Vault (I nick-named FireFly) is an inventory management system designed to pull away from a very large Excel file that held all Student and Staff data which always got overwhelmed by many different local copies and update issues. Offers a sleek, user-friendly experience with a dark and red-themed GUI. All webpages are dynamic and work on mobile. The system allows for comprehensive management of devices, personnel, and repairs, along with file handling and custom settings.
- Login Page
- Register Page
- Homepage
- Settings Page
- Device Management
- Repair Management
- Webfiles
- Configuration
- Models
- Forms
- Routes
- Specific Security Implementations
- User Management: Classify users as normal users or admins during registration based on a unique registration code.
- Device Management: Add, edit, view, and delete devices within the inventory.
- Personnel Management: Manage personnel details with the ability to add, edit, and view personnel information.
- Repair Management: Track and manage repair details for devices, including adding and editing repair records.
- Settings Page: Users can view their account type and admins can manage user accounts.
- File Explorer: A custom file explorer to manage files and folders with functionalities such as rename, add subfolder, delete, and drag-and-drop for file uploads.
- Backup and Restore: Maintain backups of the database for easy restoration.
- Password Reset: Functionality for users to reset their passwords and for admins to reset passwords for other users.
The login page allows users to authenticate themselves to gain access to the system. Users need to provide their username and password.
The register page is where new users can create an account. There are different types of registration codes to determine privilages and account types.
The homepage provides an overview of the system and quick access to various functionalities.
The settings page allows users to view their account type and update their personal settings. Admins have additional privileges to manage user accounts, including viewing all registered users, updating user roles, and resetting passwords etc..
Device management allows users to add, update, and remove devices from the inventory. It includes functionalities to track device details, status, and device logs.
343852242-2ac32dae-5de9-4c17-8dd6-d221341463b9.mp4
The repair management section is dedicated to handling repair details of devices. Users can log repair requests, track the status of ongoing repairs, and view repair history. This section helps ensure timely maintenance and repair of devices in the inventory.
The webfiles section is a custom file explorer that allows users to manage files within the miniRoot directory. Key features include:
- Right-click functionality for folder-specific actions like rename, add subfolder, download, and delete.
- Right-click functionality for files to download, delete, and move to the parent directory.
- Drag and drop box for adding files.
- Options to move folders and files to child directories.
https://github.com/DomMinnich/Vault-PLV/assets/113619219/ae1c0c66-95a4-4849-b635-ebdaeaacd541
The configuration file typically contains important settings for the Flask application, such as secret keys, database URIs, and other configurations. Security aspects in this file include:
- Secret Key: Crucial for session management and preventing CSRF attacks.
- Database URI: Secure connection strings for database access.
This file defines the database schema using SQLAlchemy, which provides an ORM layer to prevent SQL injection attacks. Security considerations here include:
- Data Validation: Ensuring that inputs are properly sanitized and validated.
- Relationships and Constraints: Properly defined relationships and constraints to maintain data integrity.
This file handles the creation and validation of web forms using Flask-WTF. Key security aspects include:
- CSRF Protection: Enabled by default with Flask-WTF, protecting against Cross-Site Request Forgery attacks.
- Input Validation: Ensures that data submitted via forms is properly validated and sanitized.
This file defines the URL routes and associated view functions. It contains several security measures:
- Authentication and Authorization: The use of
@login_requireddecorator to ensure that certain routes can only be accessed by authenticated users. - Admin Checks: Ensuring that certain actions can only be performed by admin users, as indicated by checks like
if not current_user.is_admin. - File Handling: Secure handling of file uploads and downloads, including path validation to prevent directory traversal attacks.
-
User Authentication and Authorization:
- Routes are protected with the
@login_requireddecorator to ensure that only authenticated users can access them. - Additional checks are in place to ensure that only admin users can perform certain actions, such as deleting users or staff.
- Routes are protected with the
-
CSRF Protection:
- Flask-WTF forms include CSRF tokens by default, protecting the application from CSRF attacks.
-
Input Validation:
- Forms are validated using Flask-WTF, ensuring that data submitted by users is properly sanitized and validated before processing.
-
Database Security:
- SQLAlchemy ORM is used to interact with the database, which helps prevent SQL injection attacks by using parameterized queries.
- Proper schema definitions and relationships maintain data integrity.
-
File Handling Security:
- Secure file handling mechanisms are in place, such as validating file paths with
is_safe_pathto prevent directory traversal attacks. - Uploaded files are handled carefully, with checks to ensure that only allowed file types are processed.
- Secure file handling mechanisms are in place, such as validating file paths with
-
Flash Messages:
- Use of flash messages for user feedback, which helps in preventing certain types of attacks like phishing by ensuring users are aware of actions taken.