fotohost/app/auth.py

from flask import Blueprint, flash, redirect, render_template, request, url_for
from flask_login import current_user, login_user, logout_user

from app import db
from app.folder_utils import process_pending_invites
from app.models import User

bp = Blueprint("auth", __name__, url_prefix="/auth")


@bp.route("/register", methods=["GET", "POST"])
def register():
    if current_user.is_authenticated:
        return redirect(url_for("cabinet.index"))

    if request.method == "POST":
        username = request.form.get("username", "").strip()
        email = request.form.get("email", "").strip().lower()
        password = request.form.get("password", "")
        password2 = request.form.get("password2", "")

        if len(username) < 3:
            flash("Имя пользователя — минимум 3 символа", "error")
        elif len(password) < 6:
            flash("Пароль — минимум 6 символов", "error")
        elif password != password2:
            flash("Пароли не совпадают", "error")
        elif User.query.filter_by(username=username).first():
            flash("Это имя пользователя уже занято", "error")
        elif User.query.filter_by(email=email).first():
            flash("Этот email уже зарегистрирован", "error")
        else:
            user = User(username=username, email=email)
            user.set_password(password)
            db.session.add(user)
            db.session.commit()
            login_user(user)
            accepted = process_pending_invites(user)
            flash("Регистрация успешна. Добро пожаловать!", "success")
            if accepted:
                flash(f"Вам открыт доступ к {accepted} общим папкам", "success")
            return redirect(url_for("cabinet.index"))

    return render_template("auth/register.html")


@bp.route("/login", methods=["GET", "POST"])
def login():
    if current_user.is_authenticated:
        return redirect(url_for("cabinet.index"))

    if request.method == "POST":
        login = request.form.get("login", "").strip()
        password = request.form.get("password", "")
        remember = request.form.get("remember") == "on"

        user = User.query.filter(
            (User.username == login) | (User.email == login.lower())
        ).first()

        if user is None or not user.check_password(password):
            flash("Неверный логин или пароль", "error")
        elif not user.is_active:
            flash("Аккаунт заблокирован", "error")
        else:
            login_user(user, remember=remember)
            accepted = process_pending_invites(user)
            flash(f"Добро пожаловать, {user.username}!", "success")
            if accepted:
                flash(f"Вам открыт доступ к {accepted} общим папкам", "success")
            next_page = request.args.get("next")
            if next_page:
                return redirect(next_page)
            if user.is_admin:
                return redirect(url_for("admin.dashboard"))
            return redirect(url_for("cabinet.index"))

    return render_template("auth/login.html")


@bp.route("/logout")
def logout():
    logout_user()
    flash("Вы вышли из аккаунта", "success")
    return redirect(url_for("main.index"))