Update app.py

app.py

@@ -1,92 +1,113 @@
-from flask import Flask, render_template, request, jsonify, session
-from google_auth_oauthlib.flow import InstalledAppFlow
+from flask import Flask, request, jsonify, render_template_string
 from google.oauth2.credentials import Credentials
 from googleapiclient.discovery import build
 from googleapiclient.http import MediaIoBaseUpload
-from google.auth.transport.requests import Request
-import pickle
 import os
 import io
 import datetime
 
 app = Flask(__name__)
-app.secret_key = 'your-secret-key'  # Change this to a random secure string
-
-# If modifying these scopes, delete the file token.pickle.
-SCOPES = ['https://www.googleapis.com/auth/spreadsheets', 
-          'https://www.googleapis.com/auth/drive.file']
 
 SPREADSHEET_ID = '1rcIJflbC1VIc70F6dnASLFvGQ90TXHhCx0iyxsXR7Ww'
 FOLDER_ID = '1brmLNqOMCvRS0TDY6ECHvIBmlRx8pcPz'
 
-def get_google_auth():
-    creds = None
-    # The file token.pickle stores the user's access and refresh tokens
-    if os.path.exists('token.pickle'):
-        with open('token.pickle', 'rb') as token:
-            creds = pickle.load(token)
-    
-    # If there are no (valid) credentials available, let the user log in.
-    if not creds or not creds.valid:
-        if creds and creds.expired and creds.refresh_token:
-            creds.refresh(Request())
-        else:
-            flow = InstalledAppFlow.from_client_secrets_file(
-                'client_secret.json', SCOPES)
-            creds = flow.run_local_server(port=0)
-        # Save the credentials for the next run
-        with open('token.pickle', 'wb') as token:
-            pickle.dump(creds, token)
-    
-    return creds
+# OAuth 2.0 credentials
+CREDENTIALS = {
+    'token': None,
+    'refresh_token': None,
+    'token_uri': 'https://oauth2.googleapis.com/token',
+    'client_id': os.environ.get('GOOGLE_CLIENT_ID'),
+    'client_secret': os.environ.get('GOOGLE_CLIENT_SECRET'),
+    'scopes': ['https://www.googleapis.com/auth/spreadsheets', 
+               'https://www.googleapis.com/auth/drive.file']
+}
 
-# HTML template (same as before)
 HTML_TEMPLATE = '''
 <!DOCTYPE html>
 <html>
 <head>
     <title>Purchase Record Form</title>
+    <meta charset="UTF-8">
     <style>
-        body { font-family: Arial, sans-serif; margin: 20px; max-width: 600px; margin: 0 auto; }
-        .form-group { margin-bottom: 15px; }
-        label { display: block; margin-bottom: 5px; }
-        input { width: 100%; padding: 8px; margin-bottom: 10px; border: 1px solid #ddd; border-radius: 4px; }
-        button { background-color: #4CAF50; color: white; padding: 10px 20px; border: none; border-radius: 4px; cursor: pointer; }
-        button:hover { background-color: #45a049; }
-        #status { margin-top: 20px; padding: 10px; display: none; }
-        .success { background-color: #dff0d8; color: #3c763d; }
-        .error { background-color: #f2dede; color: #a94442; }
+        body { 
+            font-family: Arial, sans-serif; 
+            max-width: 600px; 
+            margin: 20px auto;
+            padding: 20px;
+        }
+        .form-group { 
+            margin-bottom: 20px; 
+        }
+        label { 
+            display: block; 
+            margin-bottom: 8px;
+            font-weight: bold;
+        }
+        input { 
+            width: 100%; 
+            padding: 10px; 
+            border: 1px solid #ddd; 
+            border-radius: 4px;
+            font-size: 16px;
+        }
+        button { 
+            background-color: #4CAF50; 
+            color: white; 
+            padding: 12px 24px; 
+            border: none; 
+            border-radius: 4px; 
+            cursor: pointer;
+            font-size: 16px;
+            width: 100%;
+        }
+        button:hover { 
+            background-color: #45a049; 
+        }
+        #status { 
+            margin-top: 20px; 
+            padding: 15px;
+            border-radius: 4px;
+            display: none;
+        }
+        .success { 
+            background-color: #dff0d8; 
+            color: #3c763d; 
+        }
+        .error { 
+            background-color: #f2dede; 
+            color: #a94442; 
+        }
     </style>
 </head>
 <body>
-    <h2>Purchase Record Form</h2>
+    <h2>購買記錄表單 Purchase Record Form</h2>
     <form id="purchaseForm">
         <div class="form-group">
-            <label for="name">Name:</label>
+            <label for="name">姓名 Name:</label>
             <input type="text" id="name" name="name" required>
         </div>
         
