changes of .env file

main.py

@@ -1,11 +1,9 @@
 from flask import Flask, render_template, request, redirect, url_for, send_from_directory, abort, flash,send_file ,jsonify
 import os
+from dotenv import load_dotenv
+load_dotenv()
 import pandas as pd
-import pymysql
-import io
-import mysql.connector
 from werkzeug.utils import secure_filename
-from datetime import datetime
 
 from AppCode.Config import DBConfig
 from AppCode.FileHandler import FileHandler
@@ -22,8 +20,8 @@ from AppCode.MatCreditHandler import MatCreditHandler
 
 # Server
 app = Flask(__name__)
-app.secret_key="secret1234"
-app.config['UPLOAD_FOLDER'] = FileHandler.UPLOAD_FOLDER
+app.secret_key=os.getenv("SECRET_KEY")
+
 auth = LoginAuth()
 app.register_blueprint(auth.bp)
 
@@ -40,13 +38,10 @@ def welcome():
 def index():
     return render_template('index.html')  
 
-# Ensure folder exists
-def allowed_file(filename):
-    return '.' in filename and filename.rsplit('.', 1)[1].lower() in FileHandler.ALLOWED_EXTENSIONS
-
-    
+ 
 # Upload File route
 @app.route('/upload', methods=['GET', 'POST'])
+@auth.login_required
 def upload_file():
     if request.method == 'POST':
         FileHandler.CHeckExistingOrCreateNewUploadFolder()
@@ -58,6 +53,7 @@ def upload_file():
  
 # View all documents with filters  
 @app.route('/documents')
+@auth.login_required
 def view_documents():
     docHandler = DocumentHandler()
     docHandler.View(request=request)
@@ -66,15 +62,15 @@ def view_documents():
 
 # Upload file documents
 @app.route('/uploads/<filename>')
+@auth.login_required
 def uploaded_file(filename):
     mode = request.args.get('mode', 'view')
-    filepath = os.path.join(app.config['UPLOAD_FOLDER'], secure_filename(filename))
+    filepath = os.path.join(FileHandler.UPLOAD_FOLDER, secure_filename(filename))
 
     if not os.path.exists(filepath):
         abort(404)
 
     file_ext = filename.rsplit('.', 1)[-1].lower()
-
     # --- View Mode ---
     if mode == 'view':
         if file_ext == 'pdf':
@@ -95,6 +91,7 @@ def uploaded_file(filename):
 
 ## 1. READ/DISPLAY all ITR records
 @app.route('/itr_records')
+@auth.login_required
 def display_itr():
     itr = ITRHandler()
     records = itr.get_all_itr()
@@ -104,6 +101,7 @@ def display_itr():
 
 ## 2. CREATE/ADD a new ITR record
 @app.route('/itr/add', methods=['GET', 'POST'])
+@auth.login_required
 def add_itr():
     if request.method == 'POST':
         itr = ITRHandler()
@@ -116,6 +114,7 @@ def add_itr():
 
 ## 4. DELETE an ITR record
 @app.route('/itr/delete/<int:id>', methods=['POST'])
+@auth.login_required
 def delete_itr(id):
     itr = ITRHandler()
     itr.delete_itr_by_id(id=id)
@@ -124,12 +123,13 @@ def delete_itr(id):
 
 ## 3. UPDATE an existing ITR record
 @app.route('/itr/update/<int:id>', methods=['GET', 'POST'])
+@auth.login_required
 def update_itr(id):
     itr = ITRHandler()
 
     if request.method == 'POST':
-        data = {k: request.form.get(k, 0) for k in request.form}
-        itr.update(id, data=data)
+        # data = {k: request.form.get(k, 0) for k in request.form}
+        itr.update(id, request.form)
         itr.close()
         return redirect(url_for('display_itr'))
 
@@ -146,6 +146,7 @@ def update_itr(id):
 
 # 1. DISPLAY all AO records
 @app.route('/ao_records')
+@auth.login_required
 def display_ao():
     ao = AOHandler()
     ao_records = ao.get_all_ao()
@@ -155,6 +156,7 @@ def display_ao():
 
 # 2. ADD a new AO record
 @app.route('/ao/add', methods=['GET', 'POST'])
+@auth.login_required
 def add_ao():
     if request.method == 'POST':
         ao = AOHandler()
@@ -166,6 +168,7 @@ def add_ao():
 
 # 3. UPDATE AO record
 @app.route('/ao/update/<int:id>', methods=['GET', 'POST'])
+@auth.login_required
 def update_ao(id):
     ao = AOHandler()
     record = ao.get_ao_by_id(id)
@@ -186,6 +189,7 @@ def update_ao(id):
 
 # 4. DELETE AO record safely
 @app.route('/ao/delete/<int:id>', methods=['POST'])
+@auth.login_required
 def delete_ao(id):
     ao = AOHandler()
     ao.delete_ao_by_id(id=id)
@@ -201,6 +205,7 @@ def delete_ao(id):
 
 # 1 DISPLAY all CIT records
 @app.route('/cit_records')
+@auth.login_required
 def display_cit():
     cit = CITHandler()
     cit_records = cit.get_all_cit()
@@ -209,6 +214,7 @@ def display_cit():
 
 # 2 new CIT records add
 @app.route('/cit/add', methods=['GET', 'POST'])
+@auth.login_required
 def add_cit():
     if request.method == 'POST':
         cit = CITHandler()
@@ -221,6 +227,7 @@ def add_cit():
 
