v1

Dockerfile

@@ -0,0 +1,21 @@
+# Use Python 3.10 as the base image
+FROM python:3.10
+
+# Set environment variables
+RUN useradd -m -u 1000 user
+USER user
+ENV PATH="/home/user/.local/bin:$PATH"
+
+WORKDIR /app
+
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade -r requirements.txt
+
+COPY --chown=user . /app
+
+# Set environment variables
+ENV FLASK_APP=run.py
+ENV FLASK_ENV=production
+
+# Run the application
+CMD ["gunicorn", "--bind", "0.0.0.0:7860", "run:app"]

app/__init__.py

@@ -0,0 +1,75 @@
+from flask import Flask
+from flask_sqlalchemy import SQLAlchemy
+from flask_login import LoginManager
+from .config import Config
+import os
+from apscheduler.schedulers.background import BackgroundScheduler
+import logging
+
+db = SQLAlchemy()
+login_manager = LoginManager()
+scheduler = BackgroundScheduler()
+
+def create_app():
+    app = Flask(__name__,
+                template_folder=os.path.join(os.path.dirname(os.path.abspath(__file__)), '..', 'templates'),
+                static_folder=os.path.join(os.path.dirname(os.path.abspath(__file__)), '..', 'static'))
+    app.config.from_object(Config)
+
+    # Set up logging
+    logging.basicConfig(filename='grimvault.log', level=logging.INFO,
+                        format='%(asctime)s:%(levelname)s:%(message)s')
+
+    db.init_app(app)
+    login_manager.init_app(app)
+    login_manager.login_view = 'auth.login'
+
+    from .routes import main, auth, files, admin
+    app.register_blueprint(main)
+    app.register_blueprint(auth)
+    app.register_blueprint(files)
+    app.register_blueprint(admin, url_prefix='/admin')
+
+    with app.app_context():
+        db.create_all()
+        create_admin_user()
+
+    scheduler.add_job(delete_inactive_users, 'interval', hours=1)
+    scheduler.start()
+
+    return app
+
+def create_admin_user():
+    from .models import User
+    from .utils import create_user
+
+    admin_username = os.getenv('ADMIN_USERNAME')
+    admin_password = os.getenv('ADMIN_PASSWORD')
+
+    if admin_username and admin_password:
+        existing_admin = User.query.filter_by(username=admin_username).first()
+        if not existing_admin:
+            result = create_user(admin_username, admin_password)
+            if "successfully" in result:
+                admin_user = User.query.filter_by(username=admin_username).first()
+                admin_user.is_admin = True
+                admin_user.storage_limit = 0  # Admin has no storage
+                db.session.commit()
+                logging.info(f"Admin user '{admin_username}' created successfully.")
+            else:
+                logging.error(f"Failed to create admin user: {result}")
+        else:
+            logging.info(f"Admin user '{admin_username}' already exists.")
+    else:
+        logging.warning("Admin credentials not provided in environment variables.")
+
+def delete_inactive_users():
+    from .models import User
+    from datetime import datetime, timedelta
+    with db.app.app_context():
+        inactive_threshold = datetime.utcnow() - timedelta(hours=42)
+        inactive_users = User.query.filter(User.last_active < inactive_threshold).all()
+        for user in inactive_users:
+            db.session.delete(user)
+        db.session.commit()
+        logging.info(f"Deleted {len(inactive_users)} inactive users.")

app/app_test.txt

@@ -0,0 +1 @@
+branchtest

app/config.py

@@ -0,0 +1,30 @@
+import os
+from datetime import timedelta
+
+basedir = os.path.abspath(os.path.dirname(__file__))
+
+class Config:
+    SECRET_KEY = os.environ.get('SECRET_KEY') or 'you-will-never-guess'
+    SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
+        'sqlite:///' + os.path.join(basedir, '..', 'grimvault.db')
+    SQLALCHEMY_TRACK_MODIFICATIONS = False
+    
+    # File upload settings
+    MAX_CONTENT_LENGTH = 5 * 1024 * 1024 * 1024  # 5 GB
+    UPLOAD_FOLDER = os.path.join(basedir, '..', 'uploads')
+    
+    # Session settings
+    PERMANENT_SESSION_LIFETIME = timedelta(minutes=5)
+    
+    # Custom settings
+    ADMIN_USERNAME = os.environ.get('ADMIN_USERNAME')
+    ADMIN_PASSWORD = os.environ.get('ADMIN_PASSWORD')
+    HF_TOKEN = os.environ.get('HF_TOKEN')
+    SECRET_M = os.environ.get('SECRET_M')
+    
+    # Rate limiting
+    RATELIMIT_DEFAULT = "5 per minute"
+    RATELIMIT_STORAGE_URL = "memory://"
+
+    # Default storage limit (5 GB in bytes)
+    DEFAULT_STORAGE_LIMIT = 5 * 1024 * 1024 * 1024

