Update app.py

app.py

@@ -1,4 +1,5 @@
-from flask import Flask, request, jsonify, render_template_string
+from flask import Flask, request, jsonify, render_template_string, redirect, session
+from google_auth_oauthlib.flow import Flow
 from google.oauth2.credentials import Credentials
 from googleapiclient.discovery import build
 from googleapiclient.http import MediaIoBaseUpload
@@ -7,154 +8,226 @@ import io
 import datetime
 
 app = Flask(__name__)
+app.secret_key = os.environ.get('FLASK_SECRET_KEY')
 
 SPREADSHEET_ID = '1rcIJflbC1VIc70F6dnASLFvGQ90TXHhCx0iyxsXR7Ww'
 FOLDER_ID = '1brmLNqOMCvRS0TDY6ECHvIBmlRx8pcPz'
 
-# OAuth 2.0 credentials
-CREDENTIALS = {
-    'token': None,
-    'refresh_token': None,
-    'token_uri': 'https://oauth2.googleapis.com/token',
-    'client_id': os.environ.get('GOOGLE_CLIENT_ID'),
-    'client_secret': os.environ.get('GOOGLE_CLIENT_SECRET'),
-    'scopes': ['https://www.googleapis.com/auth/spreadsheets', 
-               'https://www.googleapis.com/auth/drive.file']
+# OAuth 2.0 configuration
+CLIENT_CONFIG = {
+    "web": {
+        "client_id": os.environ.get('GOOGLE_CLIENT_ID'),
+        "client_secret": os.environ.get('GOOGLE_CLIENT_SECRET'),
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "redirect_uris": ["https://euler314-purchase-record.hf.space/oauth2callback"]
+    }
 }
 
