get("username") == "admin" else render_template("home.html",
isAdmin = False, l1 = l1, l2 = l2)
else:
return render_template("home.html", isAdmin = True,
values = False) if session.get("username") == "admin" else render_template("home.html",
isAdmin = False, values=False)
else:
return render_template("home.html", isAdmin == True) if session.get("username") == "admin" else render_template("home.html", isAdmin = False)
# -------------------login page functionality--------------------
@app.route("/", methods=["GET", "POST"])
@app.route("/login", methods=["GET", "POST"])
def loginPage():
if request.method == "POST":
# this will grab user input from html page
username = request.form["username"]
password = request.form["password"]
user = getUser(username) #type dict
if not user:
return render_template(
"login.html", failedLogin=True
) # if user not found, will redirect user back to login page
if not verifyPassword(password, user["password"]):
return render_template(
"login.html", failedLogin=True
) # if password is wrong, will redirect to login page
if username not in session:
session["username"] = username # adds username to session
if(isAdmin(username)):
print("ADMIN FOUND") ## checks if user is admin
return render_template("home.html",isAdmin = True) # will redirect to home page with the user being logged in
else:
return render_template("home.html",isAdmin = False)
else:
return render_template("login.html", failedLogin=False)
# ---------------sign up functionality ----------------
@app.route("/signup", methods=["GET", "POST"])
def signUpPage():
if request.method == "POST":
companyKey = request.form["companyKey"]
username = request.form["username"] # get username form page
print("Getting password")
password = request.form["password"] # get password from page
print(f"password is: {password}")
passwordRepeat = request.form["password_again"] # get password from page
# checking to see if username is already taken
oldUser = getUser(username)
oldName = str(oldUser["username"])
if oldName.upper() == username.upper():
# username has been taken
return render_template(
"signup.html",
invalidCode=False,
notPasswordMatch=False,
badUsername=True,
)
if (
password != passwordRepeat
): # makes sure the double password input is the same
if "username" not in session:
session["username"] = username ## saves the session using flask
return render_template(
"signup.html",
invalidCode=False,
notPasswordMatch=True,
badUsername=False,
) # will redirct to signup page if not the same
companyInfo = list(companies.find(company_key=companyKey))
try:
companyName = companyInfo[0].get("company_name")
except:
# need to return error code rather than redirect
return render_template(
"signup.html",
invalidCode=True,
notPasswordMatch=False,
badUsername=False,
) # input message (bootstrap alert) that says company key wrong
data = { # saves user after signup
"username": username,
"password": generateCredentials(password),
"company_name": companyName, # change to company name
} # data is type dict
print(type(data))
saveUser(data)
if "username" not in session:
session["username"] = username
# sets session user name to the new users name
return redirect("/")
else:
return render_template(
"signup.html", invalidCode=False, notPasswordMatch=False, badUsername=False
)
# --------------sign out function & route-----------------------
@app.route("/logout", methods=["GET"])
def getLogout():
clearHomeTags()
session.pop(
"username", None
) # removes the user id from the session when they logout
return redirect("/") # redirect to login page
# ---------Translation page --------------
@app.route("/takehome", methods=["GET", "POST"])
def takeHome():
clearTextTags()
if request.method == "POST":
langaugeTwo = request.form["languages2"]
text = request.form["t1"]
if langaugeTwo:
session["textLanguage"] = langaugeTwo
l2 = session.get("textLanguage")
takeHomeTranslate(langaugeTwo, text)
return render_template("takeHome.html", isAdmin = True, l2 = l2) if session.get("username") == "admin" else render_template("takeHome.html", isAdmin = False, l2 = l2)
else:
return render_template("takeHome.html", isAdmin = True, values = False) if session.get("username") == "admin" else render_template("takeHome.html", isAdmin = False, values = False)
else:
return render_template("takeHome.html", isAdmin = True) if session.get("username") == "admin" else render_template("takeHome.html", isAdmin = False)
#------------admin create keys page--------------------
@app.route("/admin", methods=["GET", "POST"])
def getAdmin():
if request.method == 'POST':
#getting from form
username = request.form["username"]
password = request.form["password"]
companyName = request.form["companyName"]
companyID = request.form["companyID"]
user = getUser(username) #getting user name
if username != "admin": # checking for admin
return render_template("admin.html", failedLogin = True, isAdmin = True, keyMade = False)
if not verifyPassword(password, user["password"]):
return render_template("admin.html", failedLogin = True, isAdmin = True, keyMade = False)
key = generateKey(20) # generate company key
if(companyID == ""): #if no ID inputted, use the compnayIDGenerator function
companyID = companyIdGenerator()
data = { # create dict
"company_id": companyID,
"company_name": companyName,
"company_key": key,
}
saveCompany(data) #save data
return render_template("admin.html", failedLogin = False, isAdmin = True, keyMade = True, key = key)
else:
return render_template("admin.html", failedLogin = False, isAdmin = True, keyMade = False)
# -------chart Page -----------------
@app.route("/mychart")
def getChart():
username = session.get("username") # get username from session
itemsInChart = chart_table.find()
itemsInChart = [ dict(x) for x in list(itemsInChart) if x['username'] == username ] #find data from username
if session.get("username") == "admin": # admin check
return render_template("chart.html", itemsInChart = itemsInChart,isAdmin = True)
else:
return render_template("chart.html", itemsInChart = itemsInChart,isAdmin = False) #return items found on template
# passwords need to be verified. We need to hash and compare to see if its verifiable
def verifyPassword(Userpassword, Usercredentials):
if type(Usercredentials) == str:
salt = stringToBytes(Usercredentials[10:74])
key = stringToBytes(Usercredentials[85:149])
else:
salt = stringToBytes(Usercredentials["salt"]) # get salt
key = stringToBytes(Usercredentials["key"]) # get key
newKey = hashlib.pbkdf2_hmac( # process to hash the password to compare
"sha256", # The hash digest algorithm for HMAC
Userpassword.encode("utf-8"), # Convert the password to bytes
salt, # Provide the salt
100000, # It is recommended to use at least 100,000 iterations of SHA-256
)
return newKey == key # returns bool to see if they match
##runs in the backgroud and deletes records that are 24 hours old
def background():
minutes = 0
while True:
if minutes > 60:
try:
db.query('DELETE FROM chart_table WHERE time_stamp<=DATE_SUB(NOW(), INTERVAL 1 DAY);') #query to find old chart data(24 hours)
db.commit()
minutes = 0
except: pass
time.sleep(60)
minutes = minutes + 1
def generateKey(length): #function to generate company key
result = ''
characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
for i in range(length):
result += characters[math.floor(random.randint(0, len(characters)-1))]
return result
if __name__ == "__main__":
b = threading.Thread(name='background', target=background) #thread for deleting old chart data
b.daemon = True
b.start()
app.run(host="localhost", port=8080, debug=True)