 # 3 delete CIT records by id
 @app.route('/cit/delete/<int:id>', methods=['POST'])
+@auth.login_required
 def delete_cit(id):
     cit = CITHandler()
     cit.delete_cit(id)
@@ -230,6 +237,7 @@ def delete_cit(id):
 
 # 4 update CIT records by id
 @app.route('/cit/update/<int:id>', methods=['GET', 'POST'])
+@auth.login_required
 def update_cit(id):
     cit = CITHandler()
     record = cit.get_cit_by_id(id)
@@ -239,8 +247,8 @@ def update_cit(id):
         return "CIT record not found", 404
 
     if request.method == 'POST':
-        data = {k: request.form.get(k, 0) for k in request.form}
-        cit.update_cit(id, data)
+        # data = {k: request.form.get(k, 0) for k in request.form}
+        cit.update_cit(id, request.form)
         cit.close()
         return redirect(url_for('display_cit'))
 
@@ -254,6 +262,7 @@ def update_cit(id):
 
 # 1.DISPLAY all ITAT records
 @app.route('/itat_records')
+@auth.login_required
 def display_itat():
     itat = ITATHandler()
     records = itat.get_all_itat()
@@ -262,6 +271,7 @@ def display_itat():
 
 # 2.Add new ITAT records
 @app.route('/itat/add', methods=['GET', 'POST'])
+@auth.login_required
 def add_itat():
     if request.method == 'POST':
         itat = ITATHandler()
@@ -275,6 +285,7 @@ def add_itat():
 
 # 3.Update ITAT records by id
 @app.route('/itat/update/<int:id>', methods=['GET', 'POST'])
+@auth.login_required
 def update_itat(id):
     itat = ITATHandler()
     record = itat.get_itat_by_id(id)
@@ -294,6 +305,7 @@ def update_itat(id):
 
 # 3.delete ITAT records by id
 @app.route('/itat/delete/<int:id>', methods=['POST'])
+@auth.login_required
 def delete_itat(id):
     itat = ITATHandler()
     itat.delete_itat_by_id(id)
@@ -307,11 +319,13 @@ def delete_itat(id):
 ## =======================================================
 # report page
 @app.route('/reports')
+@auth.login_required
 def reports():
     return render_template("reports.html")
 
 # Itr report download by year
 @app.route('/itr_report', methods=['GET'])
+@auth.login_required
 def itr_report():
     yearGetter = YearGet()
     selected_year = request.args.get('year')
@@ -338,6 +352,7 @@ def itr_report():
 
 # Ao report download by year
 @app.route('/ao_report', methods=['GET'])
+@auth.login_required
 def ao_report():
     yearGetter = YearGet()
     selected_year = request.args.get('year')
@@ -365,6 +380,7 @@ def ao_report():
    
 # Cit report download by year
 @app.route('/cit_report', methods=['GET'])
+@auth.login_required
 def cit_report():
     selected_year = request.args.get('year')
     yearGetter = YearGet()
@@ -393,6 +409,7 @@ def cit_report():
 
 # Itat report download by year
 @app.route('/itat_report', methods=['GET'])
+@auth.login_required
 def itat_report():
     selected_year = request.args.get('year')
     yearGetter = YearGet()
@@ -421,34 +438,28 @@ def itat_report():
 
 # summary report
 @app.route('/summary_report', methods=['GET'])
+@auth.login_required
 def summary_report():
     docHandler = DocumentHandler()
     return docHandler.Summary_report(request=request)
 
 
-# new new -- check year in table existe or not by using ajax calling.
-@app.route('/check_year', methods=['POST'])
-def check_year():
-    table_name = request.json.get("table")
-    year = request.json.get("year")
+# check year in table existe or not by using ajax calling.
+# @app.route('/check_year', methods=['POST'])
+# @auth.login_required
+# def check_year():
+#     data = request.get_json()
+#     table_name = data.get("table")
+#     year = data.get("year")
 
-    conn = DBConfig.get_db_connection()
-    cursor = conn.cursor()
-
-    sqlstr = f"SELECT COUNT(*) FROM {table_name} WHERE year = %s"
-    cursor.execute(sqlstr, (year,))
-    result = cursor.fetchone()[0]
-
-    cursor.close()
-    conn.close()
-
-    return {"exists": result > 0}
-
-# new new 
+#     check_year_obj = YearGet()
+#     result = check_year_obj.CheckYearExists(table_name, year)
+#     check_year_obj.close()
 
 
 # Mat credit from 
 @app.route("/mat_credit", methods=["GET"])
+@auth.login_required
 def mat_credit():
 
     mat= MatCreditHandler()
@@ -473,6 +484,7 @@ def mat_credit():
 
 # save mat credit row data
 @app.route("/save_mat_row", methods=["POST"])
+@auth.login_required
 def save_mat_row():
     mat= MatCreditHandler()
     try:
@@ -483,6 +495,7 @@ def save_mat_row():
 
 # save mat credit bulk data
 @app.route("/save_mat_all", methods=["POST"])
+@auth.login_required
 def save_mat_all():
     mat= MatCreditHandler()
     try:
@@ -492,6 +505,10 @@ def save_mat_all():
         return jsonify({"error": str(e)}), 500
 
 
-# run 
+# run server
 if __name__ == '__main__':
-      app.run(host='0.0.0.0', port=5003, debug=True)
+    app.run(
+        host=os.getenv("FLASK_HOST"),
+        port=int(os.getenv("FLASK_PORT")),
+        debug=os.getenv("FLASK_DEBUG") == "true"
+    )