davekpython/homework 5

## homework 5
import webapp2
import re
import os
import jinja2
import re
import hashlib
import hmac
import random
import string
from google.appengine.ext import db
import json


secret = 'imsosecret'

template_dir = os.path.join(os.path.dirname(__file__), 'templates')
jinja_env = jinja2.Environment(loader = jinja2.FileSystemLoader(template_dir),
  							autoescape = True)

USER_RE = re.compile(r"^[a-zA-Z0-9_-]{3,20}$")
PASS_RE = re.compile(r"^.{3,20}$")
EMAIL_RE = re.compile(r"^[\S]+@[\S]+\.[\S]+$")


class User(db.Model):
	username = db.StringProperty()
	password_hash = db.StringProperty()
	email = db.StringProperty()
	hashish = db.StringProperty()
	subject = db.StringProperty()
	content = db.TextProperty()
	created = db.DateTimeProperty(auto_now_add = True)

def valid_username(username):
	return USER_RE.match(username)

def valid_password(password):
	return PASS_RE.match(password)

def valid_email(email):
	return EMAIL_RE.match(email)


def make_salt():
	return ''.join(random.choice(string.letters) for x in xrange(5))

def make_pw_hash(name, pw, salt=None):
	if not salt:
		salt = make_salt()
	h = hashlib.sha256(name + pw + salt).hexdigest()

	return '%s,%s' % (h, salt)

def valid_pw(name, pw, h):
	print h, "h"
	old_salt = h.split(',')[1]

	return h == make_pw_hash(name, pw, old_salt)


def hash_str(s):
	return hmac.new(secret, s).hexdigest()

def make_secure_val(s):
	return "%s|%s" % (s, hash_str(s))

def check_secure_val(h):
	val = h.split('|')[0]
	if h == make_secure_val(val):
		return val

class Handler(webapp2.RequestHandler):
	def write(self, *a, **kw):
		self.response.out.write(*a, **kw)

	def render_str(self, template, **params):
		t = jinja_env.get_template(template)
		return t.render(params)

	def render(self, template, **kw):
		self.write(self.render_str(template, **kw))


class MainPage(Handler):
	def render_front(self, username="", email="", error=""):
		self.render("front.html", username=username, email=email, error=error)

	def get(self):
		self.response.headers['Content-Type'] = 'text/html'

		self.render_front()

		self.redirect('/signup')

class SignUpPage(Handler):
	def render_newfront(self, username="", email="", error=""):
		self.render("front.html", username=username, email=email, error=error)

	def get(self):
		self.response.headers['Content-Type'] = 'text/html'

		self.render_newfront()

	def post(self):

		username = self.request.get("username")
		password = self.request.get("password")
		verify = self.request.get("verify")
		email = self.request.get("email")

		v_username = valid_username(username)
		v_password = valid_password(password)
		v_email = valid_email(email)

		error = ''
		valid = False

		if not v_username:
			error = "That is not a valid Username"
			self.render_newfront(username, email, error)
		elif not v_password:
			error = "That is not a valid Password."
			self.render_newfront(username, email, error)
		elif password != verify:
			error = "Your Password does not match the Verify Password."
			self.render_newfront(username, email, error)
		elif email == "":
			email = "None"
			valid = True
		elif not v_email:
			error = "Your email is lacking validation capacity!"
			self.render_newfront(username, email, error)
		else:
			valid = True

		if valid == True:

			users = User.all()

			old_user = False

			for p in users:
				print p.username
				if p.username == username:
					old_user = True
			if old_user == 	True:
				error = "That user already exists."
				self.render_newfront('', '', error)

			else:
				user_id = None
				user_id_cookie_str = self.request.cookies.get('user_id')

				if user_id_cookie_str:
					cookie_val = check_secure_val(user_id_cookie_str)
					if cookie_val:
						user_id = str(cookie_val)
					self.redirect("/welcome")
				else:
					self.render_newfront()

				hashish = None

				pw_hashish_salt = make_pw_hash(username, password, hashish)
				password_hash = pw_hashish_salt.split(',')[0]
				hashish = pw_hashish_salt.split(',')[1]
				a = User(username = username, password_hash = password_hash, hashish = hashish, email = email)
				a_key = a.put()

				new_cookie_val = make_secure_val(str(a_key.id()))

				self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)

				self.redirect('/welcome')

class LoginPage(Handler):
	def render_newfront(self, username="", error=""):
		self.render("login.html", username=username, error=error)

	def get(self):
		self.response.headers['Content-Type'] = 'text/html'