+SCOPES = [
+    'https://www.googleapis.com/auth/spreadsheets',
+    'https://www.googleapis.com/auth/drive.file'
+]
+
+HTML_TEMPLATfrom flask import Flask, request, jsonify, render_template_string, redirect, session
+from google_auth_oauthlib.flow import Flow
+from google.oauth2.credentials import Credentials
+from googleapiclient.discovery import build
+from googleapiclient.http import MediaIoBaseUpload
+import os
+import io
+import datetime
+
+app = Flask(__name__)
+app.secret_key = os.environ.get('FLASK_SECRET_KEY')
+
+SPREADSHEET_ID = '1rcIJflbC1VIc70F6dnASLFvGQ90TXHhCx0iyxsXR7Ww'
+FOLDER_ID = '1brmLNqOMCvRS0TDY6ECHvIBmlRx8pcPz'
+
+# OAuth 2.0 configuration
+CLIENT_CONFIG = {
+    "web": {
+        "client_id": os.environ.get('GOOGLE_CLIENT_ID'),
+        "client_secret": os.environ.get('GOOGLE_CLIENT_SECRET'),
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "redirect_uris": ["https://euler314-purchase-record.hf.space/oauth2callback"]
+    }
+}
+
+SCOPES = [
+    'https://www.googleapis.com/auth/spreadsheets',
+    'https://www.googleapis.com/auth/drive.file'
+]
+
 HTML_TEMPLATE = '''
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Purchase Record Form</title>
-    <meta charset="UTF-8">
-    <style>
-        body { 
-            font-family: Arial, sans-serif; 
-            max-width: 600px; 
-            margin: 20px auto;
-            padding: 20px;
-        }
-        .form-group { 
-            margin-bottom: 20px; 
-        }
-        label { 
-            display: block; 
-            margin-bottom: 8px;
-            font-weight: bold;
-        }
-        input { 
-            width: 100%; 
-            padding: 10px; 
-            border: 1px solid #ddd; 
-            border-radius: 4px;
-            font-size: 16px;
-        }
-        button { 
-            background-color: #4CAF50; 
-            color: white; 
-            padding: 12px 24px; 
-            border: none; 
-            border-radius: 4px; 
-            cursor: pointer;
-            font-size: 16px;
-            width: 100%;
-        }
-        button:hover { 
-            background-color: #45a049; 
-        }
-        #status { 
-            margin-top: 20px; 
-            padding: 15px;
-            border-radius: 4px;
-            display: none;
-        }
-        .success { 
-            background-color: #dff0d8; 
-            color: #3c763d; 
-        }
-        .error { 
-            background-color: #f2dede; 
-            color: #a94442; 
+[Previous HTML template remains the same]
+'''
+
+@app.route('/')
+def index():
+    if 'credentials' not in session:
+        return redirect('/login')
+    return render_template_string(HTML_TEMPLATE)
+
+@app.route('/login')
+def login():
+    flow = Flow.from_client_config(
+        CLIENT_CONFIG,
+        scopes=SCOPES,
+        redirect_uri=CLIENT_CONFIG['web']['redirect_uris'][0]
+    )
+    authorization_url, state = flow.authorization_url(
+        access_type='offline',
+        include_granted_scopes='true'
+    )
+    session['state'] = state
+    return redirect(authorization_url)
+
+@app.route('/oauth2callback')
+def oauth2callback():
+    flow = Flow.from_client_config(
+        CLIENT_CONFIG,
+        scopes=SCOPES,
+        state=session['state'],
+        redirect_uri=CLIENT_CONFIG['web']['redirect_uris'][0]
+    )
+    
+    authorization_response = request.url
+    flow.fetch_token(authorization_response=authorization_response)
+    
+    credentials = flow.credentials
+    session['credentials'] = {
+        'token': credentials.token,
+        'refresh_token': credentials.refresh_token,
+        'token_uri': credentials.token_uri,
+        'client_id': credentials.client_id,
+        'client_secret': credentials.client_secret,
+        'scopes': credentials.scopes
+    }
+    
+    return redirect('/')
+
+def get_credentials():
+    if 'credentials' not in session:
+        return None
+    return Credentials(**session['credentials'])
+
+@app.route('/submit', methods=['POST'])
+def submit():
+    credentials = get_credentials()
+    if not credentials:
+        return jsonify({'success': False, 'message': 'Authentication required'})
+
+    try:
+        name = request.form['name']
+        student_id = request.form['studentId']
+        product = request.form['product']
+        cost = request.form['cost']
+        file = request.files['receipt']
+
+        # Upload file to Drive
+        drive_service = build('drive', 'v3', credentials=credentials)
+        
+        file_metadata = {
+            'name': f"{student_id}_{datetime.datetime.now().strftime('%Y%m%d_%H%M%S')}_{file.filename}",
+            'parents': [FOLDER_ID]
         }
-    </style>
-</head>
-<body>
-    <h2>購買記錄表單 Purchase Record Form</h2>
-    <form id="purchaseForm">
-        <div class="form-group">
-            <label for="name">姓名 Name:</label>
-            <input type="text" id="name" name="name" required>
-        </div>
         
-        <div class="form-group">
-            <label for="studentId">學號 Student ID:</label>
-            <input type="text" id="studentId" name="studentId" required>
-        </div>
+        media = MediaIoBaseUpload(
+            io.BytesIO(file.read()),
+            mimetype=file.content_type,
+            resumable=True
+        )
         
-        <div class="form-group">
-            <label for="product">購買商品 Product:</label>
-            <input type="text" id="product" name="product" required>
-        </div>
+        uploaded_file = drive_service.files().create(
+            body=file_metadata,
+            media_body=media,
+            fields='id,webViewLink'
+        ).execute()
         
-        <div class="form-group">
-            <label for="cost">金額 Cost:</label>
-            <input type="number" id="cost" name="cost" required>
-        </div>
+        file_url = uploaded_file.get('webViewLink', '')
+
+        # Update Google Sheet
+        sheets_service = build('sheets', 'v4', credentials=credentials)
         
-        <div class="form-group">
-            <label for="receipt">發票 Receipt:</label>
-            <input type="file" id="receipt" name="receipt" accept="image/*,.pdf" required>
-        </div>
+        timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+        ip_address = request.remote_addr
+
+        values = [[name, student_id, product, cost, file_url, timestamp, ip_address]]
+        body = {'values': values}
         
