Admin interfaces and problem validation

Author: iokiwi

.gitignore

@@ -1,5 +1,6 @@
 .env
 
+.ruff_cache/
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]

README.md

@@ -1,2 +1,24 @@
 # Race Condition
 
+This project uses [Poetry](https://python-poetry.org/docs/#installation)
+
+## Quick start
+
+```bash
+poetry install
+poetry shell
+flask --app race_condition init-db
+flask --app race_condition --debug run --host=0.0.0.0 --port=5000
+```
+
+# Administration
+
+Register an admin account ASAP. New admin registrations will not be accepted once the first user has been registered
+http://127.0.0.1:5000/auth/register
+
+List admin capabilities
+http://127.0.0.1:5000/admin
+
+Contestants never need to leave the root of the site http://127.0.0.1:5000/
+
+Admins can set the challenge that is active http://127.0.0.1:5000/problems/list/

poetry.lock

@@ -1,21 +1,20 @@
 [tool.poetry]
 name = "race-condition"
 version = "0.1.0"
-description = "A barebones FastAPI application."
+description = "A barebones Flask application."
 authors = ["Your Name <[email protected]>"]
 license = "MIT"
 
 [tool.poetry.dependencies]
 python = "^3.12"
-fastapi = "^0.112.1"
 uvicorn = "^0.30.6"
 python-dotenv = "^1.0.1"
 flask = "^3.0.3"
-flask-httpauth = "^4.8.0"
 markdown = "^3.7"
 
 [tool.poetry.dev-dependencies]
 pytest = "^7.1.2"
+ruff = "^0.6.1"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

pyproject.toml

@@ -0,0 +1,43 @@
+import os
+from flask import Flask
+from race_condition import settings
+
+def create_app(test_config=None):
+    # create and configure the app
+    app = Flask(__name__, instance_relative_config=True)
+    app.config.from_mapping(
+        SECRET_KEY=settings.SECRET_KEY,
+        DATABASE=os.path.join(app.instance_path, "race_condition.sqlite"),
+    )
+
+    if test_config is None:
+        # load the instance config, if it exists, when not testing
+        app.config.from_pyfile("config.py", silent=True)
+    else:
+        # load the test config if passed in
+        app.config.from_mapping(test_config)
+
+    # ensure the instance folder exists
+    try:
+        os.makedirs(app.instance_path)
+    except OSError:
+        pass
+
+    # a simple page that says hello
+    @app.route("/hello")
+    def hello():
+        return "Hello, World!"
+
+    from race_condition import db
+
+    db.init_app(app)
+
+    from race_condition import auth
+    from race_condition import problems
+    from race_condition import admin
+
+    app.register_blueprint(problems.bp)
+    app.register_blueprint(auth.bp)
+    app.register_blueprint(admin.bp)
+
+    return app

race_condition/__init__.py

@@ -0,0 +1,10 @@
+from flask import Blueprint, render_template
+from race_condition.auth import login_required
+
+bp = Blueprint("admin", __name__, url_prefix="/admin")
+
+@bp.route("/")
+@login_required
+def index():
+    template_vars = {}
+    return render_template("admin/index.html", **template_vars)

race_condition/admin.py

@@ -0,0 +1,107 @@
+import functools
+
+from flask import (
+    Blueprint,
+    flash,
+    g,
+    redirect,
+    render_template,
+    request,
+    session,
+    url_for,
+)
+from werkzeug.security import check_password_hash, generate_password_hash
+
+from race_condition.db import get_db
+from race_condition import settings
+
+bp = Blueprint("auth", __name__, url_prefix="/auth")
+
+
+@bp.route("/register", methods=("GET", "POST"))
+def register():
+    db = get_db()
+    cursor = db.execute("SELECT COUNT(*) FROM user")
+    count = cursor.fetchone()[0]
+    if count >= settings.REGISTRATION_LIMIT:
+        return "registration is closed", 403
+        # return 'There are rows in the database.'
+
+    if request.method == "POST":
+        username = request.form["username"]
+        password = request.form["password"]
+        error = None
+
+        if not username:
+            error = "Username is required."
+        elif not password:
+            error = "Password is required."
+
+        if error is None:
+            try:
+                db.execute(
+                    "INSERT INTO user (username, password) VALUES (?, ?)",
+                    (username, generate_password_hash(password)),
+                )
+                db.commit()
+            except db.IntegrityError:
+                error = f"User {username} is already registered."
+            else:
+                return redirect(url_for("auth.login"))
+
+        flash(error)
+
+    return render_template("auth/register.html")
+
+
+@bp.route("/login", methods=("GET", "POST"))
+def login():
+    if request.method == "POST":
+        username = request.form["username"]
+        password = request.form["password"]
+        db = get_db()
+        error = None
+        user = db.execute(
+            "SELECT * FROM user WHERE username = ?", (username,)
+        ).fetchone()
+
+        if user is None:
+            error = "Incorrect username."
+        elif not check_password_hash(user["password"], password):
+            error = "Incorrect password."
+
+        if error is None:
+            session.clear()
+            session["user_id"] = user["id"]
+            return redirect(url_for("admin.index"))
+        flash(error)
+    return render_template("auth/login.html")
+
+
+@bp.before_app_request
+def load_logged_in_user():
+    user_id = session.get("user_id")
+
+    if user_id is None:
+        g.user = None
+    else:
+        g.user = (
+            get_db().execute("SELECT * FROM user WHERE id = ?", (user_id,)).fetchone()
+        )
+
+
+@bp.route("/logout")
+def logout():
+    session.clear()
+    return redirect(url_for("problems.index"))
+
+
+def login_required(view):
+    @functools.wraps(view)
+    def wrapped_view(**kwargs):
+        if g.user is None:
+            return redirect(url_for("auth.login"))
+
+        return view(**kwargs)
+
+    return wrapped_view

race_condition/app.py

@@ -0,0 +1,39 @@
+import sqlite3
+
+import click
+from flask import current_app, g
+
+
+def get_db():
+    if "db" not in g:
+        g.db = sqlite3.connect(
+            current_app.config["DATABASE"], detect_types=sqlite3.PARSE_DECLTYPES
+        )
+        g.db.row_factory = sqlite3.Row
+
+    return g.db
+
+
+def close_db(e=None):
+    db = g.pop("db", None)
+
+    if db is not None:
+        db.close()
+
+
+def init_db():
+    db = get_db()
+    with current_app.open_resource("schema.sql") as f:
+        db.executescript(f.read().decode("utf8"))
+
+
+@click.command("init-db")
+def init_db_command():
+    """Clear the existing data and create new tables."""
+    init_db()
+    click.echo("Initialized the database.")
+
+
+def init_app(app):
+    app.teardown_appcontext(close_db)
+    app.cli.add_command(init_db_command)