From 3f6abba7544594d5fafe7214fb54dd1bbdd41bcd Mon Sep 17 00:00:00 2001 From: Calin Lupas Date: Thu, 24 Apr 2025 15:27:13 -0400 Subject: [PATCH 1/5] Update Azure version in Index page to v5 --- src/webapp01/Pages/Index.cshtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/webapp01/Pages/Index.cshtml b/src/webapp01/Pages/Index.cshtml index b47ad33..00f3120 100644 --- a/src/webapp01/Pages/Index.cshtml +++ b/src/webapp01/Pages/Index.cshtml @@ -6,7 +6,7 @@
-
.NET 💜 Azure v4
+
.NET 💜 Azure v5

Learn about building Web apps with ASP.NET Core.

From 557dabfdc64e0866dec7ccccb3de0fa5e26f19b9 Mon Sep 17 00:00:00 2001 From: Calin Lupas Date: Thu, 24 Apr 2025 15:48:45 -0400 Subject: [PATCH 2/5] Update System.Text.Json package version Changed the version of the `System.Text.Json` package from `9.0.4` to `8.0.4` in the `webapp01.csproj` file. --- src/webapp01/webapp01.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/webapp01/webapp01.csproj b/src/webapp01/webapp01.csproj index 54dfb41..7bae97c 100644 --- a/src/webapp01/webapp01.csproj +++ b/src/webapp01/webapp01.csproj @@ -13,7 +13,7 @@ - + From e82352f63ff5c3812ef440f4c7ba99ff15c3356b Mon Sep 17 00:00:00 2001 From: Calin Lupas Date: Thu, 24 Apr 2025 15:51:59 -0400 Subject: [PATCH 3/5] Remove hardcoded admin username for security Updated logging to use the authenticated user's name instead of a static admin username. This change enhances security by eliminating the use of hardcoded credentials. --- src/webapp01/Pages/Index.cshtml.cs | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/src/webapp01/Pages/Index.cshtml.cs b/src/webapp01/Pages/Index.cshtml.cs index 24a1366..46ed30d 100644 --- a/src/webapp01/Pages/Index.cshtml.cs +++ b/src/webapp01/Pages/Index.cshtml.cs @@ -1,15 +1,9 @@ -using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; namespace webapp01.Pages; public class IndexModel : PageModel { - string adminUserName = "demouser@example.com"; - - // TODO: Don't use this in production - public const string DEFAULT_PASSWORD = "Pass@word1"; - private readonly ILogger _logger; public IndexModel(ILogger logger) @@ -19,9 +13,6 @@ public IndexModel(ILogger logger) public void OnGet() { - string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C"; - var str = $"/C fsutil volume diskfree {drive}:"; - _logger.LogInformation($"Command str: {str}"); - _logger.LogInformation("Admin" + adminUserName); + _logger.LogInformation($"User: {User.Identity?.Name}"); } } From c6f4d201594a0206b1f884b4a6c31d5397b7be4d Mon Sep 17 00:00:00 2001 From: Calin Lupas Date: Thu, 24 Apr 2025 16:00:10 -0400 Subject: [PATCH 4/5] Add admin user details and logging in PrivacyModel Introduced a new `adminUserName` variable and a constant `DEFAULT_PASSWORD` in `Privacy.cshtml.cs`. Updated the `OnGet` method to handle a "drive" query parameter, construct a disk space command, and log the command string along with the admin username. --- src/webapp01/Pages/Privacy.cshtml.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/webapp01/Pages/Privacy.cshtml.cs b/src/webapp01/Pages/Privacy.cshtml.cs index 4bb99c6..9711b43 100644 --- a/src/webapp01/Pages/Privacy.cshtml.cs +++ b/src/webapp01/Pages/Privacy.cshtml.cs @@ -7,6 +7,12 @@ public class PrivacyModel : PageModel { private readonly ILogger _logger; + string adminUserName = "demouser@example.com"; + + // TODO: Don't use this in production + public const string DEFAULT_PASSWORD = "Pass@word1"; + + public PrivacyModel(ILogger logger) { _logger = logger; @@ -14,6 +20,10 @@ public PrivacyModel(ILogger logger) public void OnGet() { + string drive = Request.Query.ContainsKey("drive") ? Request.Query["drive"] : "C"; + var str = $"/C fsutil volume diskfree {drive}:"; + _logger.LogInformation($"Command str: {str}"); + _logger.LogInformation("Admin" + adminUserName); } } From f647f148e70398c80ac259570544a78196730ad7 Mon Sep 17 00:00:00 2001 From: Calin Lupas Date: Thu, 24 Apr 2025 17:02:53 -0400 Subject: [PATCH 5/5] Update dependencies and add book index route Updated `Pipfile.lock` to specify Python 3.8 and added dependencies including `click`, `flask`, `itsdangerous`, `jinja2`, `markupsafe`, `python-dotenv`, and `werkzeug` with version constraints and hashes. Added a new route in `routes.py` for the index page that handles GET requests, retrieves query parameters for `name`, `author`, and `read`, and executes SQL queries to fetch and render books using the `books.html` template. --- samples/Pipfile.lock | 129 +++++++++++++++++++++++++++++++++++++++++++ samples/routes.py | 30 ++++++++++ 2 files changed, 159 insertions(+) create mode 100644 samples/Pipfile.lock create mode 100644 samples/routes.py diff --git a/samples/Pipfile.lock b/samples/Pipfile.lock new file mode 100644 index 0000000..b501457 --- /dev/null +++ b/samples/Pipfile.lock @@ -0,0 +1,129 @@ +{ + "_meta": { + "hash": { + "sha256": "069f33d2dc75b242fa5ee44daf090c80831812dc6cc59824e94c22a677eac958" + }, + "pipfile-spec": 6, + "requires": { + "python_version": "3.8" + }, + "sources": [ + { + "name": "pypi", + "url": "https://pypi.org/simple", + "verify_ssl": true + } + ] + }, + "default": { + "click": { + "hashes": [ + "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", + "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" + ], + "markers": "python_version >= '3.6'", + "version": "==8.0.1" + }, + "flask": { + "hashes": [ + "sha256:7b2fb8e934ddd50731893bdcdb00fc8c0315916f9fcd50d22c7cc1a95ab634e2", + "sha256:cb90f62f1d8e4dc4621f52106613488b5ba826b2e1e10a33eac92f723093ab6a" + ], + "index": "pypi", + "version": "==2.0.2" + }, + "itsdangerous": { + "hashes": [ + "sha256:5174094b9637652bdb841a3029700391451bd092ba3db90600dea710ba28e97c", + "sha256:9e724d68fc22902a1435351f84c3fb8623f303fffcc566a4cb952df8c572cff0" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.1" + }, + "jinja2": { + "hashes": [ + "sha256:827a0e32839ab1600d4eb1c4c33ec5a8edfbc5cb42dafa13b81f182f97784b45", + "sha256:8569982d3f0889eed11dd620c706d39b60c36d6d25843961f33f77fb6bc6b20c" + ], + "markers": "python_version >= '3.6'", + "version": "==3.0.2" + }, + "markupsafe": { + "hashes": [ + "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298", + "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64", + "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b", + "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567", + "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff", + "sha256:0d4b31cc67ab36e3392bbf3862cfbadac3db12bdd8b02a2731f509ed5b829724", + "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74", + "sha256:168cd0a3642de83558a5153c8bd34f175a9a6e7f6dc6384b9655d2697312a646", + "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35", + "sha256:1f2ade76b9903f39aa442b4aadd2177decb66525062db244b35d71d0ee8599b6", + "sha256:2a7d351cbd8cfeb19ca00de495e224dea7e7d919659c2841bbb7f420ad03e2d6", + "sha256:2d7d807855b419fc2ed3e631034685db6079889a1f01d5d9dac950f764da3dad", + "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26", + "sha256:36bc903cbb393720fad60fc28c10de6acf10dc6cc883f3e24ee4012371399a38", + "sha256:37205cac2a79194e3750b0af2a5720d95f786a55ce7df90c3af697bfa100eaac", + "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7", + "sha256:3dd007d54ee88b46be476e293f48c85048603f5f516008bee124ddd891398ed6", + "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75", + "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f", + "