sabriahall · Mar 20, 2025
diff --git a/‎README.md
+26-1 b/‎README.md
+26-1
diff --git a/‎__pycache__/app.cpython-312.pyc
7.07 KB b/‎__pycache__/app.cpython-312.pyc
7.07 KB
diff --git a/‎__pycache__/helpers.cpython-312.pyc
726 Bytes b/‎__pycache__/helpers.cpython-312.pyc
726 Bytes
diff --git a/‎app.py
+139 b/‎app.py
+139
diff --git a/‎database.db b/‎database.db
diff --git a/‎flask_session/2029240f6d1128be89ddc32729463129
9 Bytes b/‎flask_session/2029240f6d1128be89ddc32729463129
9 Bytes
diff --git a/‎habit_tracker.db
20 KB b/‎habit_tracker.db
20 KB
diff --git a/‎helpers.py
+10 b/‎helpers.py
+10
diff --git a/‎init_db.py
+29 b/‎init_db.py
+29
diff --git a/‎requirements.txt
+4 b/‎requirements.txt
+4
diff --git a/‎security/__pycache__/encryption.cpython-312.pyc
1.16 KB b/‎security/__pycache__/encryption.cpython-312.pyc
1.16 KB
diff --git a/‎security/auth.py
+30 b/‎security/auth.py
+30
diff --git a/‎security/encryption.py
+28 b/‎security/encryption.py
+28
diff --git a/‎static/script.js
+6 b/‎static/script.js
+6
diff --git a/‎static/styles.css
+51 b/‎static/styles.css
+51
diff --git a/‎templates/add_habit.html
+10 b/‎templates/add_habit.html
+10
diff --git a/‎templates/apology.html
+7 b/‎templates/apology.html
+7
diff --git a/‎templates/dashboard.html b/‎templates/dashboard.html
diff --git a/‎templates/dashbord.html
+17 b/‎templates/dashbord.html
+17
diff --git a/‎templates/index.html
+14 b/‎templates/index.html
+14
@@ -1 +1,26 @@
-# projects
+<<<<<<< HEAD
+# projects
+=======
+# Habit Tracker
+
+#### Video Demo: https://youtu.be/HcHheAYiY9w
+
+#### Description:
+
+# Secure Habit Tracker
+
+This project is a Flask-based habit tracker web application that enables users to register, log in, and add personal habits securely. The application has been built with a focus on modern security practices and includes the following key features:
+
+- **Secure User Authentication:**  
+  Users register and log in using a system that securely hashes passwords with Werkzeug's `generate_password_hash` and verifies them with `check_password_hash`. This ensures that plain-text passwords are never stored.
+
+- **Data Encryption:**  
+  All habit data entered by the user is encrypted using the Cryptography library's Fernet module before being stored in the SQLite database. This ensures that sensitive user information remains confidential, even if the database is compromised.
+
+- **SQL Injection Prevention:**  
+  The application uses parameterized SQL queries for all database interactions, effectively mitigating the risk of SQL injection attacks.
+
+- **User-Friendly Interface:**  
+  The web interface is built using Flask templates and includes clear navigation for registration, login, adding habits, and viewing your dashboard.
+
+This secure habit tracker demonstrates practical experience in secure web development and is an excellent example of applying security best practices in a real-world application.
@@ -0,0 +1,139 @@
+import sqlite3
+from flask import Flask, render_template, request, redirect, session, flash
+from flask_session import Session
+from werkzeug.security import generate_password_hash, check_password_hash
+from functools import wraps
+from security.encryption import encrypt_data, decrypt_data
+
+app = Flask(__name__)
+
+# Configure session
+app.config["SESSION_PERMANENT"] = False
+app.config["SESSION_TYPE"] = "filesystem"
+app.secret_key = "YOUR_SECRET_KEY_HERE"  # Replace with your secret key
+Session(app)
+
+# Database helper function
+def get_db():
+    conn = sqlite3.connect("habit_tracker.db")
+    conn.row_factory = sqlite3.Row  # Enables dict-like access to rows
+    return conn
+
+# Custom login_required decorator
+def login_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if session.get("user_id") is None:
+            flash("Please log in to continue.")
+            return redirect("/login")
+        return f(*args, **kwargs)
+    return decorated_function
+
+@app.route("/")
+@login_required
+def index():
+    """Display all habits for the logged-in user (decrypted)."""
+    db = get_db()
+    user_id = session["user_id"]
+    rows = db.execute("SELECT id, habit, date FROM habits WHERE user_id = ?", (user_id,)).fetchall()
+    db.close()
+    habits = []
+    for row in rows:
+        # Decrypt habit text before display
+        habits.append({
+            "id": row["id"],
+            "habit": decrypt_data(row["habit"]),
+            "date": row["date"]
+        })
+    return render_template("index.html", habits=habits)
+
+@app.route("/add_habit", methods=["GET", "POST"])
+@login_required
+def add_habit():
+    """Add a new habit (encrypted) for the logged-in user."""