app/models.py

@@ -0,0 +1,45 @@
+from . import db
+from flask_login import UserMixin
+from werkzeug.security import generate_password_hash, check_password_hash
+from datetime import datetime
+from .config import Config
+
+class User(UserMixin, db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(64), index=True, unique=True)
+    password_hash = db.Column(db.String(128))
+    embedding_hash = db.Column(db.String(256))
+    salt = db.Column(db.String(32))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    last_active = db.Column(db.DateTime, default=datetime.utcnow)
+    is_admin = db.Column(db.Boolean, default=False)
+    is_banned = db.Column(db.Boolean, default=False)
+    storage_limit = db.Column(db.BigInteger, default=Config.DEFAULT_STORAGE_LIMIT)
+    files = db.relationship('File', backref='owner', lazy='dynamic', cascade="all, delete-orphan")
+
+    def set_password(self, password):
+        self.password_hash = generate_password_hash(password)
+
+    def check_password(self, password):
+        return check_password_hash(self.password_hash, password)
+
+    def get_used_storage(self):
+        return sum(file.size for file in self.files)
+
+    def update_last_active(self):
+        self.last_active = datetime.utcnow()
+        db.session.commit()
+
+class File(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    filename = db.Column(db.String(256))
+    content = db.Column(db.LargeBinary)
+    size = db.Column(db.BigInteger)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
+
+from . import login_manager
+
+@login_manager.user_loader
+def load_user(id):
+    return User.query.get(int(id))

