ryan/yottob
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement complete user authentication system

Browse Source 
- Configured Flask-Login with user_loader
- Added register, login, logout routes with proper validation
- Created login.html and register.html templates with auth forms
- Updated base.html navigation to show username and conditional menu
- Added auth page styling to style.css
- Protected all routes with @login_required decorator
- Updated all routes to filter by current_user.id
- Added user ownership validation for:
  - Channels (can only view/refresh own channels)
  - Videos (can only watch/download own videos)
  - Streams (can only stream videos from own channels)
- Updated save_to_db() calls to pass current_user.id
- Improved user_loader to properly handle session management

Features:
- User registration with password confirmation
- Secure password hashing with bcrypt
- Login with "remember me" functionality
- Flash messages for all auth actions
- Redirect to requested page after login
- User-specific data isolation (multi-tenant)

Security:
- All sensitive routes require authentication
- Users can only access their own data
- Passwords hashed with bcrypt salt
- Session-based authentication via Flask-Login

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Ryan Chen
2025-11-26 14:29:31 -05:00
parent 403d65e4ea
commit 1a4413ae1a
8 changed files with 445 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
templates/base.html
View File

@@ -11,9 +11,18 @@
<div class="nav-container">
<h1 class="logo"><a href="/">YottoB</a></h1>
<ul class="nav-menu">
<li><a href="/" class="{% if request.path == '/' %}active{% endif %}">Videos</a></li>
<li><a href="/channels" class="{% if request.path == '/channels' %}active{% endif %}">Channels</a></li>
<li><a href="/add-channel" class="{% if request.path == '/add-channel' %}active{% endif %}">Add Channel</a></li>
{% if current_user.is_authenticated %}
<li><a href="/" class="{% if request.path == '/' %}active{% endif %}">Videos</a></li>
<li><a href="/channels" class="{% if request.path == '/channels' %}active{% endif %}">Channels</a></li>
<li><a href="/add-channel" class="{% if request.path == '/add-channel' %}active{% endif %}">Add Channel</a></li>
<li class="nav-user">
<span>{{ current_user.username }}</span>
<a href="{{ url_for('logout') }}">Logout</a>
</li>
{% else %}
<li><a href="{{ url_for('login') }}" class="{% if request.path == '/login' %}active{% endif %}">Login</a></li>
<li><a href="{{ url_for('register') }}" class="{% if request.path == '/register' %}active{% endif %}">Register</a></li>
{% endif %}
</ul>
</div>
</nav>

54
templates/login.html Normal file
View File

@@ -0,0 +1,54 @@
{% extends "base.html" %}
{% block title %}Login - YottoB{% endblock %}
{% block content %}
<div class="auth-page">
<div class="auth-container">
<h2>Login to YottoB</h2>
<p class="auth-subtitle">Access your YouTube video collection</p>
<form method="POST" action="{{ url_for('login') }}" class="auth-form">
<div class="form-group">
<label for="username">Username</label>
<input
type="text"
id="username"
name="username"
required
autofocus
class="form-input"
placeholder="Enter your username"
>
</div>
<div class="form-group">
<label for="password">Password</label>
<input
type="password"
id="password"
name="password"
required
class="form-input"
placeholder="Enter your password"
>
</div>
<div class="form-group checkbox-group">
<label class="checkbox-label">
<input type="checkbox" name="remember" id="remember">
<span>Remember me</span>
</label>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary btn-block">Login</button>
</div>
</form>
<div class="auth-footer">
<p>Don't have an account? <a href="{{ url_for('register') }}">Register here</a></p>
</div>
</div>
</div>
{% endblock %}

77
templates/register.html Normal file
View File

@@ -0,0 +1,77 @@
{% extends "base.html" %}
{% block title %}Register - YottoB{% endblock %}
{% block content %}
<div class="auth-page">
<div class="auth-container">
<h2>Create Account</h2>
<p class="auth-subtitle">Join YottoB to start downloading YouTube videos</p>
<form method="POST" action="{{ url_for('register') }}" class="auth-form">
<div class="form-group">
<label for="username">Username</label>
<input
type="text"
id="username"
name="username"
required
autofocus
class="form-input"
placeholder="Choose a username"
minlength="3"
maxlength="80"
>
<small class="form-help">3-80 characters, letters, numbers, and underscores</small>
</div>
<div class="form-group">
<label for="email">Email</label>
<input
type="email"
id="email"
name="email"
required
class="form-input"
placeholder="Enter your email address"
>
</div>
<div class="form-group">
<label for="password">Password</label>
<input
type="password"
id="password"
name="password"
required
class="form-input"
placeholder="Choose a strong password"
minlength="8"
>
<small class="form-help">At least 8 characters</small>
</div>
<div class="form-group">
<label for="confirm_password">Confirm Password</label>
<input
type="password"
id="confirm_password"
name="confirm_password"
required
class="form-input"
placeholder="Re-enter your password"
minlength="8"
>
</div>
<div class="form-actions">
<button type="submit" class="btn btn-primary btn-block">Create Account</button>
</div>
</form>
<div class="auth-footer">
<p>Already have an account? <a href="{{ url_for('login') }}">Login here</a></p>
</div>
</div>
</div>
{% endblock %}