saldo/app/auth/routes.py

from __future__ import annotations

from flask import Blueprint, flash, redirect, render_template, request, url_for
from flask_login import current_user, login_required, login_user, logout_user

from app.extensions import db
from app.models import NotificationPreference, User
from app.seed import seed_data
auth_bp = Blueprint("auth", __name__, url_prefix="/auth")


@auth_bp.route("/setup", methods=["GET", "POST"])
def setup():
    if current_user.is_authenticated:
        return redirect(url_for("main.index"))
    if User.query.count() > 0:
        return redirect(url_for("auth.login"))

    if request.method == "POST":
        username = request.form.get("username", "").strip()
        display_name = request.form.get("display_name", "").strip()
        email = request.form.get("email", "").strip()
        password = request.form.get("password", "")
        password_confirm = request.form.get("password_confirm", "")

        if not username or not display_name or not email or not password:
            flash("Bitte alle Pflichtfelder ausfüllen.", "danger")
        elif password != password_confirm:
            flash("Die Passwörter stimmen nicht überein.", "danger")
        elif User.query.filter((User.username == username) | (User.email == email)).first():
            flash("Benutzername oder E-Mail existieren bereits.", "danger")
        else:
            seed_data()
            user = User(
                username=username,
                display_name=display_name,
                email=email,
                role="admin",
                is_active=True,
            )
            user.set_password(password)
            db.session.add(user)
            db.session.flush()
            db.session.add(NotificationPreference(user_id=user.id))
            db.session.commit()
            login_user(user, remember=True)
            flash("Admin eingerichtet. Saldo ist startklar.", "success")
            return redirect(url_for("main.index"))

    return render_template("auth/setup.html")


@auth_bp.route("/login", methods=["GET", "POST"])
def login():
    if current_user.is_authenticated:
        return redirect(url_for("main.index"))
    if User.query.count() == 0:
        return redirect(url_for("auth.setup"))
    has_users = User.query.count() > 0
    if request.method == "POST":
        username = request.form.get("username", "").strip()
        password = request.form.get("password", "")
        user = User.query.filter_by(username=username, is_active=True).first()
        if user and user.check_password(password):
            login_user(user, remember=True)
            flash("Willkommen zurück.", "success")
            return redirect(request.args.get("next") or url_for("main.index"))
        flash("Login fehlgeschlagen. Bitte prüfe Benutzername und Passwort.", "danger")
    return render_template("auth/login.html", has_users=has_users)


@auth_bp.route("/logout", methods=["POST"])
@login_required
def logout():
    logout_user()
    flash("Du wurdest abgemeldet.", "info")
    return redirect(url_for("auth.login"))