app/routes.py

@@ -0,0 +1,219 @@
+from flask import Blueprint, render_template, request, jsonify, send_file, abort, redirect, url_for, current_app
+from flask_login import login_required, current_user, login_user, logout_user
+from werkzeug.utils import secure_filename
+from .models import User, File
+from . import db
+from .utils import (create_user, verify_user, get_user_files, upload_file,
+                    download_file, delete_file, empty_vault, is_admin,
+                    get_all_accounts, delete_account, is_rate_limited,
+                    is_account_locked, record_login_attempt, update_storage_limit, ban_user,
+                    check_password_strength)
+from flask_limiter import Limiter
+from flask_limiter.util import get_remote_address
+import io
+import logging
+
+main = Blueprint('main', __name__)
+auth = Blueprint('auth', __name__)
+files = Blueprint('files', __name__)
+admin = Blueprint('admin', __name__)
+
+limiter = Limiter(key_func=get_remote_address)
+
+@main.route('/')
+def index():
+    if current_user.is_authenticated:
+        current_user.update_last_active()
+        if current_user.is_admin:
+            return redirect(url_for('admin.admin_dashboard'))
+        return redirect(url_for('files.dashboard'))
+    return render_template('index.html')
+
+@auth.route('/login', methods=['GET', 'POST'])
+@limiter.limit("5 per minute")
+def login():
+    if current_user.is_authenticated:
+        if current_user.is_admin:
+            return redirect(url_for('admin.admin_dashboard'))
+        return redirect(url_for('files.dashboard'))
+
+    if request.method == 'POST':
+        username = request.form.get('username')
+        password = request.form.get('password')
+
+        if is_rate_limited(username) or is_account_locked(username):
+            return jsonify({"error": "Too many attempts. Please try again later."}), 429
+
+        user = User.query.filter_by(username=username).first()
+        if user and verify_user(username, password):
+            if user.is_banned:
+                return jsonify({"error": "This account has been banned."}), 403
+            login_user(user)
+            user.update_last_active()
+            record_login_attempt(username, True)
+            if user.is_admin:
+                logging.info(f"Admin user '{username}' logged in successfully.")
+                return jsonify({"message": "Login successful", "redirect": url_for('admin.admin_dashboard')}), 200
+            logging.info(f"User '{username}' logged in successfully.")
+            return jsonify({"message": "Login successful", "redirect": url_for('files.dashboard')}), 200
+        else:
+            record_login_attempt(username, False)
+            logging.warning(f"Failed login attempt for user '{username}'.")
+            return jsonify({"error": "Invalid username or password"}), 401
+
+    return render_template('login.html')
+
+@auth.route('/register', methods=['GET', 'POST'])
+def register():
+    if request.method == 'POST':
+        username = request.form.get('username')
+        password = request.form.get('password')
+        confirm_password = request.form.get('confirm_password')
+
+        if password != confirm_password:
+            return jsonify({"error": "Passwords do not match"}), 400
+
+        password_strength = check_password_strength(password)
+        if password_strength != "strong":
+            return jsonify({"error": f"Password is not strong enough. Current strength: {password_strength}"}), 400
+
+        result = create_user(username, password)
+        if "successfully" in result:
+            logging.info(f"New user '{username}' registered successfully.")
+            return jsonify({"message": result, "redirect": url_for('auth.login')}), 201
+        else:
+            logging.warning(f"Failed registration attempt for username '{username}': {result}")
+            return jsonify({"error": result}), 400
+
+    return render_template('register.html')
+
+@auth.route('/logout')
+@login_required
+def logout():
+    logging.info(f"User '{current_user.username}' logged out.")
+    logout_user()
+    return redirect(url_for('main.index'))
+
+@files.route('/dashboard')
+@login_required
+def dashboard():
+    if current_user.is_admin:
+        return redirect(url_for('admin.admin_dashboard'))
+    current_user.update_last_active()
+    user_files = get_user_files(current_user.username)
+    used_storage = current_user.get_used_storage()
+    return render_template('dashboard.html', files=user_files, used_storage=used_storage, storage_limit=current_user.storage_limit)
+
+@files.route('/upload', methods=['POST'])
+@login_required
+def upload():
+    current_user.update_last_active()
+    if current_user.is_admin:
