Update app.py

app.py

@@ -1,5 +1,6 @@
-from flask import Flask, request, jsonify, render_template_string
-from google.oauth2.service_account import Credentials
+from flask import Flask, request, jsonify, render_template_string, redirect, session
+from google_auth_oauthlib.flow import Flow
+from google.oauth2.credentials import Credentials
 from googleapiclient.discovery import build
 from googleapiclient.http import MediaIoBaseUpload
 import os
@@ -7,155 +8,205 @@ import io
 import datetime
 
 app = Flask(__name__)
+app.secret_key = os.environ.get('FLASK_SECRET_KEY')
+
+SCOPES = ['https://www.googleapis.com/auth/spreadsheets', 
+          'https://www.googleapis.com/auth/drive.file']
 
-# Google API settings
-SCOPES = ['https://www.googleapis.com/auth/spreadsheets', 'https://www.googleapis.com/auth/drive.file']
 SPREADSHEET_ID = '1rcIJflbC1VIc70F6dnASLFvGQ90TXHhCx0iyxsXR7Ww'
 FOLDER_ID = '1brmLNqOMCvRS0TDY6ECHvIBmlRx8pcPz'
 
-# Create credentials from environment variables
-creds_dict = {
-    "type": "service_account",
-    "project_id": os.environ.get('PROJECT_ID'),
-    "private_key_id": os.environ.get('PRIVATE_KEY_ID'),
-    "private_key": os.environ.get('PRIVATE_KEY').replace('\\n', '\n'),
-    "client_email": os.environ.get('CLIENT_EMAIL'),
-    "client_id": os.environ.get('CLIENT_ID'),
-    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-    "token_uri": "https://oauth2.googleapis.com/token",
-    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-    "client_x509_cert_url": os.environ.get('CLIENT_X509_CERT_URL')
+# OAuth configuration
+client_config = {
+    "web": {
+        "client_id": os.environ.get('GOOGLE_CLIENT_ID'),
+        "client_secret": os.environ.get('GOOGLE_CLIENT_SECRET'),
+        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        "token_uri": "https://oauth2.googleapis.com/token",
+        "redirect_uris": ["https://euler314-purchase-record.hf.space/oauth2callback"]
+    }
 }
 
-credentials = Credentials.from_service_account_info(creds_dict, scopes=SCOPES)
+def credentials_to_dict(credentials):
+    return {
+        'token': credentials.token,
+        'refresh_token': credentials.refresh_token,
+        'token_uri': credentials.token_uri,
+        'client_id': credentials.client_id,
+        'client_secret': credentials.client_secret,
+        'scopes': credentials.scopes
+    }
+
+def get_credentials():
+    if 'credentials' not in session:
+        return None
+    return Credentials(**session['credentials'])
+
+@app.route('/authorize')
+def authorize():
+    flow = Flow.from_client_config(
+        client_config,
+        scopes=SCOPES,
+        redirect_uri=client_config['web']['redirect_uris'][0]
+    )
+    authorization_url, state = flow.authorization_url(
+        access_type='offline',
+        include_granted_scopes='true'
+    )
+    session['state'] = state
+    return redirect(authorization_url)
+
+@app.route('/oauth2callback')
+def oauth2callback():
+    state = session['state']
+    flow = Flow.from_client_config(
+        client_config,
+        scopes=SCOPES,
+        state=state,
+        redirect_uri=client_config['web']['redirect_uris'][0]
+    )
+    authorization_response = request.url
+    flow.fetch_token(authorization_response=authorization_response)
+    credentials = flow.credentials
+    session['credentials'] = credentials_to_dict(credentials)
+    return redirect('/')
 
