In [None]:
from sphinx.util import requests
from werkzeug.security import generate_password_hash as werkzeug_generate_password_hash
from werkzeug.security import check_password_hash as werkzeug_check_password_hash
from flask import Flask, render_template, request, redirect, url_for, flash
import sqlite3
from datetime import datetime
from pymongo import MongoClient
import pandas as pd
import re
import requests
import random


# Initialise the Flask application
app = Flask(__name__)
app.secret_key = 'f4M0vRr5264S'

###APP ROUTING###
# Route for the About page
@app.route('/about')
def about():
    return render_template('about.html')

# Route for the Contact Us Page
@app.route('/contact')
def contact():
    return render_template('contact.html')

# Route for the Home Page
@app.route('/')
def home():
    return render_template('home.html')

# Route for Logged In Page
@app.route('/logged_in')
def logged_in():
    return render_template('logged_in.html')

# Route for the Send a Message Alert
@app.route('/send_message', methods=['POST'])
def send_message():
    try:
        name = request.form['name']
        email = request.form['email']
        message = request.form['message']
        flash(f'Thank you {name}, your message has been sent!')
    except Exception as e:
        flash(f'An error occurred: {str}')
    return redirect(url_for('contact'))

# Route to display the success page
@app.route('/success/<string:first_name>', methods=['GET'])
def success(first_name):
    return render_template('success.html', first_name=first_name)


###USER FUNCTIONALITY###

@app.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        if app.config['TESTING'] == False:
            # Verify reCAPTCHA
            recaptcha_response = request.form.get('g-recaptcha-response')
            data = {
                'secret': app.config['RECAPTCHA_PRIVATE_KEY'],
                'response': recaptcha_response,
            }
            r = requests.post('https://www.google.com/recaptcha/api/siteverify', data=data)
            result = r.json()

            if not result['success']:
                flash('Invalid reCAPTCHA. Please try again.', 'error')
                return render_template('register.html', RECAPTCHA_PUBLIC_KEY=app.config['RECAPTCHA_PUBLIC_KEY'])

        # Retrieve form data
        first_name = request.form['first_name']
        last_name = request.form['last_name']
        username = request.form['username']
        email = request.form['email']
        password = request.form['password']

        # Validate email
        if not is_valid_email(email):
            flash('Invalid email address format. Please enter a valid email address.', 'error')
            return render_template('register.html', RECAPTCHA_PUBLIC_KEY=app.config['RECAPTCHA_PUBLIC_KEY'])

        # Validate password strength
        if not is_password_strong(password):
            flash('Password must be at least 8 characters long, include at least one upper case letter, number or special character.', 'error')
            return render_template('register.html',
                                   first_name=first_name,
                                   last_name=last_name,
                                   username=username,
                                   email=email,
                                   RECAPTCHA_PUBLIC_KEY=app.config['RECAPTCHA_PUBLIC_KEY'])

        # Hash the password before saving to the database
        hashed_password = generate_password_hash(password, method='pbkdf2:sha256')

        # Get the current timestamp
        created_at = datetime.now().strftime('%Y-%m-%d %H:%M:%S')

        try:
            create_user_record(created_at, email, first_name, hashed_password, last_name, username)
            # Redirect to the success page
            return redirect(url_for('success', first_name=first_name))
        except:
            flash('Email or username already registered.', 'error')
            return render_template('register.html',
                               first_name=first_name,
                               last_name=last_name,
                               username=username,
                               email=email)

    RECAPTCHA_PUBLIC_KEY = app.config['RECAPTCHA_PUBLIC_KEY']
    return render_template('register.html',
                           RECAPTCHA_PUBLIC_KEY=RECAPTCHA_PUBLIC_KEY)


# Email validation using regex
def is_valid_email(email):
    email_regex = r'^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$'
    return re.match(email_regex, email)

# Route for users
@app.route('/users')
def list_users():
    conn = sqlite3.connect('dataset/users.db')
    c = conn.cursor()
    c.execute("SELECT id, first_name, last_name, username, email, created_at FROM users")
    users = c.fetchall()
    conn.close()
    return render_template('users.html', users=users)