+        return jsonify({"error": "Admins cannot upload files"}), 403
+    if 'file' not in request.files:
+        return jsonify({"error": "No file part"}), 400
+    file = request.files['file']
+    if file.filename == '':
+        return jsonify({"error": "No selected file"}), 400
+    if file:
+        filename = secure_filename(file.filename)
+        try:
+            result = upload_file(current_user.username, filename, file.read())
+            logging.info(f"User '{current_user.username}' uploaded file '{filename}'.")
+            return jsonify({"message": result}), 200
+        except Exception as e:
+            logging.error(f"Error uploading file for user '{current_user.username}': {str(e)}")
+            return jsonify({"error": "An error occurred while uploading the file. Please try again."}), 500
+
+@files.route('/download/<filename>')
+@login_required
+def download(filename):
+    current_user.update_last_active()
+    if current_user.is_admin:
+        return jsonify({"error": "Admins cannot download files"}), 403
+    file_content = download_file(current_user.username, filename)
+    if file_content:
+        logging.info(f"User '{current_user.username}' downloaded file '{filename}'.")
+        return send_file(
+            io.BytesIO(file_content),
+            mimetype='application/octet-stream',
+            as_attachment=True,
+            download_name=filename
+        )
+    else:
+        logging.warning(f"File '{filename}' not found for user '{current_user.username}'.")
+        return jsonify({"error": "File not found"}), 404
+
+@files.route('/delete/<filename>', methods=['DELETE'])
+@login_required
+def delete(filename):
+    current_user.update_last_active()
+    if current_user.is_admin:
+        return jsonify({"error": "Admins cannot delete files"}), 403
+    result = delete_file(current_user.username, filename)
+    logging.info(f"User '{current_user.username}' deleted file '{filename}'.")
+    return jsonify({"message": result}), 200
+
+@files.route('/empty', methods=['POST'])
+@login_required
+def empty():
+    current_user.update_last_active()
+    if current_user.is_admin:
+        return jsonify({"error": "Admins cannot empty vault"}), 403
+    password = request.form.get('password')
+    if verify_user(current_user.username, password):
+        result = empty_vault(current_user.username)
+        logging.info(f"User '{current_user.username}' emptied their vault.")
+        return jsonify({"message": result}), 200
+    else:
+        logging.warning(f"Failed attempt to empty vault for user '{current_user.username}'.")
+        return jsonify({"error": "Invalid password"}), 401
+
+@admin.route('/dashboard')
+@login_required
+def admin_dashboard():
+    if not current_user.is_admin:
+        abort(403)
+    current_user.update_last_active()
+    accounts = get_all_accounts()
+    return render_template('admindash.html', accounts=accounts)
+
+@admin.route('/update_storage', methods=['POST'])
+@login_required
+def update_storage():
+    if not current_user.is_admin:
+        return jsonify({"error": "Access denied"}), 403
+    current_user.update_last_active()
+    username = request.json.get('username')
+    new_limit = request.json.get('new_limit')
+    try:
+        new_limit = int(float(new_limit) * 1024 * 1024 * 1024)  # Convert GB to bytes
+        result = update_storage_limit(username, new_limit)
+        logging.info(f"Admin '{current_user.username}' updated storage limit for user '{username}' to {new_limit} bytes.")
+        return jsonify({"message": result}), 200
+    except ValueError:
+        logging.error(f"Invalid storage limit value provided by admin '{current_user.username}' for user '{username}'.")
+        return jsonify({"error": "Invalid storage limit value"}), 400
+
+@admin.route('/ban_user', methods=['POST'])
+@login_required
+def ban_user_route():
+    if not current_user.is_admin:
+        return jsonify({"error": "Access denied"}), 403
+    current_user.update_last_active()
+    username = request.json.get('username')
+    ban_status = request.json.get('ban_status')
+    result = ban_user(username, ban_status)
+    action = "banned" if ban_status else "unbanned"
+    logging.info(f"Admin '{current_user.username}' {action} user '{username}'.")
+    return jsonify({"message": result}), 200
+
+@admin.route('/delete/<username>', methods=['DELETE'])
+@login_required
+def admin_delete_account(username):
+    if not current_user.is_admin:
+        return jsonify({"error": "Access denied"}), 403
+    current_user.update_last_active()
+    result = delete_account(username)
+    logging.info(f"Admin '{current_user.username}' deleted account for user '{username}'.")
+    return jsonify({"message": result}), 200