		self.render_newfront()

	def post(self):

		username = self.request.get("username")
		password = self.request.get("password")

		v_username = valid_username(username)
		v_password = valid_password(password)

		error = ''
		valid = False

		if not v_username:
			error = "That is not a valid Username"
			self.render_newfront(username, error)
		elif not v_password:
			error = "That is not a valid Password."
			self.render_newfront(username, error)
		else:
			valid = True

		if valid == True:

			users = User.all()

			old_user = False

			for p in users:
				print p.username
				if p.username == username:
					old_user = True

			if old_user == 	True:
				error = "That user already exists."
				self.render_newfront('', error)

			else:
				user_id = None
				user_id_cookie_str = self.request.cookies.get('user_id')
				print user_id_cookie_str, "cookie str"
				if user_id_cookie_str:
					cookie_val = check_secure_val(user_id_cookie_str)
					if cookie_val:
						user_id = str(cookie_val)
					self.redirect("/welcome")
				else:
					self.render_newfront()

				hashish = None

				pw_hashish_salt = make_pw_hash(username, password, hashish)
				password_hash = pw_hashish_salt.split(',')[0]
				hashish = pw_hashish_salt.split(',')[1]
				a = User(username = username, password_hash = password_hash, hashish = hashish)
				a_key = a.put()

				new_cookie_val = make_secure_val(str(a_key.id()))
				print new_cookie_val, "new_cookie_val"

				self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)

				self.redirect('/blog')

class Blog(Handler):
	def render_blogpage(self, subject="", content="", error=""):
		blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc")
		blogs = list(blogs)
		self.render("blog.html", subject=subject, content=content, error=error, blogs=blogs)

	def get(self):

		self.render_blogpage()

class JsonBlog(Handler):
	def get(self):
		blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc limit 10")
		timeformat = '%a %b %d %H:%M:%S %y'
		pythondict = [{"subject": p.subject,
					"content":p.content,
					"created":p.created.strftime(timeformat)}
					for p in blogs]
		jsonString = json.dumps(pythondict)

		self.response.headers['Content-Type'] = 'application/json; charset=UTF-8'

		self.response.out.write(jsonString)

class Json(Handler):
	def get(self):
		blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc limit 10")
		timeformat = '%a %b %d %H:%M:%S %y'
		pythondict = [{"subject": p.subject,
					"content":p.content,
					"created":p.created.strftime(timeformat)}
					for p in blogs]
		jsonString = json.dumps(pythondict)

		self.response.headers['Content-Type'] = 'application/json; charset=UTF-8'

		self.response.out.write(jsonString)

class PostPage(Handler):
	def render_postpage(self, subject="", content="", error=""):
		blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc")
		blogs = list(blogs)
		self.render("newpost.html", subject=subject, content=content, error=error, blogs=blogs)

	def get(self):
		self.render_postpage()

	def post(self):
		subject = self.request.get("subject")
		content = self.request.get("content")

		if subject and content:
			post = User(subject = subject, content = content)
			post.put()

			self.redirect("/newpost/%s" % post.key().id())

		else:
			error = "We need both a subject and your content!"
			self.render_postpage(subject, content, error)

class LatestPost(Handler):

	def get(self, post_id):
		post=User.get_by_id(int(post_id))
		self.render("latestpost.html", post=post)

class WelcomePost(Handler):
	def render_welcome_post(self, username=""):
		self.render("welcome.html", username=username)

	def get(self):
		user_id_cookie_str = self.request.cookies.get('user_id')
		print user_id_cookie_str
		if user_id_cookie_str:
			cookie_val = check_secure_val(user_id_cookie_str)
			if cookie_val:
				user_id = str(cookie_val)
				user = User.get_by_id(int(user_id.split('|')[0]))
				username = user.username
				self.render('welcome.html', username = username)
		else:
			self.redirect('/signup')

class LogOutPage(Handler):

	def get(self):
		new_cookie_val = ""
		self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)

		self.redirect('/signup')


app = webapp2.WSGIApplication([('/', MainPage), ('.json', Json), ('/.json', JsonBlog), ('/blog', Blog), ('/blog.json', JsonBlog), ('/newpost', PostPage), ('/newpost/(\d+)', LatestPost), ('/signup', SignUpPage),('/welcome', WelcomePost), ('/login', LoginPage), ('/logout', LogOutPage)], debug = True)
	import webapp2
	import re
	import os
	import jinja2
	import re
	import hashlib
	import hmac
	import random
	import string
	from google.appengine.ext import db
	import json


	secret = 'imsosecret'

	template_dir = os.path.join(os.path.dirname(__file__), 'templates')
	jinja_env = jinja2.Environment(loader = jinja2.FileSystemLoader(template_dir),
	autoescape = True)

