Initial commit: Konzept v2 + Etappe 1 (Blueprints + Login + Profile)
Schwester-Projekt zu arduino.lehrstun.de fuer die 3D-Druck-AG am Lessing-Gymnasium. Offene jahrelange Nachmittags-AG (kein Trimester), 8-10 Einzel-SuS mit optionalen 2er-Paarungen, 4 Bambu-Lab-Drucker (3 geschlossen + 1 A1 mini). Konzept v2 (Reality-Check-Iteration 2026-05-24): - Onboarding-Pfad statt Pflicht-Lektionen (L1-L3 selbst-zertifiziert) - Selbstlern-Loop als Kern: SuS-Projekte wachsen die interne Bibliothek - Drill-Down-Lehrer-Dashboard (Wer ist hier / Wartet Review / Haengt fest) - Cockpit progressiv: zeigt nur was zum Status passt - Bambu-Cloud-API fuer Drucker-Live-Status (fragil + Fallback manuell) - Three.js-Vorschau fuer Cover-aus-3D-Ansicht (Etappe 6) - Vollstaendige Doku als Obsidian-Vault (24 Markdown-Dateien) - Entscheidungen E-001 bis E-022 in docs/decisions.md Etappe 1 lauffaehig (~1800 Zeilen Code): - Blueprint-Struktur (V8): routes/oeffentlich+profil+admin+api, services/auth+bambu+datei - Komplettes Schema in database.py (14 Tabellen, idempotent) - Login mit bcrypt + persistentem Lockout in DB (V7, verbessert ggue Arduino-Kurs der In-Memory-Dict nutzt) - Admin-Login + Profile-CRUD + PIN-Reset + PIN-Karten-Druckbogen - Inline-Edit-Endpunkt mit Whitelist + Audit-Log - Seeds: AG lessing-3d-ag + 4 Drucker + Default-Einstellungen - Smoke-Test bestanden (Login, Profil-Anlage, Lockout-Logging) Nicht im Repo (.gitignore): .env, *.db, venv/, .obsidian/workspace.json
This commit is contained in:
10
routes/__init__.py
Normal file
10
routes/__init__.py
Normal file
@@ -0,0 +1,10 @@
|
||||
"""Routes-Package fuer 3d.lehrstun.de.
|
||||
|
||||
Blueprint-Struktur nach V8-Entscheidung (siehe docs/decisions.md#E-020).
|
||||
|
||||
Module:
|
||||
- oeffentlich: Startseite, Lektionen, Software, Projekt-Katalog, Drucker, Troubleshooting
|
||||
- profil: Login, Cockpit, eigene Projekte/Auftraege/Slots
|
||||
- admin: Dashboard, Profile-Verwaltung, Review-Queue, Inline-Edit
|
||||
- api: JSON-Endpunkte fuer Frontend-Polling
|
||||
"""
|
||||
259
routes/admin.py
Normal file
259
routes/admin.py
Normal file
@@ -0,0 +1,259 @@
|
||||
"""Admin-Routen: Login, Profile-Verwaltung, Inline-Edit.
|
||||
|
||||
Etappe 1: Admin-Login + Profil-Anlage/-Loeschung + PIN-Karten-Druckbogen + Inline-Edit.
|
||||
Etappe 2: Drill-Down-Dashboard (V5).
|
||||
Etappe 6: Projekt-Review-Queue.
|
||||
Etappe 7: Druckauftrag-Freigabe + Slot-Priorisierung.
|
||||
"""
|
||||
import secrets
|
||||
|
||||
from flask import Blueprint, render_template, request, redirect, url_for, session, flash, jsonify, abort
|
||||
|
||||
from database import get_db
|
||||
from services.auth import pin_hashen, admin_passwort_pruefen, admin_required
|
||||
from tiere import TIERE, tier_emoji, tier_name
|
||||
|
||||
bp = Blueprint("admin", __name__, url_prefix="/admin")
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Whitelist fuer Inline-Edit (Pattern vom Arduino-Kurs)
|
||||
# ===========================================================================
|
||||
|
||||
ERLAUBTE_INLINE_TABELLEN = {
|
||||
# Tabelle -> Set erlaubter Felder
|
||||
"lektion": {"titel", "aufgabe_md", "tipp_md", "extern_link"},
|
||||
"einstellung": {"wert"},
|
||||
"drucker": {"name", "notiz"},
|
||||
# spaeter:
|
||||
# "projekt": {"titel", "beschreibung_md"} -- mit Status-Check, Etappe 6
|
||||
# "software_seite": {"titel", "inhalt_md", "url", "quickstart_md"} -- Etappe 3
|
||||
}
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Admin-Login
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/login", methods=["GET", "POST"])
|
||||
def admin_login():
|
||||
"""Passwort-Eingabe fuer Admin-Modus. Passwort aus .env (ADMIN_PASSWORT)."""