app/utils.py

@@ -0,0 +1,243 @@
+import os
+import secrets
+import hashlib
+import time
+from argon2 import PasswordHasher
+from cryptography.fernet import Fernet
+from transformers import AutoTokenizer, AutoModel
+import torch
+import numpy as np
+from .models import User, File
+from . import db
+from huggingface_hub import hf_hub_download
+import requests
+from dotenv import load_dotenv
+import re
+
+load_dotenv()
+
+# Initialize global variables
+MODEL_NAME = os.getenv('SECRET_M')
+HF_TOKEN = os.getenv('HF_TOKEN')
+
+tokenizer = None
+model = None
+
+# Initialize Argon2 hasher and Fernet cipher
+ph = PasswordHasher()
+cipher_key = Fernet.generate_key()
+cipher = Fernet(cipher_key)
+
+def get_embedding(text):
+    global tokenizer, model
+
+    if tokenizer is None or model is None:
+        try:
+            tokenizer = AutoTokenizer.from_pretrained(MODEL_NAME, use_auth_token=HF_TOKEN)
+            model = AutoModel.from_pretrained(MODEL_NAME, torch_dtype=torch.float16, use_auth_token=HF_TOKEN)
+
+            if tokenizer.pad_token is None:
+                tokenizer.pad_token = tokenizer.eos_token
+
+            model.resize_token_embeddings(len(tokenizer))
+        except (requests.exceptions.RequestException, OSError) as e:
+            print(f"Error loading model: {str(e)}")
+            return None
+
+    inputs = tokenizer(text, return_tensors="pt", padding=True, truncation=True, max_length=512)
+    with torch.no_grad():
+        outputs = model(**inputs)
+    return outputs.last_hidden_state.mean(dim=1).squeeze().numpy()
+
+def hash_embedding(embedding, salt):
+    salted_embedding = np.concatenate([embedding, np.frombuffer(salt, dtype=np.float32)])
+    return hashlib.sha256(salted_embedding.tobytes()).hexdigest()
+
+def create_user(username, password):
+    if User.query.filter_by(username=username).first():
+        return "Username already exists."
+
+    salt = secrets.token_bytes(16)
+    embedding = get_embedding(password)
+    if embedding is None:
+        return "Error creating user. Please try again later."
+    embedding_hash = hash_embedding(embedding, salt)
+
+    new_user = User(username=username, salt=salt.hex(), embedding_hash=embedding_hash)
+    new_user.set_password(password)
+
+    db.session.add(new_user)
+    db.session.commit()
+
+    return "User created successfully."
+
+def verify_user(username, password):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return False
+
+    if not user.check_password(password):
+        return False
+
+    embedding = get_embedding(password)
+    if embedding is None:
+        return False
+    embedding_hash = hash_embedding(embedding, bytes.fromhex(user.salt))
+    return embedding_hash == user.embedding_hash
+
+def get_user_files(username):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return []
+    return [{"filename": file.filename, "size": file.size} for file in user.files]
+
+def upload_file(username, filename, content):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return "User not found."
+
+    if user.get_used_storage() + len(content) > user.storage_limit:
+        return "Storage limit exceeded."
+
+    existing_file = File.query.filter_by(user_id=user.id, filename=filename).first()
+    if existing_file:
+        return f"File {filename} already exists."
+
+    encrypted_content = cipher.encrypt(content)
+    new_file = File(filename=filename, content=encrypted_content, size=len(content), user_id=user.id)
+    db.session.add(new_file)
+    db.session.commit()
+
+    return f"File {filename} uploaded successfully."
+
+def download_file(username, filename):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return None
+
+    file = File.query.filter_by(user_id=user.id, filename=filename).first()
+    if not file:
+        return None
+
+    return cipher.decrypt(file.content)
+
+def delete_file(username, filename):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return "User not found."
+
+    file = File.query.filter_by(user_id=user.id, filename=filename).first()
+    if not file:
+        return f"File {filename} not found."
+
+    db.session.delete(file)
+    db.session.commit()
+    return f"File {filename} deleted successfully."
+
+def empty_vault(username):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return "User not found."
+
+    File.query.filter_by(user_id=user.id).delete()
+    db.session.commit()
+    return "All files in your vault have been deleted."
+
+def is_admin(username):
+    user = User.query.filter_by(username=username).first()
+    return user and user.is_admin
+
+def get_all_accounts():
+    return [{"username": user.username, "created_at": user.created_at, "last_active": user.last_active, "storage_used": user.get_used_storage(), "storage_limit": user.storage_limit, "is_banned": user.is_banned} for user in User.query.all()]
+
+def delete_account(username):
+    if username == os.getenv('ADMIN_USERNAME'):
+        return "Cannot delete admin account."
+
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return "User not found."
+
+    File.query.filter_by(user_id=user.id).delete()
+    db.session.delete(user)
+    db.session.commit()
+    return f"Account {username} and all associated files have been deleted."
+
+def update_storage_limit(username, new_limit):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return "User not found."
+
+    user.storage_limit = new_limit
+    db.session.commit()
+    return f"Storage limit for {username} updated to {new_limit / (1024 * 1024 * 1024):.2f} GB."
+
+def ban_user(username, ban_status):
+    user = User.query.filter_by(username=username).first()
+    if not user:
+        return "User not found."
+
+    user.is_banned = ban_status
+    db.session.commit()
+    action = "banned" if ban_status else "unbanned"
+    return f"User {username} has been {action}."
+
+# Rate limiting
+RATE_LIMIT = 5  # maximum number of requests per minute
+rate_limit_dict = {}
+
+def is_rate_limited(username):
+    current_time = time.time()
+    if username in rate_limit_dict:
+        last_request_time, count = rate_limit_dict[username]
+        if current_time - last_request_time < 60:  # within 1 minute
+            if count >= RATE_LIMIT:
+                return True
+            rate_limit_dict[username] = (last_request_time, count + 1)
+        else:
+            rate_limit_dict[username] = (current_time, 1)
+    else:
+        rate_limit_dict[username] = (current_time, 1)
+    return False
+
+# Account lockout
+MAX_LOGIN_ATTEMPTS = 5
+LOCKOUT_TIME = 300  # 5 minutes
+lockout_dict = {}
+
+def is_account_locked(username):
+    if username in lockout_dict:
+        attempts, lockout_time = lockout_dict[username]
+        if attempts >= MAX_LOGIN_ATTEMPTS:
+            if time.time() - lockout_time < LOCKOUT_TIME:
+                return True
+            else:
+                del lockout_dict[username]
+    return False
+
+def record_login_attempt(username, success):
+    if username not in lockout_dict:
+        lockout_dict[username] = [0, 0]
+
+    if success:
+        del lockout_dict[username]
+    else:
+        lockout_dict[username][0] += 1
+        lockout_dict[username][1] = time.time()
+
+def check_password_strength(password):
+    # Check password length
+    if len(password) < 8:
+        return "weak"
+
+    # Check for uppercase, lowercase, digit, and special character
+    if not re.search(r'[A-Z]', password):
+        return "medium"
+    if not re.search(r'[a-z]', password):
+        return "medium"
+    if not re.search(r'\d', password):
+        return "medium"
+    if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password):
+        return "medium"
+
+    return "strong"

