Implement complete user authentication system

- Configured Flask-Login with user_loader - Added register, login, logout routes with proper validation - Created login.html and register.html templates with auth forms - Updated base.html navigation to show username and conditional menu - Added auth page styling to style.css - Protected all routes with @login_required decorator - Updated all routes to filter by current_user.id - Added user ownership validation for: - Channels (can only view/refresh own channels) - Videos (can only watch/download own videos) - Streams (can only stream videos from own channels) - Updated save_to_db() calls to pass current_user.id - Improved user_loader to properly handle session management Features: - User registration with password confirmation - Secure password hashing with bcrypt - Login with "remember me" functionality - Flash messages for all auth actions - Redirect to requested page after login - User-specific data isolation (multi-tenant) Security: - All sensitive routes require authentication - Users can only access their own data - Passwords hashed with bcrypt salt - Session-based authentication via Flask-Login 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-26 14:29:31 -05:00
parent 403d65e4ea
commit 1a4413ae1a
8 changed files with 445 additions and 146 deletions
--- a/templates/base.html
+++ b/templates/base.html
@@ -11,9 +11,18 @@
        <div class="nav-container">
            <h1 class="logo"><a href="/">YottoB</a></h1>
            <ul class="nav-menu">
-                <li><a href="/" class="{% if request.path == '/' %}active{% endif %}">Videos</a></li>
-                <li><a href="/channels" class="{% if request.path == '/channels' %}active{% endif %}">Channels</a></li>
-                <li><a href="/add-channel" class="{% if request.path == '/add-channel' %}active{% endif %}">Add Channel</a></li>
+                {% if current_user.is_authenticated %}
+                    <li><a href="/" class="{% if request.path == '/' %}active{% endif %}">Videos</a></li>
+                    <li><a href="/channels" class="{% if request.path == '/channels' %}active{% endif %}">Channels</a></li>
+                    <li><a href="/add-channel" class="{% if request.path == '/add-channel' %}active{% endif %}">Add Channel</a></li>
+                    <li class="nav-user">
+                        <span>{{ current_user.username }}</span>
+                        <a href="{{ url_for('logout') }}">Logout</a>
+                    </li>
+                {% else %}
+                    <li><a href="{{ url_for('login') }}" class="{% if request.path == '/login' %}active{% endif %}">Login</a></li>
+                    <li><a href="{{ url_for('register') }}" class="{% if request.path == '/register' %}active{% endif %}">Register</a></li>
+                {% endif %}
            </ul>
        </div>
    </nav>