Skip to content
/ Vault-PLV Public

(FireFly) Database Management System I Build For A PreK to 8th Grade School System. This is the public visibility repo.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DomMinnich/Vault-PLV

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
__pycache__
__pycache__
 
 
static
static
 
 
templates
templates
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
app.py
app.py
 
 
backup_db.py
backup_db.py
 
 
config.py
config.py
 
 
forms.py
forms.py
 
 
models.py
models.py
 
 
routes.py
routes.py
 
 
scheduler.py
scheduler.py
 
 

Repository files navigation

Vault

Logo2

Vault (I nick-named FireFly) is an inventory management system designed to pull away from a very large Excel file that held all Student and Staff data which always got overwhelmed by many different local copies and update issues. Offers a sleek, user-friendly experience with a dark and red-themed GUI. All webpages are dynamic and work on mobile. The system allows for comprehensive management of devices, personnel, and repairs, along with file handling and custom settings.

Section Links

OVERVIEW

  • User Management: Classify users as normal users or admins during registration based on a unique registration code.
  • Device Management: Add, edit, view, and delete devices within the inventory.
  • Personnel Management: Manage personnel details with the ability to add, edit, and view personnel information.
  • Repair Management: Track and manage repair details for devices, including adding and editing repair records.
  • Settings Page: Users can view their account type and admins can manage user accounts.
  • File Explorer: A custom file explorer to manage files and folders with functionalities such as rename, add subfolder, delete, and drag-and-drop for file uploads.
  • Backup and Restore: Maintain backups of the database for easy restoration.
  • Password Reset: Functionality for users to reset their passwords and for admins to reset passwords for other users.

Directory Structure

image

Login Page

The login page allows users to authenticate themselves to gain access to the system. Users need to provide their username and password. image

Register Page

The register page is where new users can create an account. There are different types of registration codes to determine privilages and account types. image

Homepage

The homepage provides an overview of the system and quick access to various functionalities. image

Settings Page

The settings page allows users to view their account type and update their personal settings. Admins have additional privileges to manage user accounts, including viewing all registered users, updating user roles, and resetting passwords etc.. image

Device Management

Device management allows users to add, update, and remove devices from the inventory. It includes functionalities to track device details, status, and device logs. image https://github.com/DomMinnich/InventorySys_experimental/assets/113619219/2ac32dae-5de9-4c17-8dd6-d221341463b9

Repair Management

The repair management section is dedicated to handling repair details of devices. Users can log repair requests, track the status of ongoing repairs, and view repair history. This section helps ensure timely maintenance and repair of devices in the inventory. image image image

Webfiles

The webfiles section is a custom file explorer that allows users to manage files within the miniRoot directory. Key features include:

For detailed information on specific security features, refer to the sections below:

Security Features

Configuration (config.py)

The configuration file typically contains important settings for the Flask application, such as secret keys, database URIs, and other configurations. Security aspects in this file include:

  • Secret Key: Crucial for session management and preventing CSRF attacks.
  • Database URI: Secure connection strings for database access.

Models (models.py)

This file defines the database schema using SQLAlchemy, which provides an ORM layer to prevent SQL injection attacks. Security considerations here include:

  • Data Validation: Ensuring that inputs are properly sanitized and validated.
  • Relationships and Constraints: Properly defined relationships and constraints to maintain data integrity.

Forms (forms.py)

This file handles the creation and validation of web forms using Flask-WTF. Key security aspects include:

  • CSRF Protection: Enabled by default with Flask-WTF, protecting against Cross-Site Request Forgery attacks.
  • Input Validation: Ensures that data submitted via forms is properly validated and sanitized.

Routes (routes.py)

This file defines the URL routes and associated view functions. It contains several security measures:

  • Authentication and Authorization: The use of @login_required decorator to ensure that certain routes can only be accessed by authenticated users.
  • Admin Checks: Ensuring that certain actions can only be performed by admin users, as indicated by checks like if not current_user.is_admin.
  • File Handling: Secure handling of file uploads and downloads, including path validation to prevent directory traversal attacks.

Specific Security Implementations

  1. User Authentication and Authorization:

    • Routes are protected with the @login_required decorator to ensure that only authenticated users can access them.
    • Additional checks are in place to ensure that only admin users can perform certain actions, such as deleting users or staff.

  2. CSRF Protection:

    • Flask-WTF forms include CSRF tokens by default, protecting the application from CSRF attacks.

  3. Input Validation:

    • Forms are validated using Flask-WTF, ensuring that data submitted by users is properly sanitized and validated before processing.

  4. Database Security:

    • SQLAlchemy ORM is used to interact with the database, which helps prevent SQL injection attacks by using parameterized queries.
    • Proper schema definitions and relationships maintain data integrity.

  5. File Handling Security:

    • Secure file handling mechanisms are in place, such as validating file paths with is_safe_path to prevent directory traversal attacks.
    • Uploaded files are handled carefully, with checks to ensure that only allowed file types are processed.

  6. Flash Messages:

    • Use of flash messages for user feedback, which helps in preventing certain types of attacks like phishing by ensuring users are aware of actions taken.

About

(FireFly) Database Management System I Build For A PreK to 8th Grade School System. This is the public visibility repo.

Topics

flask database-management html-css-javascript slqalchemy

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages