From 9dbd814f6c3520d506247b70bfce1bd643bbd969 Mon Sep 17 00:00:00 2001 From: Khaled Mahfouz Date: Wed, 1 Oct 2025 11:12:20 +0300 Subject: [PATCH] fixing Hardcoded Non-Cryptographic Secret and change the port to 8080 . - version : 2.6 - Details : adding .env file that has the secret key and use it .. using different python modules and removing the unused route `/add_lesson`. //############################################// modified: .gitignore modified: app.py modified: requirements.txt modified: serve.sh //############################################// --- .gitignore | 1 + app.py | 60 +++++++++++++++--------------------------------- requirements.txt | 1 + serve.sh | 2 +- 4 files changed, 21 insertions(+), 43 deletions(-) diff --git a/.gitignore b/.gitignore index e1ba161..96f327a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ __pycache__ *.db databases +.env diff --git a/app.py b/app.py index 5d4d6a1..0517c65 100644 --- a/app.py +++ b/app.py @@ -6,19 +6,32 @@ import os from flask import Flask, render_template, request, redirect, url_for, flash, send_from_directory import datetime from typing import Any +from dotenv import load_dotenv +load_dotenv() # --- App Setup --- app = Flask(__name__) -app.secret_key = 'your_super_secret_key_12345' +app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY') or 'dev-secret-key' app.config['PHONE_REGEX'] = re.compile(r'^09\d{8}$') # Syrian phone format # Define the path to the database folder -DATABASE_FOLDER = os.path.join(app.root_path, 'databases') -DATABASE_FILE = os.path.join(DATABASE_FOLDER, 'students.db') +env_db_file = os.environ.get('DATABASE_FILE') +env_db_folder = os.environ.get('DATABASE_FOLDER') + +if env_db_file: + DATABASE_FILE = env_db_file + DATABASE_FOLDER = os.path.dirname(DATABASE_FILE) or os.path.join(app.root_path, 'databases') +elif env_db_folder: + DATABASE_FOLDER = env_db_folder + DATABASE_FILE = os.path.join(DATABASE_FOLDER, 'students.db') +else: + DATABASE_FOLDER = os.path.join(app.root_path, 'databases') + DATABASE_FILE = os.path.join(DATABASE_FOLDER, 'students.db') # --- Improved Database Functions --- def get_db_connection(): - os.makedirs(DATABASE_FOLDER, exist_ok=True) + db_dir = os.path.dirname(DATABASE_FILE) or DATABASE_FOLDER + os.makedirs(db_dir, exist_ok=True) conn = sqlite3.connect(DATABASE_FILE, timeout=30) # Increase timeout to 30 seconds conn.row_factory = sqlite3.Row # Enable WAL mode for better concurrency @@ -641,43 +654,6 @@ def get_students_with_attendance(conn): return students_data -# NEW: Route to add a lesson manually -@app.route('/add_lesson', methods=['POST']) -def add_lesson(): - conn = None - try: - lesson_date = request.form.get('lesson_date', datetime.date.today().isoformat()) - - conn = get_db_connection() - conn.execute('BEGIN IMMEDIATE TRANSACTION') - - # Create new lesson - conn.execute('INSERT INTO lessons (lesson_date) VALUES (?)', (lesson_date,)) - - # Update total lessons - current_total = get_total_lessons(conn) - update_total_lessons(conn, current_total + 1) - - conn.commit() - flash('تم إضافة درس جديد بنجاح!', 'success') - - except sqlite3.OperationalError as e: - if conn: - conn.rollback() - if 'locked' in str(e): - flash('قاعدة البيانات مشغولة حالياً. الرجاء المحاولة مرة أخرى بعد بضع ثوانٍ.', 'danger') - else: - flash(f'خطأ في قاعدة البيانات: {str(e)}', 'danger') - except Exception as e: - if conn: - conn.rollback() - flash(f'خطأ في إضافة الدرس: {str(e)}', 'danger') - finally: - if conn: - conn.close() - - return redirect(url_for('record')) - # NEW: Route to get attendance history for a student @app.route('/student_attendance/') def student_attendance(student_id): @@ -702,4 +678,4 @@ def student_attendance(student_id): return redirect(url_for('record')) if __name__ == '__main__': - app.run(debug=True) + app.run() diff --git a/requirements.txt b/requirements.txt index d3e0775..01e92c5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ Flask==3.1.1 gunicorn==23.0.0 +python-dotenv==1.1.1 diff --git a/serve.sh b/serve.sh index f43cd05..b3d7a87 100644 --- a/serve.sh +++ b/serve.sh @@ -1 +1 @@ -gunicorn -w 4 -b 127.0.0.1:8000 app:app +gunicorn -w 4 -b 127.0.0.1:8080 app:app