	USER_RE = re.compile(r"^[a-zA-Z0-9_-]{3,20}$")
	PASS_RE = re.compile(r"^.{3,20}$")
	EMAIL_RE = re.compile(r"^[\S]+@[\S]+\.[\S]+$")


	class User(db.Model):
	username = db.StringProperty()
	password_hash = db.StringProperty()
	email = db.StringProperty()
	hashish = db.StringProperty()
	subject = db.StringProperty()
	content = db.TextProperty()
	created = db.DateTimeProperty(auto_now_add = True)

	def valid_username(username):
	return USER_RE.match(username)

	def valid_password(password):
	return PASS_RE.match(password)

	def valid_email(email):
	return EMAIL_RE.match(email)


	def make_salt():
	return ''.join(random.choice(string.letters) for x in xrange(5))

	def make_pw_hash(name, pw, salt=None):
	if not salt:
	salt = make_salt()
	h = hashlib.sha256(name + pw + salt).hexdigest()

	return '%s,%s' % (h, salt)

	def valid_pw(name, pw, h):
	print h, "h"
	old_salt = h.split(',')[1]

	return h == make_pw_hash(name, pw, old_salt)


	def hash_str(s):
	return hmac.new(secret, s).hexdigest()

	def make_secure_val(s):
	return "%s\|%s" % (s, hash_str(s))

	def check_secure_val(h):
	val = h.split('\|')[0]
	if h == make_secure_val(val):
	return val

	class Handler(webapp2.RequestHandler):
	def write(self, a, *kw):
	self.response.out.write(a, *kw)

	def render_str(self, template, **params):
	t = jinja_env.get_template(template)
	return t.render(params)

	def render(self, template, **kw):
	self.write(self.render_str(template, **kw))


	class MainPage(Handler):
	def render_front(self, username="", email="", error=""):
	self.render("front.html", username=username, email=email, error=error)

	def get(self):
	self.response.headers['Content-Type'] = 'text/html'

	self.render_front()

	self.redirect('/signup')

	class SignUpPage(Handler):
	def render_newfront(self, username="", email="", error=""):
	self.render("front.html", username=username, email=email, error=error)

	def get(self):
	self.response.headers['Content-Type'] = 'text/html'

	self.render_newfront()

	def post(self):

	username = self.request.get("username")
	password = self.request.get("password")
	verify = self.request.get("verify")
	email = self.request.get("email")

	v_username = valid_username(username)
	v_password = valid_password(password)
	v_email = valid_email(email)

	error = ''
	valid = False

	if not v_username:
	error = "That is not a valid Username"
	self.render_newfront(username, email, error)
	elif not v_password:
	error = "That is not a valid Password."
	self.render_newfront(username, email, error)
	elif password != verify:
	error = "Your Password does not match the Verify Password."
	self.render_newfront(username, email, error)
	elif email == "":
	email = "None"
	valid = True
	elif not v_email:
	error = "Your email is lacking validation capacity!"
	self.render_newfront(username, email, error)
	else:
	valid = True

	if valid == True:

	users = User.all()

	old_user = False

	for p in users:
	print p.username
	if p.username == username:
	old_user = True
	if old_user == True:
	error = "That user already exists."
	self.render_newfront('', '', error)

	else:
	user_id = None
	user_id_cookie_str = self.request.cookies.get('user_id')

	if user_id_cookie_str:
	cookie_val = check_secure_val(user_id_cookie_str)
	if cookie_val:
	user_id = str(cookie_val)
	self.redirect("/welcome")
	else:
	self.render_newfront()

	hashish = None

	pw_hashish_salt = make_pw_hash(username, password, hashish)
	password_hash = pw_hashish_salt.split(',')[0]
	hashish = pw_hashish_salt.split(',')[1]
	a = User(username = username, password_hash = password_hash, hashish = hashish, email = email)
	a_key = a.put()

	new_cookie_val = make_secure_val(str(a_key.id()))

	self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)

	self.redirect('/welcome')

	class LoginPage(Handler):
	def render_newfront(self, username="", error=""):
	self.render("login.html", username=username, error=error)

	def get(self):
	self.response.headers['Content-Type'] = 'text/html'

	self.render_newfront()

	def post(self):