-        <button type="submit">提交 Submit</button>
-    </form>
-    <div id="status"></div>
-
-    <script>
-        document.getElementById('purchaseForm').addEventListener('submit', async (e) => {
-            e.preventDefault();
-            
-            const status = document.getElementById('status');
-            status.style.display = 'block';
-            status.textContent = '提交中... Submitting...';
-            status.className = '';
-            
-            const formData = new FormData(e.target);
-            
-            try {
-                const response = await fetch('/submit', {
-                    method: 'POST',
-                    body: formData
-                });
-                
-                const result = await response.json();
-                
-                if (result.success) {
-                    status.className = 'success';
-                    status.textContent = '提交成功！ ' + result.message;
-                    e.target.reset();
-                } else {
-                    status.className = 'error';
-                    status.textContent = '錯誤：' + result.message;
-                }
-            } catch (error) {
-                status.className = 'error';
-                status.textContent = '提交錯誤 Error submitting form';
-            }
-        });
-    </script>
-</body>
-</html>
-'''
+        sheets_service.spreadsheets().values().append(
+            spreadsheetId=SPREADSHEET_ID,
+            range='Sheet1!A:G',
+            valueInputOption='USER_ENTERED',
+            body=body
+        ).execute()
+
+        return jsonify({'success': True, 'message': 'Data submitted successfully!'})
+
+    except Exception as e:
+        return jsonify({'success': False, 'message': f'Error: {str(e)}'})
+
+if __name__ == '__main__':
+    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
+    app.run(host='0.0.0.0', port=7860)
 
-# Single route definition for index
 @app.route('/')
 def index():
+    if 'credentials' not in session:
+        return redirect('/login')
     return render_template_string(HTML_TEMPLATE)
 
+@app.route('/login')
+def login():
+    flow = Flow.from_client_config(
+        CLIENT_CONFIG,
+        scopes=SCOPES,
+        redirect_uri=CLIENT_CONFIG['web']['redirect_uris'][0]
+    )
+    authorization_url, state = flow.authorization_url(
+        access_type='offline',
+        include_granted_scopes='true'
+    )
+    session['state'] = state
+    return redirect(authorization_url)
+
+@app.route('/oauth2callback')
+def oauth2callback():
+    flow = Flow.from_client_config(
+        CLIENT_CONFIG,
+        scopes=SCOPES,
+        state=session['state'],
+        redirect_uri=CLIENT_CONFIG['web']['redirect_uris'][0]
+    )
+    
+    authorization_response = request.url
+    flow.fetch_token(authorization_response=authorization_response)
+    
+    credentials = flow.credentials
+    session['credentials'] = {
+        'token': credentials.token,
+        'refresh_token': credentials.refresh_token,
+        'token_uri': credentials.token_uri,
+        'client_id': credentials.client_id,
+        'client_secret': credentials.client_secret,
+        'scopes': credentials.scopes
+    }
+    
+    return redirect('/')
+
+def get_credentials():
+    if 'credentials' not in session:
+        return None
+    return Credentials(**session['credentials'])
+
 @app.route('/submit', methods=['POST'])
 def submit():
+    credentials = get_credentials()
+    if not credentials:
+        return jsonify({'success': False, 'message': 'Authentication required'})
+
     try:
         name = request.form['name']
         student_id = request.form['studentId']
@@ -162,8 +235,6 @@ def submit():
         cost = request.form['cost']
         file = request.files['receipt']
 
-        credentials = Credentials.from_authorized_user_info(CREDENTIALS)
-
         # Upload file to Drive
         drive_service = build('drive', 'v3', credentials=credentials)
         
@@ -208,4 +279,5 @@ def submit():
         return jsonify({'success': False, 'message': f'Error: {str(e)}'})
 
 if __name__ == '__main__':
+    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
     app.run(host='0.0.0.0', port=7860)