Merge branch 'main' of git.gvk.idi.ntnu.no:steffemar/idatg2204-project

12720b52 · Torbjørn Halland · 294f8b56 · a22722c9 · 12720b52 · 12720b52
Commit 12720b52 authored 1 year ago by Torbjørn Halland
--- a/.gitignore
+++ b/.gitignore
 .DS_Store
+__pycache__
+.idea
--- a/Backend/main.py
+++ b/Backend/main.py
-from flask import Flask, jsonify
-from flask_mysqldb import MySQL
-from routes.category import get_category
-from routes.order import get_order
-from routes.home import get_home
-from routes.cart import get_cart
-from routes.login import post_login
-
-# Initialize APP
-app = Flask(__name__)
-app.config['MYSQL_HOST'] = 'localhost'
-app.config['MYSQL_USER'] = 'root'
-app.config['MYSQL_PASSWORD'] = ''
-app.config['MYSQL_DB'] = 'ElectroMart'
-app.config['MYSQL_UNIX_SOCKET'] = '/Applications/XAMPP/xamppfiles/var/mysql/mysql.sock'
-mysql = MySQL(app)
+from utils.application import app
+#from routes.category import get_category
+#from routes.order import get_order
+#from routes.home import get_home
+#from routes.cart import get_cart
+from routes.login import post_login, post_register

 # Routing
-@app.route('/', methods=['GET'])
-def home():
-    return get_home()
+#@app.route('/', methods=['GET'])
+#def home():
+#    return get_home()

-@app.route('/order/<int:order_id>', methods=['GET'])
-def order(order_id):
-    return get_order(order_id)
+#@app.route('/order/<int:order_id>', methods=['GET'])
+#def order(order_id):
+#    return get_order(order_id)

-@app.route('/category', methods=['GET'])
-@app.route('/category/<string:category_name>', methods=['GET'])
-def category(category_name):
-    return get_category(category_name)
+#@app.route('/category', methods=['GET'])
+#@app.route('/category/<string:category_name>', methods=['GET'])
+#def category(category_name):
+#    return routes.category.get_category(category_name)

-@app.route('/cart', methods=['GET'])
-def cart():
-    return get_cart()
+#@app.route('/cart', methods=['GET'])
+#def cart():
+#    return get_cart()

 @app.route('/login', methods=['POST'])
 def login():
    return post_login()

+@app.route('/register', methods=['POST'])
+def register():
+    return post_register()
+
 if __name__ == '__main__':
    app.run(debug=True, port=8080)
\ No newline at end of file
--- a/Backend/routes/category.py
+++ b/Backend/routes/category.py
-from main import mysql, jsonify
+from main import mysql
+from flask import jsonify


-def category(category_name=None):
+def get_category(category_name=None):
    if category_name is None:
        cur = mysql.connection.cursor()
        cur.execute('''SELECT category.name FROM category''')

--- a/Backend/routes/login.py
+++ b/Backend/routes/login.py
-from main import mysql, jsonify
+from utils.application import mysql
+from flask import request, jsonify, make_response
+import bcrypt

 def post_login():
-    # TODO Add authentication logic here
-    return "Login successful"
+    
+    # Get data from request
+    data = request.json
+    email = data["email"]
+    password = data["password"]
+
+    # Check if user exists and/or password exists
+    cur = mysql.connection.cursor()
+    cur.execute('''SELECT user.email, user.hash, user.salt FROM user WHERE user.email = %s''', (email,))
+    dbData = cur.fetchall()
+    cur.close()
+
+    # Check if user exists
+    if len(dbData) <= 0:
+        return jsonify({"message": "Incorrect login information."}), 400
+
+    salt = dbData[0][2].encode("utf-8")
+    hash = hash_function(password, salt)
+
+    # Password check
+    if hash.decode("utf-8") != dbData[0][1]:
+        return jsonify({"message": "Incorrect login information."}), 400
+
+    # Set cookie
+    response = make_response(jsonify({"message": "Login successful"}))
+
+    # Cookie lasts 24 hours
+    response.set_cookie('logged_in', email, max_age=60*60*24)
+    return response, 200
+
+def post_register():
+    # Get data from request
+    data = request.json
+    email = data['email']
+    password = data['password']
+    firstname = data['firstname']
+    lastname = data['lastname']
+    address = data['address']
+
+    # Hash and salt password
+    salt = bcrypt.gensalt()
+    password = hash_function(password, salt)
+
+    # Check if email already exists
+    cur = mysql.connection.cursor()
+    cur.execute('''SELECT user.email FROM user WHERE user.email = %s''', (email,))
+    data = cur.fetchall()
+    cur.close()
+
+    # If email already exists, return error
+    if len(data) > 0:
+        return jsonify({"message": "Email already exists"}), 400
+
+    cur = mysql.connection.cursor()
+    cur.execute('''INSERT INTO user_details (email, first_name, last_name, address) VALUES (%s, %s, %s, %s)''', (email, firstname, lastname, address))
+    cur.execute('''INSERT INTO user (email, hash, salt) VALUES (%s, %s, %s)''', (email, password, salt))
+    mysql.connection.commit()
+    cur.close()
+
+    return "", 201
+
+
+def hash_function(password, salt):
+    password = password.encode("utf-8")
+    hashed = bcrypt.hashpw(password, salt)
+    return hashed
+
--- a/Backend/tempCodeRunnerFile.py
+++ b/Backend/tempCodeRunnerFile.py
+mysql
\ No newline at end of file
--- a/Backend/utils/application.py
+++ b/Backend/utils/application.py
+from flask import Flask
+from flask_mysqldb import MySQL
+
+app = Flask(__name__)
+app.config['MYSQL_HOST'] = 'localhost'
+app.config['MYSQL_USER'] = 'root'
+app.config['MYSQL_PASSWORD'] = ''
+app.config['MYSQL_DB'] = 'ElectroMart'
+app.config['MYSQL_UNIX_SOCKET'] = '/Applications/XAMPP/xamppfiles/var/mysql/mysql.sock'
+mysql = MySQL(app)
+
--- a/Database/project_db.sql
+++ b/Database/project_db.sql
@@ -168,7 +168,8 @@ INSERT INTO `sub_category_in_category` (`parent_category_id`, `sub_category_id`)

 CREATE TABLE `user` (
  `user_id` int(11) NOT NULL,
-  `password` varchar(255) DEFAULT NULL,
+  `hash` varchar(255) DEFAULT NULL,
+  `salt` varchar(255) DEFAULT NULL,
  `email` varchar(255) DEFAULT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_danish_ci;

@@ -176,11 +177,11 @@ CREATE TABLE `user` (
 -- Dataark for tabell `user`
 --

-INSERT INTO `user` (`user_id`, `password`, `email`) VALUES
-(1, 'password1', 'user1@example.com'),
-(2, 'password2', 'user2@example.com'),
-(3, 'password3', 'user3@example.com'),
-(4, 'password4', 'user4@example.com');
+INSERT INTO `user` (`user_id`, `hash`, `salt`, `email`) VALUES
+(1, 'password1', '123', 'user1@example.com'),
+(2, 'password2', '124', 'user2@example.com'),
+(3, 'password3', '125', 'user3@example.com'),
+(4, 'password4', '126', 'user4@example.com');

 -- --------------------------------------------------------

@@ -277,6 +278,7 @@ ALTER TABLE `sub_category_in_category`
 -- Indexes for table `user`
 --
 ALTER TABLE `user`
+  MODIFY `user_id` int(11) NOT NULL AUTO_INCREMENT,
  ADD PRIMARY KEY (`user_id`),
  ADD KEY `email` (`email`);