+    if request.method == "POST":
+        habit_text = request.form.get("habit")
+        if not habit_text:
+            return render_template("apology.html", message="Must provide a habit description.")
+
+        user_id = session["user_id"]
+        # Encrypt the habit text before storing it in the database
+        encrypted_habit = encrypt_data(habit_text)
+
+        db = get_db()
+        db.execute("INSERT INTO habits (user_id, habit, date) VALUES (?, ?, DATE('now'))",
+                   (user_id, encrypted_habit))
+        db.commit()
+        db.close()
+
+        flash("Habit added successfully!")
+        return redirect("/")
+    return render_template("add_habit.html")
+
+@app.route("/register", methods=["GET", "POST"])
+def register():
+    """Register a new user with a hashed password (stored in the 'hash' column)."""
+    if request.method == "POST":
+        username = request.form.get("username")
+        password = request.form.get("password")
+        confirmation = request.form.get("confirmation")
+
+        if not username or not password or not confirmation:
+            return render_template("apology.html", message="Must provide username and password.")
+        if password != confirmation:
+            return render_template("apology.html", message="Passwords do not match.")
+
+        hash_pw = generate_password_hash(password)
+        db = get_db()
+        try:
+            # Note: We use column "hash" instead of "password"
+            db.execute("INSERT INTO users (username, hash) VALUES (?, ?)", (username, hash_pw))
+            db.commit()
+        except sqlite3.IntegrityError:
+            return render_template("apology.html", message="Username already taken.")
+        finally:
+            db.close()
+
+        flash("Registered successfully! Please log in.")
+        return redirect("/login")
+    return render_template("register.html")
+
+@app.route("/login", methods=["GET", "POST"])
+def login():
+    """Log in an existing user by verifying the hashed password stored in 'hash'."""
+    session.clear()
+    if request.method == "POST":
+        username = request.form.get("username")
+        password = request.form.get("password")
+        if not username or not password:
+            return render_template("apology.html", message="Must provide username and password.")
+
+        db = get_db()
+        user = db.execute("SELECT * FROM users WHERE username = ?", (username,)).fetchone()
+        db.close()
+        if user is None:
+            return render_template("apology.html", message="Invalid username or password.")
+        # Note: Use user["hash"] to check the password
+        if not check_password_hash(user["hash"], password):
+            return render_template("apology.html", message="Invalid username or password.")
+
+        session["user_id"] = user["id"]
+        flash("Logged in successfully!")
+        return redirect("/")
+    return render_template("login.html")
+
+@app.route("/logout")
+def logout():
+    """Log out the current user."""
+    session.clear()
+    flash("Logged out successfully!")
+    return redirect("/login")
+
+@app.route("/apology")
+def apology():
+    """Generic apology page."""
+    message = request.args.get("message", "Something went wrong.")
+    return render_template("apology.html", message=message)
+
+if __name__ == "__main__":
+    app.run(debug=True)
@@ -0,0 +1,10 @@
+from functools import wraps
+from flask import redirect, session
+
+def login_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if session.get("user_id") is None:
+            return redirect("/login")
+        return f(*args, **kwargs)
+    return decorated_function
@@ -0,0 +1,29 @@
+# init_db.py
+import sqlite3
+
+def create_tables():
+    conn = sqlite3.connect('database.db')
+    cursor = conn.cursor()
+    # Create users table
+    cursor.execute("""
+        CREATE TABLE IF NOT EXISTS users (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            username TEXT UNIQUE NOT NULL,
+            password TEXT NOT NULL
+        )
+    """)
+    # Create habits table with encrypted data
+    cursor.execute("""
+        CREATE TABLE IF NOT EXISTS habits (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            user_id INTEGER NOT NULL,
+            habit_data BLOB NOT NULL,
+            FOREIGN KEY (user_id) REFERENCES users (id)
+        )
+    """)
+    conn.commit()
+    conn.close()
+
+if __name__ == "__main__":
+    create_tables()
+    print("Database initialized.")
@@ -0,0 +1,4 @@
+Flask==2.2.3
+Flask-Session==0.4.0
+cs50
+Werkzeug==2.2.3
@@ -0,0 +1,30 @@
+# security/auth.py
+import bcrypt
+import sqlite3
+
+def hash_password(password: str) -> bytes:
+    """
+    Hash a password for storing.
+    """
+    # Generate a salt and hash the password
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(password.encode('utf-8'), salt)
+    return hashed
+
+def verify_password(stored_hash: bytes, password_attempt: str) -> bool:
+    """
+    Check if the provided password matches the stored hash.