         <div class="form-group">
-            <label for="studentId">Student ID (學號):</label>
+            <label for="studentId">學號 Student ID:</label>
             <input type="text" id="studentId" name="studentId" required>
         </div>
         
         <div class="form-group">
-            <label for="product">Product:</label>
+            <label for="product">購買商品 Product:</label>
             <input type="text" id="product" name="product" required>
         </div>
         
         <div class="form-group">
-            <label for="cost">Cost:</label>
+            <label for="cost">金額 Cost:</label>
             <input type="number" id="cost" name="cost" required>
         </div>
         
         <div class="form-group">
-            <label for="receipt">Receipt (發票):</label>
-            <input type="file" id="receipt" name="receipt" required>
+            <label for="receipt">發票 Receipt:</label>
+            <input type="file" id="receipt" name="receipt" accept="image/*,.pdf" required>
         </div>
         
-        <button type="submit">Submit</button>
+        <button type="submit">提交 Submit</button>
     </form>
     <div id="status"></div>
 
@@ -96,7 +117,7 @@ HTML_TEMPLATE = '''
             
             const status = document.getElementById('status');
             status.style.display = 'block';
-            status.textContent = 'Submitting...';
+            status.textContent = '提交中... Submitting...';
             status.className = '';
             
             const formData = new FormData(e.target);
@@ -111,15 +132,15 @@ HTML_TEMPLATE = '''
                 
                 if (result.success) {
                     status.className = 'success';
-                    status.textContent = result.message;
+                    status.textContent = '提交成功！ ' + result.message;
                     e.target.reset();
                 } else {
                     status.className = 'error';
-                    status.textContent = result.message;
+                    status.textContent = '錯誤：' + result.message;
                 }
             } catch (error) {
                 status.className = 'error';
-                status.textContent = 'Error submitting form';
+                status.textContent = '提交錯誤 Error submitting form';
             }
         });
     </script>
@@ -129,26 +150,24 @@ HTML_TEMPLATE = '''
 
 @app.route('/')
 def index():
-    return HTML_TEMPLATE
+    return render_template_string(HTML_TEMPLATE)
 
 @app.route('/submit', methods=['POST'])
 def submit():
     try:
-        # Get form data
         name = request.form['name']
         student_id = request.form['studentId']
         product = request.form['product']
         cost = request.form['cost']
         file = request.files['receipt']
 
-        # Get Google credentials
-        creds = get_google_auth()
+        credentials = Credentials.from_authorized_user_info(CREDENTIALS)
 
         # Upload file to Drive
-        drive_service = build('drive', 'v3', credentials=creds)
+        drive_service = build('drive', 'v3', credentials=credentials)
         
         file_metadata = {
-            'name': file.filename,
+            'name': f"{student_id}_{datetime.datetime.now().strftime('%Y%m%d_%H%M%S')}_{file.filename}",
             'parents': [FOLDER_ID]
         }
         
@@ -167,7 +186,7 @@ def submit():
         file_url = uploaded_file.get('webViewLink', '')
 
         # Update Google Sheet
-        sheets_service = build('sheets', 'v4', credentials=creds)
+        sheets_service = build('sheets', 'v4', credentials=credentials)
         
         timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
         ip_address = request.remote_addr
@@ -188,5 +207,4 @@ def submit():
         return jsonify({'success': False, 'message': f'Error: {str(e)}'})
 
 if __name__ == '__main__':
-    os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'  # Only for development
     app.run(host='0.0.0.0', port=7860)