|
||||
if request.method == "POST":
|
||||
eingabe = (request.form.get("passwort") or "").strip()
|
||||
if admin_passwort_pruefen(eingabe):
|
||||
session["admin"] = True
|
||||
flash("Admin-Modus aktiv.", "success")
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
flash("Falsches Passwort.", "error")
|
||||
return render_template("admin_login.html")
|
||||
|
||||
|
||||
@bp.route("/logout")
|
||||
def admin_logout():
|
||||
session.pop("admin", None)
|
||||
flash("Admin-Modus aus.", "success")
|
||||
return redirect(url_for("oeffentlich.index"))
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Profil-Verwaltung (Etappe 1)
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/profile")
|
||||
@admin_required
|
||||
def profile_liste():
|
||||
conn = get_db()
|
||||
profile = conn.execute(
|
||||
"SELECT p.id, p.vorname, p.tier, p.aktiv, p.erstellt_am, "
|
||||
" p.ag_id, ag.name AS ag_name "
|
||||
"FROM profil p "
|
||||
"LEFT JOIN ag_mitgliedschaft ag ON p.ag_id = ag.id "
|
||||
"ORDER BY p.aktiv DESC, p.vorname COLLATE NOCASE"
|
||||
).fetchall()
|
||||
ags = conn.execute("SELECT id, name FROM ag_mitgliedschaft WHERE status = 'aktiv'").fetchall()
|
||||
conn.close()
|
||||
return render_template(
|
||||
"admin_profile.html",
|
||||
profile=profile,
|
||||
ags=ags,
|
||||
tiere=TIERE,
|
||||
)
|
||||
|
||||
|
||||
@bp.route("/profil/neu", methods=["POST"])
|
||||
@admin_required
|
||||
def profil_neu():
|
||||
"""Neues Profil anlegen. Generiert automatisch eine 4-stellige PIN, zeigt sie einmalig."""
|
||||
vorname = (request.form.get("vorname") or "").strip()
|
||||
tier = (request.form.get("tier") or "").strip()
|
||||
ag_id = (request.form.get("ag_id") or "").strip()
|
||||
|
||||
if not (vorname and tier and ag_id):
|
||||
flash("Bitte Vorname, Tier und AG angeben.", "error")
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
|
||||
# PIN generieren: 4-stellig, mit fuehrenden Nullen
|
||||
pin = f"{secrets.randbelow(10000):04d}"
|
||||
pin_hash = pin_hashen(pin)
|
||||
|
||||
conn = get_db()
|
||||
try:
|
||||
cur = conn.execute(
|
||||
"INSERT INTO profil (vorname, tier, pin_hash, ag_id, aktiv) "
|
||||
"VALUES (?, ?, ?, ?, 1)",
|
||||
(vorname, tier, pin_hash, ag_id)
|
||||
)
|
||||
conn.commit()
|
||||
neue_id = cur.lastrowid
|
||||
except Exception as e:
|
||||
conn.close()
|
||||
flash(f"Fehler beim Anlegen: {e}", "error")
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
conn.close()
|
||||
|
||||
# PIN als Flash zeigen — nur EINMAL sichtbar, danach nur Hash in DB
|
||||
flash(
|
||||
f"Profil '{vorname}' {tier_emoji(tier)} angelegt. "
|
||||
f"PIN: {pin} — bitte aufschreiben, sie wird nicht erneut gezeigt.",
|
||||
"success"
|
||||
)
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
|
||||
|
||||
@bp.route("/profil/<int:profil_id>/aktiv", methods=["POST"])
|
||||
@admin_required
|
||||
def profil_aktiv_toggle(profil_id):
|
||||
"""Profil aktiv/inaktiv schalten (statt loeschen, weil FK-Cascade die ganze Historie killen wuerde)."""