	username = self.request.get("username")
	password = self.request.get("password")

	v_username = valid_username(username)
	v_password = valid_password(password)

	error = ''
	valid = False

	if not v_username:
	error = "That is not a valid Username"
	self.render_newfront(username, error)
	elif not v_password:
	error = "That is not a valid Password."
	self.render_newfront(username, error)
	else:
	valid = True

	if valid == True:

	users = User.all()

	old_user = False

	for p in users:
	print p.username
	if p.username == username:
	old_user = True

	if old_user == True:
	error = "That user already exists."
	self.render_newfront('', error)

	else:
	user_id = None
	user_id_cookie_str = self.request.cookies.get('user_id')
	print user_id_cookie_str, "cookie str"
	if user_id_cookie_str:
	cookie_val = check_secure_val(user_id_cookie_str)
	if cookie_val:
	user_id = str(cookie_val)
	self.redirect("/welcome")
	else:
	self.render_newfront()

	hashish = None

	pw_hashish_salt = make_pw_hash(username, password, hashish)
	password_hash = pw_hashish_salt.split(',')[0]
	hashish = pw_hashish_salt.split(',')[1]
	a = User(username = username, password_hash = password_hash, hashish = hashish)
	a_key = a.put()

	new_cookie_val = make_secure_val(str(a_key.id()))
	print new_cookie_val, "new_cookie_val"

	self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)

	self.redirect('/blog')

	class Blog(Handler):
	def render_blogpage(self, subject="", content="", error=""):
	blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc")
	blogs = list(blogs)
	self.render("blog.html", subject=subject, content=content, error=error, blogs=blogs)

	def get(self):

	self.render_blogpage()

	class JsonBlog(Handler):
	def get(self):
	blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc limit 10")
	timeformat = '%a %b %d %H:%M:%S %y'
	pythondict = [{"subject": p.subject,
	"content":p.content,
	"created":p.created.strftime(timeformat)}
	for p in blogs]
	jsonString = json.dumps(pythondict)

	self.response.headers['Content-Type'] = 'application/json; charset=UTF-8'

	self.response.out.write(jsonString)

	class Json(Handler):
	def get(self):
	blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc limit 10")
	timeformat = '%a %b %d %H:%M:%S %y'
	pythondict = [{"subject": p.subject,
	"content":p.content,
	"created":p.created.strftime(timeformat)}
	for p in blogs]
	jsonString = json.dumps(pythondict)

	self.response.headers['Content-Type'] = 'application/json; charset=UTF-8'

	self.response.out.write(jsonString)

	class PostPage(Handler):
	def render_postpage(self, subject="", content="", error=""):
	blogs=db.GqlQuery("SELECT * FROM User ORDER By created Desc")
	blogs = list(blogs)
	self.render("newpost.html", subject=subject, content=content, error=error, blogs=blogs)

	def get(self):
	self.render_postpage()

	def post(self):
	subject = self.request.get("subject")
	content = self.request.get("content")

	if subject and content:
	post = User(subject = subject, content = content)
	post.put()

	self.redirect("/newpost/%s" % post.key().id())

	else:
	error = "We need both a subject and your content!"
	self.render_postpage(subject, content, error)

	class LatestPost(Handler):

	def get(self, post_id):
	post=User.get_by_id(int(post_id))
	self.render("latestpost.html", post=post)

	class WelcomePost(Handler):
	def render_welcome_post(self, username=""):
	self.render("welcome.html", username=username)

	def get(self):
	user_id_cookie_str = self.request.cookies.get('user_id')
	print user_id_cookie_str
	if user_id_cookie_str:
	cookie_val = check_secure_val(user_id_cookie_str)
	if cookie_val:
	user_id = str(cookie_val)
	user = User.get_by_id(int(user_id.split('\|')[0]))
	username = user.username
	self.render('welcome.html', username = username)
	else:
	self.redirect('/signup')

	class LogOutPage(Handler):

	def get(self):
	new_cookie_val = ""
	self.response.headers.add_header('Set-Cookie', 'user_id=%s; Path=/' % new_cookie_val)

	self.redirect('/signup')


	app = webapp2.WSGIApplication([('/', MainPage), ('.json', Json), ('/.json', JsonBlog), ('/blog', Blog), ('/blog.json', JsonBlog), ('/newpost', PostPage), ('/newpost/(\d+)', LatestPost), ('/signup', SignUpPage),('/welcome', WelcomePost), ('/login', LoginPage), ('/logout', LogOutPage)], debug = True)