first commit

backend/app.py

@@ -0,0 +1,76 @@
+import os
+from flask import Flask
+from flask_sqlalchemy import SQLAlchemy
+from flask_login import LoginManager
+from flask_migrate import Migrate
+from werkzeug.middleware.proxy_fix import ProxyFix
+
+db = SQLAlchemy()
+login_manager = LoginManager()
+migrate = Migrate()
+
+
+def create_app():
+    app = Flask(__name__, template_folder='templates', static_folder='static')
+
+    # Config
+    app.config['SECRET_KEY'] = os.environ['SECRET_KEY']
+    app.config['SQLALCHEMY_DATABASE_URI'] = os.environ['DATABASE_URL']
+    app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+    app.config['BASE_URL'] = os.environ.get('BASE_URL', 'http://localhost')
+    app.config['ORG_NAME']  = os.environ.get('ORG_NAME', 'GO! Scholengroep')
+
+    # OAuth2 config (voor later)
+    app.config['MICROSOFT_CLIENT_ID'] = os.environ.get('MICROSOFT_CLIENT_ID')
+    app.config['MICROSOFT_CLIENT_SECRET'] = os.environ.get('MICROSOFT_CLIENT_SECRET')
+    app.config['MICROSOFT_TENANT_ID'] = os.environ.get('MICROSOFT_TENANT_ID', 'common')
+    app.config['GOOGLE_CLIENT_ID'] = os.environ.get('GOOGLE_CLIENT_ID')
+    app.config['GOOGLE_CLIENT_SECRET'] = os.environ.get('GOOGLE_CLIENT_SECRET')
+
+    # ProxyFix: Flask zit achter nginx als reverse proxy.
+    # x_for=1, x_proto=1 zorgt dat Flask de echte client IP en https ziet.
+    app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
+
+    # Extensions
+    db.init_app(app)
+    migrate.init_app(app, db)
+    login_manager.init_app(app)
+    login_manager.login_view = 'auth.login'
+    login_manager.login_message = 'Gelieve in te loggen.'
+
+    # Import models (zodat Flask-Migrate ze kent)
+    from models import User, School, SchoolYear, Class, TeacherClass, Assessment
+
+    @login_manager.user_loader
+    def load_user(user_id):
+        return User.query.get(int(user_id))
+
+    # Blueprints registreren
+    from routes.auth import auth_bp
+    from routes.api import api_bp
+    from routes.admin import admin_bp
+    from routes.pages import pages_bp
+
+    app.register_blueprint(auth_bp, url_prefix='/auth')
+    app.register_blueprint(api_bp, url_prefix='/api')
+    app.register_blueprint(admin_bp, url_prefix='/admin')
+    app.register_blueprint(pages_bp)
+
+    # ── Auditlog cleanup (1 jaar bewaren) ─────────────────────────────────────
+    @app.cli.command('cleanup-audit')
+    def cleanup_audit():
+        """Verwijder auditlog entries ouder dan 1 jaar. Voer uit via cron of handmatig."""
+        from models import AuditLog
+        from datetime import datetime, timedelta
+        cutoff  = datetime.utcnow() - timedelta(days=365)
+        deleted = AuditLog.query.filter(AuditLog.timestamp < cutoff).delete()
+        db.session.commit()
+        print(f"Verwijderd: {deleted} audit entries ouder dan {cutoff.date()}")
+
+    return app
+
+
+app = create_app()
+
+if __name__ == '__main__':
+    app.run(debug=True, host='0.0.0.0', port=5000)