 @app.route('/')
-def home():
-    return render_template_string('''
-    <!DOCTYPE html>
-    <html>
-    <head>
-        <title>Purchase Record Form</title>
-        <meta charset="UTF-8">
-        <style>
-            body { 
-                font-family: Arial, sans-serif; 
-                max-width: 600px; 
-                margin: 20px auto;
-                padding: 20px;
-            }
-            .form-group { 
-                margin-bottom: 20px; 
-            }
-            label { 
-                display: block; 
-                margin-bottom: 8px;
-                font-weight: bold;
-            }
-            input { 
-                width: 100%; 
-                padding: 10px; 
-                border: 1px solid #ddd; 
-                border-radius: 4px;
-                font-size: 16px;
-            }
-            button { 
-                background-color: #4CAF50; 
-                color: white; 
-                padding: 12px 24px; 
-                border: none; 
-                border-radius: 4px; 
-                cursor: pointer;
-                font-size: 16px;
-                width: 100%;
-            }
-            button:hover { 
-                background-color: #45a049; 
-            }
-            #status { 
-                margin-top: 20px; 
-                padding: 15px;
-                border-radius: 4px;
-                display: none;
-            }
-            .success { 
-                background-color: #dff0d8; 
-                color: #3c763d; 
-            }
-            .error { 
-                background-color: #f2dede; 
-                color: #a94442; 
-            }
-        </style>
-    </head>
-    <body>
-        <h2>購買記錄表單 Purchase Record Form</h2>
-        <form id="purchaseForm">
-            <div class="form-group">
-                <label for="name">姓名 Name:</label>
-                <input type="text" id="name" name="name" required>
-            </div>
-            
-            <div class="form-group">
-                <label for="studentId">學號 Student ID:</label>
-                <input type="text" id="studentId" name="studentId" required>
-            </div>
-            
-            <div class="form-group">
-                <label for="product">購買商品 Product:</label>
-                <input type="text" id="product" name="product" required>
-            </div>
+def index():
+    if not get_credentials():
+        return redirect('/authorize')
+    return render_template_string(HTML_TEMPLATE)
+
+
+HTML_TEMPLATE = '''
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Purchase Record Form</title>
+    <meta charset="UTF-8">
+    <style>
+        body { 
+            font-family: Arial, sans-serif; 
+            max-width: 600px; 
+            margin: 20px auto;
+            padding: 20px;
+        }
+        .form-group { 
+            margin-bottom: 20px; 
+        }
+        label { 
+            display: block; 
+            margin-bottom: 8px;
+            font-weight: bold;
+        }
+        input { 
+            width: 100%; 
+            padding: 10px; 
+            border: 1px solid #ddd; 
+            border-radius: 4px;
+            font-size: 16px;
+        }
+        button { 
+            background-color: #4CAF50; 
+            color: white; 
+            padding: 12px 24px; 
+            border: none; 
+            border-radius: 4px; 
+            cursor: pointer;
+            font-size: 16px;
+            width: 100%;
+        }
+        button:hover { 
+            background-color: #45a049; 
+        }
+        #status { 
+            margin-top: 20px; 
+            padding: 15px;
+            border-radius: 4px;
+            display: none;
+        }
+        .success { 
+            background-color: #dff0d8; 
+            color: #3c763d; 
+        }
+        .error { 
+            background-color: #f2dede; 
+            color: #a94442; 
+        }
+    </style>
+</head>
+<body>
+    <h2>購買記錄表單 Purchase Record Form</h2>
+    <form id="purchaseForm">
+        <div class="form-group">
+            <label for="name">姓名 Name:</label>
+            <input type="text" id="name" name="name" required>
+        </div>
+        
+        <div class="form-group">
+            <label for="studentId">學號 Student ID:</label>
+            <input type="text" id="studentId" name="studentId" required>
+        </div>
+        
+        <div class="form-group">
+            <label for="product">購買商品 Product:</label>
+            <input type="text" id="product" name="product" required>
+        </div>
+        
+        <div class="form-group">
+            <label for="cost">金額 Cost:</label>
+            <input type="number" id="cost" name="cost" required>
+        </div>
+        
+        <div class="form-group">
+            <label for="receipt">發票 Receipt:</label>
+            <input type="file" id="receipt" name="receipt" accept="image/*,.pdf" required>
+        </div>
+        
+        <button type="submit">提交 Submit</button>
+    </form>
+    <div id="status"></div>
+
+    <script>
+        document.getElementById('purchaseForm').addEventListener('submit', async (e) => {
+            e.preventDefault();
             
-            <div class="form-group">
-                <label for="cost">金額 Cost:</label>
-                <input type="number" id="cost" name="cost" required>
-            </div>
+            const status = document.getElementById('status');
+            status.style.display = 'block';
+            status.textContent = '提交中... Submitting...';
+            status.className = '';
             
-            <div class="form-group">
-                <label for="receipt">發票 Receipt:</label>
-                <input type="file" id="receipt" name="receipt" accept="image/*,.pdf" required>
-            </div>
+            const formData = new FormData(e.target);
             
-            <button type="submit">提交 Submit</button>
-        </form>
-        <div id="status"></div>
-
-        <script>
-            document.getElementById('purchaseForm').addEventListener('submit', async (e) => {
-                e.preventDefault();
-                
-                const status = document.getElementById('status');
-                status.style.display = 'block';
-                status.textContent = '提交中... Submitting...';
-                status.className = '';
+            try {
+                const response = await fetch('/submit', {
+                    method: 'POST',
+                    body: formData
+                });
                 
-                const formData = new FormData(e.target);
+                const result = await response.json();
                 
-                try {
-                    const response = await fetch('/submit', {
-                        method: 'POST',
-                        body: formData
-                    });
-                    
-                    const result = await response.json();
-                    
-                    if (result.success) {
-                        status.className = 'success';
-                        status.textContent = '提交成功！ ' + result.message;
-                        e.target.reset();
-                    } else {
-                        status.className = 'error';
-                        status.textContent = '錯誤：' + result.message;
-                    }
-                } catch (error) {
+                if (result.success) {
+                    status.className = 'success';
+                    status.textContent = '提交成功！ ' + result.message;
+                    e.target.reset();
+                } else {
                     status.className = 'error';
-                    status.textContent = '提交錯誤 Error submitting form';
+                    status.textContent = '錯誤：' + result.message;
                 }
-            });
-        </script>
-    </body>
-    </html>
-    ''')
+            } catch (error) {
+                status.className = 'error';
+                status.textContent = '提交錯誤 Error submitting form';
+            }
+        });
+    </script>
+</body>
+</html>
+'''
+
+@app.route('/')
+def index():
+    return render_template_string(HTML_TEMPLATE)
 
 @app.route('/submit', methods=['POST'])
 def submit():
@@ -166,6 +217,8 @@ def submit():
         cost = request.form['cost']
         file = request.files['receipt']
 
+        credentials = Credentials.from_authorized_user_info(CREDENTIALS)
+
         # Upload file to Drive
         drive_service = build('drive', 'v3', credentials=credentials)