# Route to delete user ID
@app.route('/user_delete/<int:user_id>', methods=['POST'])
def delete_user(user_id):
    conn = sqlite3.connect('dataset/users.db')
    c = conn.cursor()
    c.execute('DELETE FROM users WHERE id = ?', (user_id,))
    conn.commit()
    conn.close()
    flash('User deleted successfully', 'success')
    return redirect(url_for('list_users'))

# Route to display confirmation of deleted user
@app.route('/confirm_user_delete/<int:user_id>', methods=['GET'])
def confirm_user_delete(user_id):
    conn = sqlite3.connect('dataset/users.db')
    c = conn.cursor()
    c.execute("SELECT id, first_name, last_name, username, email, created_at FROM users WHERE id = ?", (user_id,))
    user = c.fetchone()
    conn.close()
    return render_template('confirm_user_delete.html', user=user)

# Route to edit users
@app.route('/user_edit/<int:user_id>', methods=['GET'])
def user_edit(user_id):
    conn = sqlite3.connect('dataset/users.db')
    c = conn.cursor()
    c.execute("SELECT id, first_name, last_name, username, email FROM users WHERE id = ?", (user_id,))
    user = c.fetchone()
    conn.close()
    return render_template('user_edit.html', user=user)

# Route to handle submission form for updating user
@app.route('/update_user/<int:user_id>', methods=['POST'])
def update_user(user_id):
    first_name = request.form['first_name']
    last_name = request.form['last_name']
    username = request.form['username']
    email = request.form['email']
    conn = sqlite3.connect('dataset/users.db')
    c = conn.cursor()
    c.execute('''
        UPDATE users
        SET first_name = ?,
        last_name = ?,
        username = ?,
        email = ?
        WHERE id = ?
    ''', (first_name, last_name, username, email, user_id))
    conn.commit()
    conn.close()
    flash('User updated successfully', 'success')
    return redirect(url_for('list_users'))

# Route for the Login page
@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        username = request.form.get('username')
        password = request.form.get('password')

        # Try to match the login against the passed in values
        matches = get_user_record(username)

        if matches != None:
            if check_password_hash(password, matches[0]):
                return redirect(url_for('logged_in'))

    return render_template('login.html')

###STROKE DATA FUNCTIONALITY###

# Route to view patient data
@app.route('/view_patients')
def view_patients():
    # Connect to the MongoDB server
    client = MongoClient('mongodb+srv://0602750:strokedataassignment@strokedata.2lpyv.mongodb.net/')
    db = client['HealthcareDataset']
    collection = db['stroke_data']
    # Display the first 10 patients
    page = int(request.args.get('page', 1))
    per_page = 10
    # Ability to search the patient data set by ID only
    search_query = request.args.get('search', '').strip()

    query = {}
    if search_query:
        query = {"id": int(search_query)}
        total_items = collection.count_documents(query)
        total_pages = 1
        items = list(collection.find(query))
    else:
        total_items = collection.count_documents({})
        items = list(collection.find(query).skip((page - 1) * per_page).limit(per_page))

    total_pages = (total_items + per_page - 1) // per_page

    return render_template('view_patients.html', data=items, page=page, total_pages=total_pages, search_query=search_query)

# Route for the search function
@app.route('/search', methods=['GET'])
def search():
    # Connect to the MongoDB server
    client = MongoClient('mongodb+srv://0602750:strokedataassignment@strokedata.2lpyv.mongodb.net/')
    db = client['HealthcareDataset']
    collection = db['stroke_data']

    # Get the search query
    search_query = request.args.get('query', '').strip()

    if search_query:
        try:
            query = {"id": int(search_query)}
            items = list(collection.find(query))
            total_items = len(items)
            total_pages = 1
            page = 1
        except ValueError:
            items = []
            total_items = 0
            total_pages = 0
            page = 1
    else:
        items = []
        total_items = 0
        total_pages = 0
        page = 1

    return render_template('view_patients.html', data=items, page=page, total_pages=total_pages, search_query=search_query)