requirements.txt

@@ -0,0 +1,16 @@
+Flask
+Flask-SQLAlchemy
+Flask-Login
+flask-limiter
+Flask-WTF
+SQLAlchemy
+Werkzeug
+argon2-cffi
+cryptography
+python-dotenv
+gunicorn
+transformers
+torch
+numpy
+huggingface-hub
+apscheduler

run.py

@@ -0,0 +1,11 @@
+from app import create_app, db
+from app.models import User, File
+
+app = create_app()
+
+@app.shell_context_processor
+def make_shell_context():
+    return {'db': db, 'User': User, 'File': File}
+
+if __name__ == '__main__':
+    app.run(debug=True)

static/css/styles.css

@@ -0,0 +1,308 @@
+:root {
+    --bg-color: #121212;
+    --text-color: #e0e0e0;
+    --primary-color: #bb86fc;
+    --secondary-color: #03dac6;
+    --danger-color: #cf6679;
+    --card-bg: #1e1e1e;
+    --input-bg: #2c2c2c;
+    --border-color: #333333;
+}
+
+* {
+    box-sizing: border-box;
+    margin: 0;
+    padding: 0;
+}
+
+body {
+    font-family: "Segoe UI", Tahoma, Geneva, Verdana, sans-serif;
+    background-color: var(--bg-color);
+    color: var(--text-color);
+    line-height: 1.6;
+    margin: 0;
+    padding: 0;
+}
+
+.container {
+    max-width: 1200px;
+    margin: 0 auto;
+    padding: 20px;
+}
+
+header {
+    background-color: var(--card-bg);
+    padding: 1rem 0;
+    box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+}
+
+nav ul {
+    list-style-type: none;
+    padding: 0;
+    display: flex;
+    justify-content: center;
+    flex-wrap: wrap;
+}
+
+nav ul li {
+    margin: 0 15px;
+}
+
+nav ul li a {
+    color: var(--text-color);
+    text-decoration: none;
+    font-weight: bold;
+    transition: color 0.3s ease;
+}
+
+nav ul li a:hover {
+    color: var(--secondary-color);
+}
+
+h1,
+h2,
+h3 {
+    color: var(--primary-color);
+    margin-bottom: 1rem;
+}
+
+.btn {
+    display: inline-block;
+    background-color: var(--primary-color);
+    color: var(--bg-color);
+    padding: 10px 20px;
+    border: none;
+    border-radius: 5px;
+    cursor: pointer;
+    transition:
+        background-color 0.3s ease,
+        transform 0.1s ease;
+    text-decoration: none;
+    font-size: 1rem;
+    margin: 5px;
+}
+
+.btn:hover {
+    background-color: #9a67ea;
+    transform: translateY(-2px);
+}
+
+.btn:active {
+    transform: translateY(0);
+}
+
+.btn-secondary {
+    background-color: var(--secondary-color);
+}
+
+.btn-secondary:hover {
+    background-color: #04b7a1;
+}
+
+.btn-danger {
+    background-color: var(--danger-color);
+}
+
+.btn-danger:hover {
+    background-color: #ff5c8d;
+}
+
+form {
+    background-color: var(--card-bg);
+    padding: 20px;
+    border-radius: 8px;
+    margin-bottom: 20px;
+    box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+}
+
+.form-group {
+    margin-bottom: 1rem;
+}
+
+input[type="text"],
+input[type="password"],
+input[type="file"] {
+    width: 100%;
+    padding: 10px;
+    margin-bottom: 10px;
+    border: 1px solid var(--border-color);
+    border-radius: 4px;
+    background-color: var(--input-bg);
+    color: var(--text-color);
+    font-size: 1rem;
+}
+
+input[type="file"] {
+    padding: 5px;
+}
+
+label {
+    display: block;
+    margin-bottom: 5px;
+    color: var(--secondary-color);
+}
+
+#file-list {
+    list-style-type: none;
+    padding: 0;
+}
+
+#file-list li {
+    background-color: var(--card-bg);
+    margin-bottom: 10px;
+    padding: 15px;
+    border-radius: 5px;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    flex-wrap: wrap;
+}
+
+.file-actions {
+    display: flex;
+    justify-content: space-between;
+    margin-bottom: 20px;
+    flex-wrap: wrap;
+}
+
+table {
+    width: 100%;
+    border-collapse: collapse;
+    margin-top: 20px;
+    background-color: var(--card-bg);
+    border-radius: 8px;
+    overflow: hidden;
+}
+
+th,
+td {
+    text-align: left;
+    padding: 12px;
+    border-bottom: 1px solid var(--border-color);
+}
+
+th {
+    background-color: var(--primary-color);
+    color: var(--bg-color);
+}
+
+tr:nth-child(even) {
+    background-color: rgba(255, 255, 255, 0.05);
+}
+
+.loading {
+    position: fixed;
+    top: 50%;
+    left: 50%;
+    transform: translate(-50%, -50%);
+    background-color: rgba(0, 0, 0, 0.7);
+    color: var(--text-color);
+    padding: 20px;
+    border-radius: 5px;
+    z-index: 1000;
+}
+
+.storage-info {
+    margin-bottom: 20px;
+}
+
+progress {
+    width: 100%;
+    height: 20px;
+    -webkit-appearance: none;
+    appearance: none;
+}
+
+progress::-webkit-progress-bar {
+    background-color: var(--input-bg);
+    border-radius: 10px;
+}
+
+progress::-webkit-progress-value {
+    background-color: var(--primary-color);
+    border-radius: 10px;
+}
+
+progress::-moz-progress-bar {
+    background-color: var(--primary-color);
+    border-radius: 10px;
+}
+
+.warning {
+    color: var(--danger-color);
+    margin-bottom: 10px;
+}
+
+#password-strength {
+    height: 5px;
+    margin-top: 5px;
+    transition: all 0.3s ease;
+}
+
+#password-strength.weak {
+    background-color: #ff4136;
+    width: 33.33%;
+}
+
+#password-strength.medium {
+    background-color: #ffdc00;
+    width: 66.66%;
+}
+
+#password-strength.strong {
+    background-color: #2ecc40;
+    width: 100%;
+}
+
+@media (max-width: 768px) {
+    .file-actions {
+        flex-direction: column;
+    }
+
+    .file-actions > * {
+        margin-bottom: 10px;
+        width: 100%;
+    }
+
+    #file-list li {
+        flex-direction: column;
+        align-items: flex-start;
+    }
+
+    #file-list li button {
+        margin-top: 10px;
+    }
+
+    table {
+        font-size: 0.9rem;
+    }
+
+    th,
+    td {
+        padding: 8px;
+    }
+}
+
+@media (max-width: 480px) {
+    .container {
+        padding: 10px;
+    }
+
+    h1 {
+        font-size: 1.5rem;
+    }
+
+    .btn {
+        font-size: 0.9rem;
+        padding: 8px 16px;
+    }
+
+    table {
+        font-size: 0.8rem;
+    }
+
+    th,
+    td {
+        padding: 6px;
+    }
+}

