Update app.py

app.py

@@ -7,29 +7,54 @@ from werkzeug.security import generate_password_hash, check_password_hash
 from threading import Lock
 
 app = Flask(__name__)
-app.secret_key = os.environ.get("SECRET_KEY", "dev_key_change_this")
+app.secret_key = os.environ.get("SECRET_KEY", "super_secret_key_123")
 
-# --- DATABASE CONFIG ---
+# --- CONFIGURATION ---
 HF_TOKEN = os.environ.get("HF_TOKEN")
 DB_REPO = os.environ.get("DB_REPO") 
 DB_FILE = "db.json"
 api = HfApi(token=HF_TOKEN)
 db_lock = Lock()
 
+# --- STARTER DATA (So the site isn't empty!) ---
+DEFAULT_PINS = [
+    {"id": 1, "url": "https://images.unsplash.com/photo-1541963463532-d68292c34b19", "caption": "Nature Vibes", "author": "System"},
+    {"id": 2, "url": "https://images.unsplash.com/photo-1493246507139-91e8fad9978e", "caption": "Alpine Lake", "author": "System"},
+    {"id": 3, "url": "https://images.unsplash.com/photo-1511497584788-876760111969", "caption": "Forest Mist", "author": "System"},
+    {"id": 4, "url": "https://images.unsplash.com/photo-1682687982501-1e58ab814714", "caption": "Desert Life", "author": "System"},
+    {"id": 5, "url": "https://images.unsplash.com/photo-1472214103451-9374bd1c798e", "caption": "Green Valley", "author": "System"}
+]
+
 def load_db():
+    # If secrets are missing, warn the user but load default images
     if not HF_TOKEN or not DB_REPO:
-        return {"users": {}, "pins": []}
+        print("WARNING: HF_TOKEN or DB_REPO secrets are missing. Site is Read-Only.")
+        return {"users": {}, "pins": DEFAULT_PINS}
+
     try:
         path = hf_hub_download(repo_id=DB_REPO, filename=DB_FILE, repo_type="dataset", token=HF_TOKEN)
         with open(path, 'r') as f:
-            return json.load(f)
-    except:
-        return {"users": {}, "pins": []}
+            data = json.load(f)
+            # If DB has no pins, mix in our defaults
+            if not data.get('pins'):
+                data['pins'] = DEFAULT_PINS
+            return data
+    except Exception as e:
+        print(f"DB Load Error (Using defaults): {e}")
+        return {"users": {}, "pins": DEFAULT_PINS}
 
 def save_db(data):
+    # Check permissions before trying to save
+    if not HF_TOKEN or not DB_REPO:
+        flash("Error: Cannot save. Secrets (HF_TOKEN/DB_REPO) are missing!")
+        return False
+
     with db_lock:
+        # 1. Save locally
         with open(DB_FILE, 'w') as f:
             json.dump(data, f)
+        
+        # 2. Push to Hugging Face
         try:
             api.upload_file(
                 path_or_fileobj=DB_FILE,
@@ -38,11 +63,16 @@ def save_db(data):
                 repo_type="dataset",
                 commit_message="Sync DB"
             )
+            return True
         except Exception as e:
-            print(f"Error saving to HF: {e}")
+            print(f"Sync Error: {e}")
+            flash(f"Database Sync Failed: {str(e)}")
+            return False
 
+# Load data on startup
 DATA_CACHE = load_db()
 
+# --- ROUTES ---
 @app.route('/')
 def index():
     return render_template('index.html', pins=DATA_CACHE.get('pins', []), user=session.get('user'))
@@ -51,38 +81,68 @@ def index():
 def signup():
     username = request.form['username']
     password = request.form['password']
-    if username in DATA_CACHE['users']:
-        flash("User already exists")
+    
+    # 1. Check if user exists
+    if username in DATA_CACHE.get('users', {}):
+        flash("User already exists!")
         return redirect(url_for('index'))
-    DATA_CACHE['users'][username] = generate_password_hash(password)
-    save_db(DATA_CACHE)
-    session['user'] = username
+
+    # 2. Add user
+    DATA_CACHE.setdefault('users', {})[username] = generate_password_hash(password)
+    
+    # 3. Save to DB
+    success = save_db(DATA_CACHE)
+    if success:
+        session['user'] = username
+        flash("Account created successfully!")
+    else:
+        # If save failed, remove the user from cache so they try again
+        del DATA_CACHE['users'][username]
+    
     return redirect(url_for('index'))
 
 @app.route('/login', methods=['POST'])
 def login():
     username = request.form['username']
     password = request.form['password']
-    user_hash = DATA_CACHE['users'].get(username)
-    if user_hash and check_password_hash(user_hash, password):
+    users = DATA_CACHE.get('users', {})
+    
+    if username in users and check_password_hash(users[username], password):
         session['user'] = username
+        flash("Logged in!")
     else:
-        flash("Invalid credentials")
+        flash("Invalid username or password")
+    
     return redirect(url_for('index'))
 
 @app.route('/logout')
 def logout():
     session.pop('user', None)
+    flash("Logged out")
     return redirect(url_for('index'))
 
 @app.route('/add_pin', methods=['POST'])
 def add_pin():
     if 'user' not in session: return redirect(url_for('index'))
+    
     img_url = request.form['img_url']
     caption = request.form['caption']
-    new_pin = {"id": int(time.time()), "url": img_url, "caption": caption, "author": session['user']}
-    DATA_CACHE['pins'].insert(0, new_pin)
+    
+    # Basic validation
+    if not img_url:
+        flash("Image URL is required")
+        return redirect(url_for('index'))
+
+    new_pin = {
+        "id": int(time.time()),
+        "url": img_url,
+        "caption": caption,
+        "author": session['user']
+    }
+    
+    DATA_CACHE.setdefault('pins', []).insert(0, new_pin)
     save_db(DATA_CACHE)
+    flash("Pin added!")
     return redirect(url_for('index'))
 
 if __name__ == '__main__':