cleanup

.env.template

@@ -0,0 +1,5 @@
+ALERTUS_USER = XXX
+
+ALERTUS_PASS = XXX
+
+SECRET_KEY = XXX

.gitignore

@@ -1,3 +1,4 @@
+*.env
 *.log
 *.db
 *.pyc

RUNTIME_INSTRUCTIONS.md

@@ -1,5 +1,9 @@
 Note:
-A few things where unclear for me in the instructions. When changing settings, should only the next calls to the api be based on the new settings, or should the whole app reflect the new settings. Currently its the ladder and all data is reset to be based on the updated settings. Also, the settings file is never actually modified, the state of the settings is just managed in memory. Additionally, the instructions name the db as one of the 'deliverables'
+A few things where unclear for me in the instructions. When changing settings, should only the next calls to the api be based on the new settings, or should the whole app reflect the new settings? Currently its the ladder and all data is reset to be based on the updated settings. Also, the settings file is never actually modified, the state of the settings is just managed in memory. Additionally, the instructions name the db and the virtual environment are listed as 'deliverables'. But from my experience its quite bad practice to upload these. They will be created when running the startup script. I can upload the local copies I have if needed, just not sure that is expected or needed.
+
+
+For best security practices, all credentials are managed as environment variables. So first create a .env file from the template and fill in necessary values. 
+Something like: cat .env.template >> .env && vim .env
 
 
 macOS & Linux
@@ -10,8 +14,6 @@ macOS & Linux
     - python app.py
 
 Windows
-    - bash startup.sh
-    or
     - make a virtual env and activate
     - install deps
     - python app.py

app.py

@@ -1,10 +1,15 @@
-from crypt import methods
+import constants
 from manager import WeatherDataManager
 from flask import Flask, jsonify, redirect, url_for, request, render_template
+from flask_wtf.csrf import CSRFProtect
 
 weather_data_manager = WeatherDataManager()
 
 app = Flask(__name__)
+app.config["SECRET_KEY"] = constants.SECRET_KEY
+CSRFProtect(app)
+
+
 
 @app.route("/error", methods=["GET"])
 def error():
@@ -37,4 +42,5 @@ def settings():
         return render_template("settings.html", data=data)
 
 if __name__ == "__main__":
-    app.run()
+    app.run(host='0.0.0.0', port=5000)        
+

constants.py

@@ -1,6 +1,14 @@
 import os
+from dotenv import load_dotenv
 
-LOG_FILE = os.path.abspath(os.path.join(os.path.dirname(__file__), "alertus_logs.log"))
+load_dotenv()
+
+
+ALERTUS_USER = os.getenv("ALERTUS_USER")
+
+ALERTUS_PASS = os.getenv("ALERTUS_PASS")
+
+SECRET_KEY = os.getenv("SECRET_KEY")
 
 DATABASE_URL = os.path.abspath(
     os.path.join(os.path.dirname(__file__), "weather_data.db")
@@ -16,6 +24,3 @@
     "https://demo.alertustech.com/alertusmw/services/rest/presets"
 )
 
-ALERTUS_USER = "devcandidate"
-
-ALERTUS_PASS = "gooWmJQe"

manager.py

@@ -3,7 +3,6 @@
 import time
 
 import dateutil.parser
-from itsdangerous import json
 import requests
 from peewee import SqliteDatabase
 from playhouse.shortcuts import model_to_dict
@@ -143,7 +142,6 @@ def _send_alert(self, model: db.Weather):
             model.third_forecast > int(self.thresh)
             ]):
             alert_data = self._get_first_preset_alert()            
-
             resp = requests.post(
                 headers={'Content-type': 'application/json'},
                 url=f"{constants.ALERTUS_POST_API_ENDPOINT}/{alert_data.get('id')}", 

requirements.txt

@@ -1,24 +1,17 @@
-python-dateutil==2.8.2
-certifi==2021.10.8
-charset-normalizer==2.0.10
-click==8.0.3
-Flask==2.0.2
-idna==3.3
-itsdangerous==2.0.1
-Jinja2==3.0.3
-MarkupSafe==2.0.1
-requests==2.27.1
-urllib3==1.26.8
-Werkzeug==2.0.2
 certifi==2021.10.8
-charset-normalizer==2.0.10
+charset-normalizer==2.0.11
 click==8.0.3
 Flask==2.0.2
+Flask-WTF==1.0.0
 idna==3.3
 itsdangerous==2.0.1
 Jinja2==3.0.3
 MarkupSafe==2.0.1
 peewee==3.14.8
+python-dateutil==2.8.2
+python-dotenv==0.19.2
 requests==2.27.1
+six==1.16.0
 urllib3==1.26.8
 Werkzeug==2.0.2
+WTForms==3.0.1

start_up.sh

@@ -10,7 +10,7 @@ python3 -m virtualenv env
 source env/bin/activate
 
 # Install reqs
-pip install -r requiremnets.txt
+pip install -r requirements.txt
 
 # Start app
 python app.py

templates/settings.html

@@ -66,6 +66,7 @@ <h5 class="modal-title" id="exampleModalLabel">Activating new alerts...</h5>
             <h3>Settings</h3>
             <hr />
             <form method="post">
+              <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
               <div class="form-group">
                 <label for="exampleInputEmail1">Latitude</label>
                 <input name="latitude" class="form-control" value="{{ data['latitude']}}">