1 files changed, 50 insertions, 0 deletions

diff --git a/auth.py b/auth.py
new file mode 100644
index 0000000..43adabc
--- /dev/null
+++ b/auth.py
@@ -0,0 +1,50 @@
+# external libraries
+from flask import Blueprint, render_template, redirect, url_for, flash, request
+from flask_login import login_user, login_required, logout_user
+from werkzeug.security import generate_password_hash, check_password_hash
+
+# internal code
+from . import db
+
+auth = Blueprint('auth', __name__)
+
+@auth.route('/login', methods=["GET", "POST"])
+def login():
+    if request.method == "GET":
+        return render_template("login.html")
+    elif request.method == "POST":
+        email = request.form.get('email')
+        password = request.form.get('password')
+        remember = True if request.form.get('remember') else False
+
+        user = db.get_user(email)
+        if not user or not check_password_hash(user.password, password):
+            flash('Please check your login details and try again.')
+            return redirect(url_for('auth.login')) 
+
+        login_user(user, remember=remember)
+        return redirect(url_for('main.home'))
+
+
+@auth.route('/signup', methods=["GET", "POST"])
+def signup():
+    if request.method == "GET":
+        return render_template("signup.html")
+    elif request.method == "POST":
+        # code to validate and add user to database goes here
+        email = request.form.get('email')
+        name = request.form.get('name')
+        password = request.form.get('password')
+
+        if db.get_user(email):
+            flash('Email address already exists')
+            return redirect(url_for('auth.signup'))
+
+        db.add_user(email=email, name=name, password=generate_password_hash(password, method='pbkdf2:sha256'))
+        return redirect(url_for('auth.login'))
+
+@auth.route('/logout', methods=["GET"])
+@login_required
+def logout():
+    logout_user()
+    return redirect(url_for("main.home"))