From efee16df4042b656de5d99a8f6cf4f184c3ae1a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= <vili.m.sinerva@gmail.com>
Date: Sun, 24 Nov 2024 17:58:53 +0200
Subject: [PATCH] Basic site functionality (add, delete, search) withouth added
 vulns

---
 notes/migrations/0001_initial.py | 26 +++++++++++++++
 notes/models.py                  |  6 +++-
 notes/templates/index.html       | 28 +++++++++++++++-
 notes/templates/search.html      | 30 +++++++++++++++++
 notes/urls.py                    |  3 ++
 notes/views.py                   | 57 +++++++++++++++++++++++++++-----
 6 files changed, 139 insertions(+), 11 deletions(-)
 create mode 100644 notes/migrations/0001_initial.py
 create mode 100644 notes/templates/search.html

diff --git a/notes/migrations/0001_initial.py b/notes/migrations/0001_initial.py
new file mode 100644
index 0000000..3c0053b
--- /dev/null
+++ b/notes/migrations/0001_initial.py
@@ -0,0 +1,26 @@
+# Generated by Django 3.2.13 on 2024-11-24 14:46
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Note',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('body', models.TextField()),
+                ('time', models.DateTimeField(auto_now_add=True)),
+                ('owner', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
diff --git a/notes/models.py b/notes/models.py
index 71a8362..34309e5 100644
--- a/notes/models.py
+++ b/notes/models.py
@@ -1,3 +1,7 @@
 from django.db import models
+from django.contrib.auth.models import User
 
-# Create your models here.
+class Note(models.Model):
+    owner = models.ForeignKey(User, on_delete=models.CASCADE)
+    body = models.TextField()
+    time = models.DateTimeField(auto_now_add=True)
diff --git a/notes/templates/index.html b/notes/templates/index.html
index 68b5c41..9635894 100644
--- a/notes/templates/index.html
+++ b/notes/templates/index.html
@@ -5,6 +5,32 @@
       {% csrf_token %}
       <input type="submit" value="Log out">
     </form>
-	  <h1>Hello, logged in user {{user.username }}!</h1>
+
+    <h1>Hello, {{user.username }}!</h1>
+
+    <h2>Notes:</h2>
+    {% for note in notes %}
+    <h4>{{note.time}}:</h4>
+    {{note.body}}
+    <form action="/remove/{{note.id}}/" method="POST">
+      {% csrf_token %}
+      <input type="submit" value="Delete">
+    </form>
+    {% endfor %}
+
+    <h2>Add note: </h2>
+    <form action="/add/" method="POST">
+      {% csrf_token %}
+      <input type="text" id="body" name="body"><br><br>
+      <input type="submit" value="Add note">
+    </form>
+
+    <h2>Search notes: </h2>
+    <form action="/search/" method="GET">
+      <label for="keyword">Search Text:</label><br>
+      <input type="text" id="keyword" name="keyword"}><br><br>
+      <input type="submit" value="Search">
+    </form>
+
   </body>
 </html>
diff --git a/notes/templates/search.html b/notes/templates/search.html
new file mode 100644
index 0000000..3b3c511
--- /dev/null
+++ b/notes/templates/search.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html lang="en">
+  <body>
+    <form action="/accounts/logout/" method="POST">
+      {% csrf_token %}
+      <input type="submit" value="Log out">
+    </form>
+    <br>
+    <a href="/">Back to Front Page</a>
+
+    <h2>Notes matching search "{{keyword}}":</h2>
+    {% for note in notes %}
+    <h4>{{note.time}}:</h4>
+    {{note.body}}
+    <form action="/remove/{{note.id}}/" method="POST">
+      {% csrf_token %}
+      <input type="submit" value="Delete">
+    </form>
+    {% endfor %}
+
+    <h2>Search again: </h2>
+    <form action="/search/" method="GET">
+      <label for="keyword">Search Text:</label><br>
+      <input type="text" id="keyword" name="keyword"}><br><br>
+      <input type="submit" value="Search">
+    </form>
+
+
+  </body>
+</html>
diff --git a/notes/urls.py b/notes/urls.py
index c95de96..ef50308 100644
--- a/notes/urls.py
+++ b/notes/urls.py
@@ -19,6 +19,9 @@ from notes import views
 
 urlpatterns = [
     path('', views.index, name='index'),
+    path('add/', views.add, name='add'),
+    path('remove/<int:note_id>/', views.remove, name='remove'),
+    path('search/', views.search, name='search'),
     path('accounts/login/', views.login_view, name='login'),
     path('accounts/logout/', views.logout_view, name='logout'),
 ]
diff --git a/notes/views.py b/notes/views.py
index fca147d..6c82a39 100644
--- a/notes/views.py
+++ b/notes/views.py
@@ -1,23 +1,59 @@
-from django.http import HttpResponse
+from django.http import HttpResponseRedirect
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth import authenticate, login, logout
 from django.shortcuts import render, redirect
 from django.views.decorators.csrf import csrf_exempt
-from django.contrib.auth.models import User
-from django.db import transaction, connection
+from django.db import connection
 
-# from notes.models import Note
+from notes.models import Note
 
 @login_required()
 def index(request):
     user = request.user
 
-#    notes = Note.objects.filter(owner=user)
-#    notes_list = [ { 'time' : note.time, 'body' : note.body } for note in notes ]
-#    notes_list.sort(key=lambda note: note['time'])
+    notes = Note.objects.filter(owner=user)
+    notes_list = [ { 'time' : note.time, 'body' : note.body, 'id' : note.id } for note in notes ]
+    notes_list.sort(key=lambda note: note['time'])
+
+    return render(request, 'index.html', { 'notes' : notes_list})
+
+
+@login_required()
+def add(request):
+    if request.method == 'POST':
+        user = request.user
+        body = request.POST.get('body')
+
+        Note.objects.create(owner=user, body=body)
+
+    return redirect("index")
+
+
+@login_required()
+def remove(request, note_id):
+    if request.method == 'POST':
+        user = request.user
+        note = Note.objects.get(pk=note_id)
+        if user == note.owner:
+            note.delete()
+
+    return HttpResponseRedirect(request.META.get('HTTP_REFERER', 'index'))
+
+
+@login_required()
+def search(request):
+    if request.method == 'GET':
+        user = request.user
+        keyword = request.GET.get('keyword')
+
+        notes = Note.objects.filter(owner=user, body__icontains=keyword)
+        notes_list = [ { 'time' : note.time, 'body' : note.body, 'id' : note.id } for note in notes ]
+        notes_list.sort(key=lambda note: note['time'])
+
+        return render(request, 'search.html', { 'notes' : notes_list, 'keyword' : keyword})
+
+    return redirect("index")
 
-#    return render(request, 'index.html', { 'notes' : notes_list})
-    return render(request, 'index.html')
 
 def login_view(request):
     if request.method == 'GET':
@@ -33,9 +69,12 @@ def login_view(request):
             return redirect("index")
         else:
             return render(request, 'login.html', { 'login_failed' : True })
+
     return redirect("index")
 
+
 def logout_view(request):
     if request.method == 'POST':
         logout(request)
+
     return redirect("index")