|
||||
conn = get_db()
|
||||
conn.execute(
|
||||
"UPDATE profil SET aktiv = CASE aktiv WHEN 1 THEN 0 ELSE 1 END WHERE id = ?",
|
||||
(profil_id,)
|
||||
)
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
|
||||
|
||||
@bp.route("/profil/<int:profil_id>/pin-reset", methods=["POST"])
|
||||
@admin_required
|
||||
def profil_pin_reset(profil_id):
|
||||
"""Neue PIN generieren, einmalig zeigen."""
|
||||
conn = get_db()
|
||||
profil = conn.execute(
|
||||
"SELECT id, vorname, tier FROM profil WHERE id = ?",
|
||||
(profil_id,)
|
||||
).fetchone()
|
||||
if not profil:
|
||||
conn.close()
|
||||
flash("Profil nicht gefunden.", "error")
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
|
||||
pin = f"{secrets.randbelow(10000):04d}"
|
||||
pin_hash = pin_hashen(pin)
|
||||
conn.execute("UPDATE profil SET pin_hash = ? WHERE id = ?", (pin_hash, profil_id))
|
||||
# Lockout zuruecksetzen, falls einer aktiv war
|
||||
conn.execute("DELETE FROM login_lockout WHERE profil_id = ?", (profil_id,))
|
||||
conn.commit()
|
||||
conn.close()
|
||||
|
||||
flash(
|
||||
f"Neue PIN fuer '{profil['vorname']}' {tier_emoji(profil['tier'])}: {pin} "
|
||||
f"— bitte sofort aufschreiben.",
|
||||
"success"
|
||||
)
|
||||
return redirect(url_for("admin.profile_liste"))
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Inline-Edit (Etappe 1)
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/inline-edit", methods=["POST"])
|
||||
@admin_required
|
||||
def inline_edit():
|
||||
"""Universal-Endpunkt fuer Inline-Edit. Prueft Whitelist + loggt Aenderung."""
|
||||
tabelle = (request.form.get("tabelle") or "").strip()
|
||||
datensatz_id = request.form.get("id")
|
||||
feld = (request.form.get("feld") or "").strip()
|
||||
neuer_wert = request.form.get("wert", "")
|
||||
|
||||
# Whitelist-Pruefung
|
||||
if tabelle not in ERLAUBTE_INLINE_TABELLEN:
|
||||
return jsonify(ok=False, error=f"Tabelle '{tabelle}' nicht erlaubt"), 400
|
||||
if feld not in ERLAUBTE_INLINE_TABELLEN[tabelle]:
|
||||
return jsonify(ok=False, error=f"Feld '{feld}' nicht erlaubt"), 400
|
||||
try:
|
||||
datensatz_id = int(datensatz_id)
|
||||
except (TypeError, ValueError):
|
||||
return jsonify(ok=False, error="Ungueltige ID"), 400
|
||||
|
||||
conn = get_db()
|
||||
# Alten Wert lesen fuer Log
|
||||
alt_row = conn.execute(
|
||||
f"SELECT {feld} AS alt FROM {tabelle} WHERE id = ?",
|
||||
(datensatz_id,)
|
||||
).fetchone()
|
||||
if not alt_row:
|
||||
conn.close()
|
||||
return jsonify(ok=False, error="Datensatz nicht gefunden"), 404
|
||||
alter_wert = alt_row["alt"]
|
||||
|
||||
# Update
|
||||
conn.execute(
|
||||
f"UPDATE {tabelle} SET {feld} = ? WHERE id = ?",
|
||||
(neuer_wert, datensatz_id)
|
||||
)
|
||||
# Audit-Log
|
||||
conn.execute(
|
||||
"INSERT INTO aenderung_log (tabelle, datensatz_id, feld, alter_wert, neuer_wert) "
|
||||
"VALUES (?, ?, ?, ?, ?)",
|
||||
(tabelle, datensatz_id, feld, str(alter_wert) if alter_wert is not None else "", neuer_wert)
|
||||
)
|
||||
conn.commit()
|
||||
conn.close()
|
||||
return jsonify(ok=True, wert=neuer_wert)
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Druckbogen fuer PIN-Karten (Etappe 1, CSS-Print)
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/profile/karten")
|
||||
@admin_required
|
||||
def profile_karten():
|
||||
"""Druckbogen mit Profil-Karten — Tier, Vorname, Platz fuer PIN handschriftlich."""