# Route to add new patient data
@app.route('/add_patient', methods=['GET', 'POST'])
def add_patient():
    if request.method == 'POST':
        # Connect to the MongoDB server
        client = MongoClient('mongodb+srv://0602750:strokedataassignment@strokedata.2lpyv.mongodb.net/')
        db = client['HealthcareDataset']
        collection = db['stroke_data']

        # Get form data
        id_input = request.form.get('id')
        if id_input:
            unique_id = int(id_input)
        else:
            unique_id = generate_unique_id(collection)

        patient_data = {
            'id': unique_id,
            'gender': request.form['gender'],
            'age': int(request.form['age']),
            'hypertension': int(request.form['hypertension']),
            'heart_disease': int(request.form['heart_disease']),
            'ever_married': request.form['ever_married'],
            'work_type': request.form['work_type'],
            'Residence_type': request.form['residence_type'],
            'avg_glucose_level': float(request.form['avg_glucose_level']),
            'bmi': float(request.form['bmi']),
            'smoking_status': request.form['smoking_status'],
            'stroke': int(request.form['stroke'])
        }

        # Insert the new patient data into the collection
        collection.insert_one(patient_data)

        # Flash a message to the user
        flash(f'Patient added to the database, ID number is {unique_id}')

        return redirect(url_for('view_patients'))

    # If GET request, render the form
    return render_template('add_patient.html')

# Route to delete patient data with a message confirming deletion
@app.route('/delete_patient', methods=['POST'])
def delete_patient():
    # Connect to the MongoDB server
    client = MongoClient('mongodb+srv://0602750:strokedataassignment@strokedata.2lpyv.mongodb.net/')
    db = client['HealthcareDataset']
    collection = db['stroke_data']

    # Get the patient ID from the form
    patient_id = int(request.form['id'])

    # Delete the patient from the collection
    collection.delete_one({'id': patient_id})

    # Flash a message to the user
    flash(f'Patient with ID {patient_id} has been deleted.')

    return redirect(url_for('view_patients'))

# Route to confirm user wants to delete patient data
@app.route('/confirm_delete_patient', methods=['POST'])
def confirm_delete_patient():
    patient_id = request.form['id']
    return render_template('confirm_delete_patient.html', patient_id=patient_id)


# Route to edit patient data
@app.route('/edit_patient', methods=['GET', 'POST'])
def edit_patient():
    # Connect to the MongoDB server
    client = MongoClient('mongodb+srv://0602750:strokedataassignment@strokedata.2lpyv.mongodb.net/')
    db = client['HealthcareDataset']
    collection = db['stroke_data']

    if request.method == 'POST':
        # Get form data
        patient_id = int(request.form['id'])
        updated_data = {
            'gender': request.form['gender'],
            'age': int(float(request.form['age'])),  # Convert to float first, then to int
            'hypertension': int(request.form['hypertension']),
            'heart_disease': int(request.form['heart_disease']),
            'ever_married': request.form['ever_married'],
            'work_type': request.form['work_type'],
            'Residence_type': request.form['residence_type'],
            'avg_glucose_level': float(request.form['avg_glucose_level']),
            'bmi': float(request.form['bmi']),
            'smoking_status': request.form['smoking_status'],
            'stroke': int(request.form['stroke'])
        }

        # Update the patient data in the collection
        collection.update_one({'id': patient_id}, {'$set': updated_data})

        # Flash a message to the user
        flash(f'Patient with ID {patient_id} has been updated.')

        return redirect(url_for('view_patients'))

    # If GET request, render the edit form
    patient_id = int(request.args.get('id'))
    patient = collection.find_one({'id': patient_id})
    return render_template('edit_patient.html', patient=patient)

# Function to generate a unique user ID for patients if the user does not provide
def generate_unique_id(collection):
    while True:
        new_id = random.randint(1, 1000000)
        if not collection.find_one({"id": new_id}):
            return new_id


###DATABASES###

# Initialise the SQLite Database
def init_db():
    conn = sqlite3.connect('dataset/users.db')
    c = conn.cursor()
    c.execute('''
    CREATE TABLE IF NOT EXISTS users
        (id INTEGER PRIMARY KEY AUTOINCREMENT,
        first_name TEXT NOT NULL,
        last_name TEXT NOT NULL,
        username TEXT NOT NULL,
        email TEXT NOT NULL,
        password TEXT NOT NULL,
        created_at TEXT NOT NULL
    )
    ''')
    conn.commit()
    conn.close()

# Route to load CSV file into MongoDB
@app.route('/upload', methods=['GET', 'POST'])
def upload():
    # Connect to the MongoDB server
    client = MongoClient('mongodb+srv://0602750:strokedataassignment@strokedata.2lpyv.mongodb.net/')
    db = client['HealthcareDataset']
    collection = db['stroke_data']

    if request.method == 'POST':
        file = request.files.get('file')
        # Check if a file is uploaded and has the correct file extension
        if not file:
            flash("No file uploaded. Please select a file.", "error")
            return redirect(url_for('upload'))

        if not file.filename.lower().endswith('.csv'):
            flash("Invalid file type. Please upload a CSV file.", "error")
            return redirect(url_for('upload'))

        try:
            # Load CSV file into DataFrame
            df = pd.read_csv(file)
            records = df.to_dict('records')

            # Clear the collection before inserting new records
            collection.delete_many({})

            # Insert records into MongoDB
            collection.insert_many(records)
            flash("Data has been successfully stored!", "success")
            return redirect('/view_patients')  # Redirect to the view page after uploading
        except Exception as e:
            flash(f"An error occurred while processing the file: {str(e)}", "error")
            return redirect(url_for('upload'))

    return render_template('upload.html')


# Gets the user record by username
def get_user_record(username):
    conn = sqlite3.connect('dataset/users.db')
    cursor = conn.cursor()
    cursor.execute("SELECT password, id FROM users WHERE username=?", (username,))
    matches = cursor.fetchone()
    conn.close()
    return matches

# Function to create user record in the database
def create_user_record(created_at, email, first_name, hashed_password, last_name, username):
    # Insert user data into the database
    try:
        conn = sqlite3.connect('dataset/users.db')
        c = conn.cursor()
        c.execute('''INSERT INTO users (first_name, last_name, username, email, password, created_at)
                         VALUES (?, ?, ?, ?, ?, ?)''',
                  (first_name, last_name, username, email, hashed_password, created_at))
        conn.commit()
        conn.close()
        print("User data inserted into the database")  # Debugging line

    except sqlite3.IntegrityError as e:
        raise e

###SECURITY###

#ReCaptcha Keys (DO NOT HARDCODE IN PRODUCTION)
app.config['RECAPTCHA_PUBLIC_KEY'] = '6Le9yoEqAAAAAFCAlEF3OT7d-vIeR_KxZN-KBpYY'
app.config['RECAPTCHA_PRIVATE_KEY'] = '6Le9yoEqAAAAAEpoEpmy0z-WOEYn54apiy9dKQnE'

# Function for hashing passwords
def generate_password_hash(password, method='pbkdf2:sha256'):
    return werkzeug_generate_password_hash(password, method)

def check_password_hash(password, hash):
    return werkzeug_check_password_hash(hash, password)

# Password strength validation
def is_password_strong(password):
    if len(password) < 8:
        return False
    if not re.search('[A-Z]', password):
        return False
    if not re.search('[a-z]', password):
        return False
    if not re.search('[0-9]', password):
        return False
    return True

# Initialise the database and run the Flask app
if __name__ == "__main__":
    init_db()
    app.config['TESTING'] = False
    app.run(port=8282, debug=False, ssl_context=('cert.pem', 'key.pem'))# Temporary SSL Cert (Testing only)

 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on https://127.0.0.1:8282
Press CTRL+C to quit
