Initial commit

2026-02-22 22:53:22 +11:00
commit ccdb3d8dc7
26 changed files with 2238 additions and 0 deletions
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -0,0 +1,72 @@
+from flask import Blueprint, render_template, request, redirect, url_for, session, flash
+from werkzeug.security import generate_password_hash, check_password_hash
+from app.db import query_one, execute_returning, execute
+
+bp = Blueprint("auth", __name__)
+
+
+@bp.route("/signup", methods=["GET", "POST"])
+def signup():
+    if request.method == "POST":
+        username = request.form.get("username", "").strip()
+        password = request.form.get("password", "")
+        display_name = request.form.get("display_name", "").strip()
+        height_cm = request.form.get("height_cm") or None
+        age = request.form.get("age") or None
+        gender = request.form.get("gender") or None
+        goal_weight_kg = request.form.get("goal_weight_kg") or None
+        starting_weight_kg = request.form.get("starting_weight_kg") or None
+
+        # Validation
+        if not username or not password:
+            flash("Username and password are required.", "error")
+            return render_template("signup.html"), 400
+
+        if len(password) < 4:
+            flash("Password must be at least 4 characters.", "error")
+            return render_template("signup.html"), 400
+
+        # Check if username taken
+        existing = query_one("SELECT id FROM users WHERE username = %s", (username,))
+        if existing:
+            flash("Username already taken.", "error")
+            return render_template("signup.html"), 400
+
+        # Create user
+        password_hash = generate_password_hash(password)
+        user = execute_returning(
+            """INSERT INTO users (username, password_hash, display_name, height_cm, age, gender, goal_weight_kg, starting_weight_kg)
+               VALUES (%s, %s, %s, %s, %s, %s, %s, %s) RETURNING id""",
+            (username, password_hash, display_name or username, height_cm, age, gender, goal_weight_kg, starting_weight_kg),
+        )
+
+        session["user_id"] = user["id"]
+        flash("Welcome! You're all signed up.", "success")
+        return redirect(url_for("dashboard.index"))
+
+    return render_template("signup.html")
+
+
+@bp.route("/login", methods=["GET", "POST"])
+def login():
+    if request.method == "POST":
+        username = request.form.get("username", "").strip()
+        password = request.form.get("password", "")
+
+        user = query_one("SELECT * FROM users WHERE username = %s", (username,))
+        if not user or not check_password_hash(user["password_hash"], password):
+            flash("Invalid username or password.", "error")
+            return render_template("login.html"), 401
+
+        session["user_id"] = user["id"]
+        next_url = request.args.get("next", url_for("dashboard.index"))
+        return redirect(next_url)
+
+    return render_template("login.html")
+
+
+@bp.route("/logout")
+def logout():
+    session.clear()
+    flash("You've been logged out.", "info")
+    return redirect(url_for("auth.login"))