# app/auth.py from flask import Blueprint, render_template, redirect, url_for, flash, request from flask_login import login_user, logout_user, login_required from werkzeug.security import generate_password_hash, check_password_hash from app import db from app.models import User from app.forms import RegistrationForm, LoginForm auth = Blueprint('auth', __name__, url_prefix='/auth') @auth.route('/register', methods=['GET', 'POST']) def register(): form = RegistrationForm() if form.validate_on_submit(): hashed_password = generate_password_hash(form.password.data) # Check if any users exist is_first_user = User.query.count() == 0 user = User( username=form.username.data, email=form.email.data, password_hash=hashed_password, is_admin=is_first_user # Make first user an admin ) db.session.add(user) db.session.commit() if is_first_user: flash('Account created as administrator.', 'success') else: flash('Account created! Please log in.', 'success') return redirect(url_for('auth.login')) return render_template('register.html', form=form) @auth.route('/login', methods=['GET', 'POST']) def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and check_password_hash(user.password_hash, form.password.data): login_user(user) return redirect(url_for('main.index')) else: flash('Login failed. Check username/password.', 'danger') return render_template('login.html', form=form) @auth.route('/logout') @login_required def logout(): logout_user() return redirect(url_for('main.index'))