from flask import Flask, request, jsonify, session from flask_sqlalchemy import SQLAlchemy from sqlalchemy.exc import IntegrityError from flask_cors import CORS app = Flask(__name__) CORS(app) app.secret_key = 'supersecretkey' app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://app_user:password@localhost/app_db' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False db = SQLAlchemy(app) class User(db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(80), unique=True, nullable=False) password = db.Column(db.String(120), nullable=False) @app.route('/login', methods=['POST']) def login(): data = request.json user = User.query.filter_by(username=data['username']).first() if user and user.password == data['password']: session['user_id'] = user.id return jsonify({'message': 'Logged in'}), 200 return jsonify({'message': 'Invalid credentials'}), 401 @app.route('/welcome', methods=['GET']) def welcome(): if 'user_id' in session: return jsonify({'message': 'Welcome!'}), 200 return jsonify({'message': 'Unauthorized'}), 401 @app.route('/admin/users', methods=['GET', 'POST', 'DELETE']) def manage_users(): if 'user_id' not in session: return jsonify({'message': 'Unauthorized'}), 401 if request.method == 'GET': users = User.query.all() return jsonify([{'id': u.id, 'username': u.username} for u in users]), 200 elif request.method == 'POST': data = request.json new_user = User(username=data['username'], password=data['password']) try: db.session.add(new_user) db.session.commit() return jsonify({'message': 'User added'}), 201 except IntegrityError: db.session.rollback() return jsonify({'message': 'User already exists'}), 400 elif request.method == 'DELETE': data = request.json user = User.query.filter_by(username=data['username']).first() if user: db.session.delete(user) db.session.commit() return jsonify({'message': 'User deleted'}), 200 return jsonify({'message': 'User not found'}), 404 if __name__ == '__main__': db.create_all() # Create tables app.run(debug=True)