]> Softwares of Agnibho - librevax.git/blobdiff - librevax.py
Database dump
[librevax.git] / librevax.py
index 86498df8f7a316a6931f43a52748f006a8562919..a9ce25019fcc910104957b7545d84eb217933dfb 100644 (file)
@@ -5,7 +5,7 @@
 # LibreVax is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 # You should have received a copy of the GNU General Public License along with LibreVax. If not, see <https://www.gnu.org/licenses/>.
 
-from flask import Flask, render_template, request, session, redirect, g
+from flask import Flask, render_template, request, session, redirect, send_file, g
 from urllib.parse import urlencode
 from datetime import datetime
 import json, sqlite3
@@ -25,8 +25,6 @@ def preload():
 @app.route("/")
 def index():
     try:
-        if((ret:=problem())!="go"):
-            return ret
         cursor=get_db().cursor()
         (ok, mc)=multicenter.read(cursor, session["mid"])
         if(not ok):
@@ -35,6 +33,8 @@ def index():
         if(not ok):
             raise exception(pat)
         return render_template("index.html", center=mc, patient=pat)
+    except KeyError as e:
+        return redirect("/login")
     except Exception as e:
         raise(e)
         return render_template("error.html", data=e)
@@ -67,6 +67,8 @@ def logout():
 
 @app.get("/admin")
 def admin(msg=None):
+    if((ret:=problem())!="go"):
+        return ret
     cursor=get_db().cursor()
     (ok, mc)=multicenter.list(cursor)
     if(not ok):
@@ -76,6 +78,8 @@ def admin(msg=None):
 
 @app.post("/newuser")
 def newuser():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if(auth.new(cursor, request.form["user"], request.form["pwd"], request.form["auth"])):
@@ -88,16 +92,18 @@ def newuser():
 
 @app.post("/changepass")
 def changepass():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if("user" in request.form.keys()):
-            if(auth.change(cursor, request.form["user"], request.form["new"])):
+            if(auth.changePass(cursor, request.form["user"], request.form["new"])):
                 return admin(msg="Password changed")
             else:
                 return admin(msg="Incorrect Password")
         elif(request.form["new"]==request.form["check"]):
             user=request.form.get("user", session["user"])
-            if(auth.change(cursor, user, request.form["new"], request.form["old"])):
+            if(auth.changePass(cursor, user, request.form["new"], request.form["old"])):
                 return admin(msg="Password changed")
             else:
                 return admin(msg="Incorrect Password")
@@ -109,6 +115,8 @@ def changepass():
 
 @app.post("/changeauth")
 def changeauth():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if(g.auth==auth.auth.ALL and "user" in request.form.keys() and "auth" in request.form.keys()):
@@ -124,6 +132,8 @@ def changeauth():
 
 @app.post("/deluser")
 def deluser():
+    if((ret:=problem())!="go"):
+        return ret
     try:
         cursor=get_db().cursor()
         if("user" in request.form.keys()):
@@ -833,6 +843,20 @@ def report(mid):
         raise(e)
         return render_template("error.html", data=e)
 
+@app.get("/dump")
+def dump(msg=None):
+    if((ret:=problem())!="go"):
+        return ret
+    try:
+        if(g.user!="admin"):
+            raise PermissionError
+        return send_file("data/database.db", as_attachment=True, download_name="backup-"+str(datetime.now())+".db")
+    except PermissionError as e:
+        return render_template("error.html", data="Access Denied")
+    except Exception as e:
+        raise(e)
+        return render_template("error.html", data=e)
+
 def get_db():
     db=getattr(g, "_database", None)
     if db is None:
@@ -850,7 +874,7 @@ def problem(access=""):
     if(auth.access()==auth.auth.ALL):
         return "go"
     else:
-        return redirect("/login")
+        return render_template("error.html", data="Access denied")
 
 @app.template_filter("format_date")
 def format_date(date):