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135", + "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8", + "sha256:5855f8438a7d1d458206a2466bf82b0f104a3724bf96a1c781ab731e4201731a", + "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a", + "sha256:5bb28c636d87e840583ee3adeb78172efc47c8b26127267f54a9c0ec251d41a9", + "sha256:60bf42e36abfaf9aff1f50f52644b336d4f0a3fd6d8a60ca0d054ac9f713a864", + "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914", + "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18", + "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8", + "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2", + "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d", + "sha256:6fcf051089389abe060c9cd7caa212c707e58153afa2c649f00346ce6d260f1b", + "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b", + "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f", + "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb", + "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833", + "sha256:99df47edb6bda1249d3e80fdabb1dab8c08ef3975f69aed437cb69d0a5de1e28", + "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415", + "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902", + "sha256:add36cb2dbb8b736611303cd3bfcee00afd96471b09cda130da3581cbdc56a6d", + "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9", + "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d", + "sha256:baa1a4e8f868845af802979fcdbf0bb11f94f1cb7ced4c4b8a351bb60d108145", + "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066", + "sha256:bf5d821ffabf0ef3533c39c518f3357b171a1651c1ff6827325e4489b0e46c3c", + "sha256:c47adbc92fc1bb2b3274c4b3a43ae0e4573d9fbff4f54cd484555edbf030baf1", + "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f", + "sha256:d8446c54dc28c01e5a2dbac5a25f071f6653e6e40f3a8818e8b45d790fe6ef53", + "sha256:e0f138900af21926a02425cf736db95be9f4af72ba1bb21453432a07f6082134", + "sha256:e9936f0b261d4df76ad22f8fee3ae83b60d7c3e871292cd42f40b81b70afae85", + "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5", + "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94", + "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509", + "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51", + "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.1" + }, + "python-dotenv": { + "hashes": [ + "sha256:aae25dc1ebe97c420f50b81fb0e5c949659af713f31fdb63c749ca68748f34b1", + "sha256:f521bc2ac9a8e03c736f62911605c5d83970021e3fa95b37d769e2bbbe9b6172" + ], + "index": "pypi", + "version": "==0.19.0" + }, + "werkzeug": { + "hashes": [ + "sha256:63d3dc1cf60e7b7e35e97fa9861f7397283b75d765afcaefd993d6046899de8f", + "sha256:aa2bb6fc8dee8d6c504c0ac1e7f5f7dc5810a9903e793b6f715a9f015bdadb9a" + ], + "markers": "python_version >= '3.6'", + "version": "==2.0.2" + } + }, + "develop": {} +} diff --git a/samples/routes.py b/samples/routes.py new file mode 100644 index 0000000..bab7594 --- /dev/null +++ b/samples/routes.py @@ -0,0 +1,30 @@ + +from flask import request, render_template, make_response + +from server.webapp import flaskapp, cursor +from server.models import Book + + +@flaskapp.route('/') +def index(): + name = request.args.get('name') + author = request.args.get('author') + read = bool(request.args.get('read')) + + if name: + cursor.execute( + "SELECT * FROM books WHERE name LIKE '%" + name + "%'" + ) + books = [Book(*row) for row in cursor] + + elif author: + cursor.execute( + "SELECT * FROM books WHERE author LIKE '%" + author + "%'" + ) + books = [Book(*row) for row in cursor] + + else: + cursor.execute("SELECT name, author, read FROM books") + books = [Book(*row) for row in cursor] + + return render_template('books.html', books=books)