+    """
+    return bcrypt.checkpw(password_attempt.encode('utf-8'), s…a parameterized query to get the hashed password for the user
+    cursor.execute("SELECT password FROM users WHERE username = ?", (username,))
+    result = cursor.fetchone()
+    conn.close()
+
+    if result:
+        stored_hash = result[0]
+        # stored_hash might be stored as a string; convert to bytes if necessary
+        if isinstance(stored_hash, str):
+            stored_hash = stored_hash.encode('utf-8')
+        return verify_password(stored_hash, password)
+    else:
+        return False
@@ -0,0 +1,28 @@
+# security/encryption.py
+from cryptography.fernet import Fernet
+
+# NOTE: In a real-world application, generate the key once and store it securely.
+# For this project, you can generate a key and save it in a file or environment variable.
+def generate_key() -> bytes:
+    """
+    Generates a new encryption key.
+    """
+    return Fernet.generate_key()
+
+# For demonstration purposes, we create a cipher_suite with a fixed key.
+# You can replace 'your-secret-key' with a securely stored key.
+# To generate a key, run: key = generate_key(); print(key)
+key = b'8B4uFHrRas7fnpmbRjTkfBI5shHRbVKuuY8zXbbkAL4='  # Replace with a valid 32-byte key
+cipher_suite = Fernet(key)
+
+def encrypt_data(plain_text: str) -> bytes:
+    """
+    Encrypts the provided plain text data.
+    """
+    return cipher_suite.encrypt(plain_text.encode('utf-8'))
+
+def decrypt_data(encrypted_data: bytes) -> str:
+    """
+    Decrypts the provided encrypted data.
+    """
+    return cipher_suite.decrypt(encrypted_data).decode('utf-8')
@@ -0,0 +1,6 @@
+document.addEventListener("DOMContentLoaded", function() {
+    console.log("Script loaded!");
+
+    // You can add additional JavaScript for interactivity if needed.
+    // For instance, you could add simple client-side form validation.
+});
@@ -0,0 +1,51 @@
+body {
+    font-family: Arial, sans-serif;
+    margin: 0;
+    padding: 0;
+    background: #f4f4f4;
+}
+
+header {
+    background: #333;
+    color: #fff;
+    padding: 1rem;
+    text-align: center;
+}
+
+nav a {
+    color: #fff;
+    margin: 0 0.5rem;
+    text-decoration: none;
+}
+
+main {
+    padding: 1rem;
+}
+
+.flashes {
+    list-style-type: none;
+    padding: 0;
+    margin: 1rem 0;
+    color: green;
+}
+
+form {
+    margin: 1rem 0;
+}
+
+form label {
+    display: block;
+    margin-top: 0.5rem;
+}
+
+form input[type="text"],
+form input[type="password"] {
+    width: 100%;
+    padding: 0.5rem;
+    margin-top: 0.25rem;
+}
+
+form button {
+    margin-top: 1rem;
+    padding: 0.5rem 1rem;
+}
@@ -0,0 +1,10 @@
+{% extends "layout.html" %}
+{% block title %}Add New Habit{% endblock %}
+{% block body %}
+  <h2>Add a New Habit</h2>
+  <form action="{{ url_for('add_habit') }}" method="post">
+      <label for="habit">Habit Description:</label>
+      <input type="text" id="habit" name="habit" placeholder="Enter your habit" required>
+      <button type="submit">Add Habit</button>
+  </form>
+{% endblock %}
@@ -0,0 +1,7 @@
+{% extends "layout.html" %}
+{% block title %}Error{% endblock %}
+{% block body %}
+  <h2>Oops!</h2>
+  <p>{{ message }}</p>
+  <p><a href="{{ url_for('index') }}">Return to Dashboard</a></p>
+{% endblock %}
@@ -0,0 +1,17 @@
+{% extends "layout.html" %}
+
+{% block title %}Dashboard{% endblock %}
+
+{% block main %}
+    <h1>Welcome, {{ username }}!</h1>
+    <h2>Your Habit Entries</h2>
+    {% if habits %}
+        <ul>
+            {% for habit in habits %}
+                <li>{{ habit.habit }} – {{ habit.date }}</li>
+            {% endfor %}
+        </ul>
+    {% else %}
+        <p>You haven't added any habits yet!</p>
+    {% endif %}
+{% endblock %}
@@ -0,0 +1,14 @@
+{% extends "layout.html" %}
+{% block title %}Dashboard{% endblock %}
+{% block body %}
+  <h2>Your Habits</h2>
+  {% if habits %}
+    <ul>
+      {% for habit in habits %}
+        <li>{{ habit.habit }} (Added on: {{ habit.date }})</li>
+      {% endfor %}
+    </ul>
+  {% else %}
+    <p>No habits added yet.</p>
+  {% endif %}
+{% endblock %}