static/js/admindash.js

@@ -0,0 +1,57 @@
+document.addEventListener("DOMContentLoaded", () => {
+  const userAccounts = document.getElementById("user-accounts");
+
+  userAccounts.addEventListener("click", async (e) => {
+    const username = e.target.dataset.username;
+
+    if (e.target.classList.contains("update-storage")) {
+      const newLimit = prompt("Enter new storage limit in GB:");
+      if (newLimit) {
+        try {
+          const response = await axios.post("/admin/update_storage", {
+            username: username,
+            new_limit: newLimit,
+          });
+          alert(response.data.message);
+          location.reload();
+        } catch (error) {
+          alert(
+            "Failed to update storage: " +
+              (error.response?.data?.error || error.message),
+          );
+        }
+      }
+    } else if (e.target.classList.contains("toggle-ban")) {
+      const currentStatus = e.target.dataset.banned === "true";
+      const newStatus = !currentStatus;
+      try {
+        const response = await axios.post("/admin/ban_user", {
+          username: username,
+          ban_status: newStatus,
+        });
+        alert(response.data.message);
+        location.reload();
+      } catch (error) {
+        alert(
+          "Failed to update ban status: " +
+            (error.response?.data?.error || error.message),
+        );
+      }
+    } else if (e.target.classList.contains("delete-account")) {
+      if (
+        confirm(`Are you sure you want to delete the account for ${username}?`)
+      ) {
+        try {
+          const response = await axios.delete(`/admin/delete/${username}`);
+          alert(response.data.message);
+          location.reload();
+        } catch (error) {
+          alert(
+            "Failed to delete account: " +
+              (error.response?.data?.error || error.message),
+          );
+        }
+      }
+    }
+  });
+});

static/js/dashboard.js

@@ -0,0 +1,63 @@
+document.addEventListener("DOMContentLoaded", () => {
+  const uploadForm = document.getElementById("upload-form");
+  const emptyVaultBtn = document.getElementById("empty-vault");
+  const fileList = document.getElementById("file-list");
+
+  uploadForm.addEventListener("submit", async (e) => {
+    e.preventDefault();
+    const formData = new FormData(e.target);
+    try {
+      const response = await axios.post("/upload", formData, {
+        headers: { "Content-Type": "multipart/form-data" },
+      });
+      alert(response.data.message);
+      location.reload();
+    } catch (error) {
+      alert("Upload failed: " + (error.response?.data?.error || error.message));
+    }
+  });
+
+  emptyVaultBtn.addEventListener("click", async () => {
+    const confirmed = confirm(
+      "Are you sure you want to empty your vault? This action cannot be undone.",
+    );
+    if (confirmed) {
+      const password = prompt(
+        "Enter your password to confirm emptying your vault:",
+      );
+      if (password) {
+        try {
+          const response = await axios.post("/empty", { password });
+          alert(response.data.message);
+          location.reload();
+        } catch (error) {
+          alert(
+            "Failed to empty vault: " +
+              (error.response?.data?.error || error.message),
+          );
+        }
+      }
+    }
+  });
+
+  fileList.addEventListener("click", async (e) => {
+    if (e.target.classList.contains("download-btn")) {
+      const filename = e.target.dataset.filename;
+      window.location.href = `/download/${filename}`;
+    } else if (e.target.classList.contains("delete-btn")) {
+      const filename = e.target.dataset.filename;
+      if (confirm(`Are you sure you want to delete ${filename}?`)) {
+        try {
+          const response = await axios.delete(`/delete/${filename}`);
+          alert(response.data.message);
+          e.target.closest("li").remove();
+        } catch (error) {
+          alert(
+            "Failed to delete file: " +
+              (error.response?.data?.error || error.message),
+          );
+        }
+      }
+    }
+  });
+});