|
||||
conn = get_db()
|
||||
profile = conn.execute(
|
||||
"SELECT id, vorname, tier FROM profil WHERE aktiv = 1 "
|
||||
"ORDER BY vorname COLLATE NOCASE"
|
||||
).fetchall()
|
||||
conn.close()
|
||||
return render_template("admin_profile_karten.html", profile=profile)
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Stubs fuer spaetere Etappen
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/dashboard")
|
||||
@admin_required
|
||||
def dashboard():
|
||||
abort(501) # Etappe 2
|
||||
|
||||
|
||||
@bp.route("/lektionen")
|
||||
@admin_required
|
||||
def admin_lektionen():
|
||||
abort(501) # Etappe 3
|
||||
|
||||
|
||||
@bp.route("/drucker")
|
||||
@admin_required
|
||||
def admin_drucker():
|
||||
abort(501) # Etappe 5
|
||||
|
||||
|
||||
@bp.route("/projekt-freigabe")
|
||||
@admin_required
|
||||
def projekt_freigabe():
|
||||
abort(501) # Etappe 6
|
||||
27
routes/api.py
Normal file
27
routes/api.py
Normal file
@@ -0,0 +1,27 @@
|
||||
"""JSON-API fuer Frontend-Polling. Voll in Etappen 5/6.
|
||||
|
||||
Etappe 5: /api/drucker/status (Live-Status fuer /drucker)
|
||||
Etappe 6: /api/projekte/suche (Filter-Live-Suche im Katalog)
|
||||
Etappe 5: /api/slots/heute (Slot-Polling)
|
||||
"""
|
||||
from flask import Blueprint, jsonify, abort
|
||||
|
||||
bp = Blueprint("api", __name__, url_prefix="/api")
|
||||
|
||||
|
||||
@bp.route("/drucker/status")
|
||||
def drucker_status():
|
||||
"""Etappe 5: JSON aller 4 Drucker mit Status/Restzeit."""
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/slots/heute")
|
||||
def slots_heute():
|
||||
"""Etappe 6: JSON aller aktiven/anstehenden Slots heute."""
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/projekte/suche")
|
||||
def projekte_suche():
|
||||
"""Etappe 6: Filter-Live-Suche im Katalog."""
|
||||
abort(501)
|
||||
56
routes/oeffentlich.py
Normal file
56
routes/oeffentlich.py
Normal file
@@ -0,0 +1,56 @@
|
||||
"""Oeffentliche Routen (kein Login noetig).
|
||||
|
||||
Etappe 1: nur Startseite + Error-Handler portiert.
|
||||
Etappe 3: Lektionen, Software, Projekt-Katalog, Troubleshooting.
|
||||
Etappe 5: Drucker-Live-View.
|
||||
"""
|
||||
from flask import Blueprint, render_template, abort
|
||||
|
||||
bp = Blueprint("oeffentlich", __name__)
|
||||
|
||||
|
||||
@bp.route("/")
|
||||
def index():
|
||||
return render_template("index.html")
|
||||
|
||||
|
||||
# Stubs fuer spaetere Etappen — geben 501 zurueck, damit Navigation nicht bricht.
|
||||
|
||||
@bp.route("/lektionen")
|
||||
def lektionen():
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/lektion/<int:nummer>")
|
||||
def lektion_detail(nummer):
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/software")
|
||||
def software():
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/software/<slug>")
|
||||
def software_detail(slug):
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/projekte")
|
||||
def projekte():
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/projekte/<int:projekt_id>")
|
||||
def projekt_detail(projekt_id):
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/troubleshooting")
|
||||
def troubleshooting():
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/drucker")
|
||||
def drucker():
|
||||
abort(501)
|
||||
131
routes/profil.py
Normal file
131
routes/profil.py
Normal file
@@ -0,0 +1,131 @@
|
||||
"""SuS-Profil-Routen: Login, Cockpit (Skelett), Logout.
|
||||
|
||||
Etappe 1: Login-Flow mit bcrypt + persistenter Lockout (E-020 V7).
|
||||
Etappe 2: Cockpit (progressiv), Check-In, Paarung.
|
||||
Etappe 6: Projekt-Workflow.
|
||||
Etappe 7: Druckauftraege + Slots.
|
||||
"""
|
||||
from flask import Blueprint, render_template, request, redirect, url_for, session, flash, abort
|
||||
|
||||
from database import get_db
|
||||
from services.auth import (
|
||||
pin_pruefen,
|
||||
ist_gesperrt,
|
||||
fehlversuch_loggen,
|
||||
lockout_zuruecksetzen,
|
||||
login_required,
|
||||
)
|
||||
from tiere import tier_emoji, tier_name
|
||||
|
||||
bp = Blueprint("profil", __name__)
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Login-Flow (Etappe 1)
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/login")
|
||||
def login():
|
||||
"""Kachel-Seite mit allen aktiven Profilen (Vorname + Tier-Icon)."""
