added validation on server

Author: Mole1424

config.py

@@ -1,3 +1,4 @@
+import re
 from pathlib import Path
 
 # custom colours
@@ -24,7 +25,19 @@
     "milk": "#4BB3FF",
 }
 
-# custom icons
-icons = [
+# custom icons from static/icons directory
+custom_icons = [
     f.stem for f in Path("static/icons").iterdir() if f.is_file() and f.suffix == ".svg"
 ]
+
+# phosphor icons from static/icons/phosphor-bold.css
+phosphor_icons = sorted(
+    set(
+        re.findall(
+            r"\.ph-([a-z0-9-]+)::before",
+            Path("static/icons/phosphor-bold.css").read_text(),
+        )
+    )
+)
+
+icons = sorted(custom_icons + phosphor_icons)

events/api.py

@@ -1,6 +1,7 @@
 from flask import Blueprint, Response, jsonify, request
 
 from auth.auth import valid_api_auth
+from config import colours, icons
 from events.utils import (
     create_event,
     create_repeat_event,
@@ -661,3 +662,43 @@ def get_week_by_date(date_str: str) -> tuple[Response, int]:
         return jsonify({"error": "Week not found"}), 404
 
     return jsonify(week.to_dict()), 200
+
+
+@events_api_bp.route("/colours", methods=["GET"])
+def get_colours() -> tuple[Response, int]:
+    """Get all available colours
+    ---
+    security: []
+    responses:
+        200:
+            description: A JSON object containing all available colours.
+            schema:
+                type: object
+                additionalProperties:
+                    type: string
+        404:
+            description: No colours found.
+    """
+    if not colours:
+        return jsonify({"error": "No colours found"}), 404
+    return jsonify(colours), 200
+
+
+@events_api_bp.route("/icons", methods=["GET"])
+def get_icons() -> tuple[Response, int]:
+    """Get all available icons
+    ---
+    security: []
+    responses:
+        200:
+            description: A JSON object containing all available icons.
+            schema:
+                type: object
+                additionalProperties:
+                    type: string
+        404:
+            description: No icons found.
+    """
+    if not icons:
+        return jsonify({"error": "No icons found"}), 404
+    return jsonify(icons), 200

events/utils.py

@@ -5,6 +5,7 @@
 import pytz
 import requests
 
+from config import colours
 from schema import Event, Tag, Week, db
 
 
@@ -392,15 +393,11 @@ def validate_colour(text_colour: str | None, hex_colour: str | None) -> str | No
 
 def get_hex_from_name(name: str) -> str | None:
     """Get the hex colour from a name"""
-    with Path("colours.json").open("r") as f:
-        colours = load(f)
-    return colours.get(name.lower(), None)  # type: ignore
+    return colours.get(name.lower(), None)
 
 
 def get_name_from_hex(hex_colour: str) -> str | None:
     """Get the name of a colour from its hex code"""
-    with Path("colours.json").open("r") as f:
-        colours = load(f)
     for name, hex_code in colours.items():
         if hex_code.lower() == hex_colour.lower():
             return name

schema.py

@@ -1,14 +1,14 @@
 import re
 from datetime import date, datetime, timedelta
-from json import load
-from pathlib import Path
 
 import pytz
 from flask import Flask
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import and_, func
 from sqlalchemy.orm import foreign
 
+from config import colours, custom_icons, icons
+
 db = SQLAlchemy()
 
 
@@ -180,15 +180,16 @@ def validate(self) -> str | None:
 
         # check if colour is valid
         colour_regex = re.compile(r"^#[0-9a-fA-F]{6}$")
-        if self.colour:
-            if colour_regex.match(self.colour):
-                return None
-            with Path("colours.json").open("r") as f:
-                colours = load(f)
-            if self.colour in colours:
-                return None
+        if self.colour and (
+            not colour_regex.match(self.colour) or self.colour not in colours
+        ):
+            return "Colour must be a valid hex code or one of: " + ", ".join(colours)
+
+        # check if icon is valid
+        if self.icon and self.icon not in icons:
             return (
-                f"Colour must be one of {", ".join(colours.keys())} or a valid hex code"
+                "Icon must be a phosphor icon (https://phosphoricons.com/) or one of: "
+                + ", ".join(custom_icons)
             )
 
         return None

templates/events/form.html

@@ -17,11 +17,11 @@ <h1>Create Event</h1>
 
             {% with messages = get_flashed_messages() %}
                 {% if messages %}
-                <div class="alert alert-danger col-12">
-                    {% for message in messages %}
-                        {{ message }}
-                    {% endfor %}
-                </div>
+                    <div class="alert alert-danger col-12">
+                        {% for message in messages %}
+                            {{ message }}
+                        {% endfor %}
+                    </div>
                 {% endif %}
             {% endwith %}
 
@@ -161,6 +161,11 @@ <h1>Create Event</h1>
             <div class="form-floating col-md-8 offset-md-2">
                 <input type="text" name="tags" id="tags" class="form-control no-validate" placeholder="tag1,tag2,tag3">
                 <label for="tags">Tags</label>
+                <datalist id="tags-list">
+                    {% for tag in tags %}
+                        <option value="{{ tag }}">
+                    {% endfor %}
+                </datalist>
             </div>
 
             <!-- submit -->