from flask import Blueprint, Response, redirect, request from sqlalchemy import select from l4d2web.auth import require_admin from l4d2web.db import session_scope from l4d2web.models import Overlay from l4d2web.services.security import validate_overlay_path bp = Blueprint("overlay", __name__) @bp.post("/overlays") @require_admin def create_overlay() -> Response: name = request.form.get("name", "").strip() raw_path = request.form.get("path", "").strip() if not name or not raw_path: return Response("missing fields", status=400) try: validated_path = validate_overlay_path(raw_path) except ValueError as exc: return Response(str(exc), status=400) with session_scope() as db: existing = db.scalar(select(Overlay).where(Overlay.name == name)) if existing is not None: return Response("overlay already exists", status=409) db.add(Overlay(name=name, path=str(validated_path))) return redirect("/overlays") @bp.post("/overlays/") @require_admin def update_overlay(overlay_id: int) -> Response: name = request.form.get("name", "").strip() raw_path = request.form.get("path", "").strip() if not name or not raw_path: return Response("missing fields", status=400) try: validated_path = validate_overlay_path(raw_path) except ValueError as exc: return Response(str(exc), status=400) with session_scope() as db: overlay = db.scalar(select(Overlay).where(Overlay.id == overlay_id)) if overlay is None: return Response(status=404) overlay.name = name overlay.path = str(validated_path) return redirect("/overlays") @bp.post("/overlays//delete") @require_admin def delete_overlay(overlay_id: int) -> Response: with session_scope() as db: overlay = db.scalar(select(Overlay).where(Overlay.id == overlay_id)) if overlay is None: return Response(status=404) db.delete(overlay) return redirect("/overlays")