|
||||
conn = get_db()
|
||||
profile = conn.execute(
|
||||
"SELECT id, vorname, tier FROM profil WHERE aktiv = 1 "
|
||||
"ORDER BY vorname COLLATE NOCASE, tier"
|
||||
).fetchall()
|
||||
conn.close()
|
||||
return render_template("login.html", profile=profile)
|
||||
|
||||
|
||||
@bp.route("/login/<int:profil_id>", methods=["GET", "POST"])
|
||||
def login_pin(profil_id):
|
||||
"""PIN-Eingabe fuer ein gewaehltes Profil."""
|
||||
conn = get_db()
|
||||
profil = conn.execute(
|
||||
"SELECT id, vorname, tier, pin_hash, aktiv FROM profil WHERE id = ?",
|
||||
(profil_id,)
|
||||
).fetchone()
|
||||
conn.close()
|
||||
|
||||
if not profil or not profil["aktiv"]:
|
||||
flash("Profil nicht gefunden.", "error")
|
||||
return redirect(url_for("profil.login"))
|
||||
|
||||
# Lockout-Check (persistent in DB, V7)
|
||||
gesperrt, sek_rest = ist_gesperrt(profil_id)
|
||||
if gesperrt:
|
||||
min_rest = sek_rest // 60 + 1
|
||||
return render_template(
|
||||
"login_pin.html",
|
||||
profil=profil,
|
||||
gesperrt=True,
|
||||
min_rest=min_rest
|
||||
)
|
||||
|
||||
if request.method == "POST":
|
||||
eingabe_pin = (request.form.get("pin") or "").strip()
|
||||
if pin_pruefen(eingabe_pin, profil["pin_hash"]):
|
||||
# Erfolg: Lockout zuruecksetzen, Session befuellen
|
||||
lockout_zuruecksetzen(profil_id)
|
||||
session.clear()
|
||||
session["profil_id"] = profil["id"]
|
||||
session["vorname"] = profil["vorname"]
|
||||
session["tier"] = profil["tier"]
|
||||
return redirect(url_for("profil.cockpit"))
|
||||
else:
|
||||
fehlversuch_loggen(profil_id)
|
||||
flash("Falsche PIN. Versuch's nochmal.", "error")
|
||||
|
||||
return render_template("login_pin.html", profil=profil, gesperrt=False)
|
||||
|
||||
|
||||
@bp.route("/logout")
|
||||
def logout():
|
||||
session.clear()
|
||||
flash("Du bist ausgeloggt.", "success")
|
||||
return redirect(url_for("oeffentlich.index"))
|
||||
|
||||
|
||||
# ===========================================================================
|
||||
# Cockpit (Etappe 1: Minimal-Stub, voll in Etappe 2 mit progressivem Layout)
|
||||
# ===========================================================================
|
||||
|
||||
@bp.route("/cockpit")
|
||||
@login_required
|
||||
def cockpit():
|
||||
"""Minimal-Stub fuer Etappe 1.
|
||||
|
||||
Etappe 2 macht das progressiv (V1):
|
||||
- Onboarding nicht erledigt: nur Onboarding-Karte + Check-In-Trigger
|
||||
- L1 fertig: zusaetzlich Drucker-Buchung
|
||||
- Hat aktive Projekte: zusaetzlich Projekt-Karten, Druckauftraege, Slots
|
||||
"""
|
||||
return render_template(
|
||||
"cockpit_stub.html",
|
||||
vorname=session.get("vorname"),
|
||||
tier=session.get("tier"),
|
||||
)
|
||||
|
||||
|
||||
# Spaetere Etappen — Stubs damit Navigation nicht bricht
|
||||
@bp.route("/cockpit/check-in", methods=["POST"])
|
||||
@login_required
|
||||
def check_in():
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/cockpit/lektion/<int:nummer>/status", methods=["POST"])
|
||||
@login_required
|
||||
def lektion_status(nummer):
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/cockpit/slots")
|
||||
@login_required
|
||||
def slots():
|
||||
abort(501)
|
||||
|
||||
|
||||
@bp.route("/cockpit/druckauftraege")
|
||||
@login_required
|
||||
def druckauftraege():
|
||||
abort(501)
|
||||
Reference in New Issue
Block a user