static/js/login.js

@@ -0,0 +1,18 @@
+document.addEventListener("DOMContentLoaded", () => {
+  const form = document.getElementById("login-form");
+  const loginMessage = document.getElementById("login-message");
+
+  form.addEventListener("submit", async (e) => {
+    e.preventDefault();
+    const formData = new FormData(form);
+    try {
+      const response = await axios.post("/login", formData);
+      loginMessage.textContent = response.data.message;
+      loginMessage.style.color = "green";
+      window.location.href = response.data.redirect;
+    } catch (error) {
+      loginMessage.textContent = error.response.data.error;
+      loginMessage.style.color = "red";
+    }
+  });
+});

static/js/register.js

@@ -0,0 +1,49 @@
+document.addEventListener("DOMContentLoaded", () => {
+  const form = document.getElementById("register-form");
+  const passwordInput = document.getElementById("password");
+  const confirmPasswordInput = document.getElementById("confirm-password");
+  const passwordStrength = document.getElementById("password-strength");
+  const submitButton = form.querySelector('button[type="submit"]');
+  const registerMessage = document.getElementById("register-message");
+
+  function updatePasswordStrength() {
+    const password = passwordInput.value;
+    let strength = "weak";
+
+    if (
+      password.length >= 8 &&
+      /[A-Z]/.test(password) &&
+      /[a-z]/.test(password) &&
+      /\d/.test(password) &&
+      /[!@#$%^&*(),.?":{}|<>]/.test(password)
+    ) {
+      strength = "strong";
+    } else if (password.length >= 8) {
+      strength = "medium";
+    }
+
+    passwordStrength.className = strength;
+    submitButton.disabled =
+      strength !== "strong" ||
+      passwordInput.value !== confirmPasswordInput.value;
+  }
+
+  passwordInput.addEventListener("input", updatePasswordStrength);
+  confirmPasswordInput.addEventListener("input", updatePasswordStrength);
+
+  form.addEventListener("submit", async (e) => {
+    e.preventDefault();
+    const formData = new FormData(form);
+    try {
+      const response = await axios.post("/register", formData);
+      registerMessage.textContent = response.data.message;
+      registerMessage.style.color = "green";
+      setTimeout(() => {
+        window.location.href = response.data.redirect;
+      }, 2000);
+    } catch (error) {
+      registerMessage.textContent = error.response.data.error;
+      registerMessage.style.color = "red";
+    }
+  });
+});

templates/admindash.html

@@ -0,0 +1,65 @@
+{% extends "base.html" %} {% block title %}Admin Dashboard - Grimvault{%
+endblock %} {% block content %}
+<div class="container">
+    <h1>Admin Dashboard</h1>
+    <table id="user-accounts">
+        <thead>
+            <tr>
+                <th>Username</th>
+                <th>Created At</th>
+                <th>Last Active</th>
+                <th>Storage Used</th>
+                <th>Storage Limit</th>
+                <th>Status</th>
+                <th>Actions</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for account in accounts %}
+            <tr>
+                <td>{{ account.username }}</td>
+                <td>{{ account.created_at.strftime('%Y-%m-%d %H:%M:%S') }}</td>
+                <td>{{ account.last_active.strftime('%Y-%m-%d %H:%M:%S') }}</td>
+                <td>
+                    {{ (account.storage_used / 1024 / 1024) | round(2) }} MB
+                </td>
+                <td>
+                    {{ (account.storage_limit / 1024 / 1024 / 1024) | round(2)
+                    }} GB
+                </td>
+                <td>{{ 'Banned' if account.is_banned else 'Active' }}</td>
+                <td>
+                    <button
+                        class="btn btn-secondary update-storage"
+                        data-username="{{ account.username }}"
+                    >
+                        Update Storage
+                    </button>
+                    <button
+                        class="btn btn-warning toggle-ban"
+                        data-username="{{ account.username }}"
+                        data-banned="{{ account.is_banned }}"
+                    >
+                        {{ 'Unban' if account.is_banned else 'Ban' }}
+                    </button>
+                    <button
+                        class="btn btn-danger delete-account"
+                        data-username="{{ account.username }}"
+                    >
+                        Delete
+                    </button>
+                </td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+    <a
+        href="{{ url_for('auth.logout') }}"
+        class="btn btn-secondary"
+        id="logout-btn"
+        >Logout</a
+    >
+</div>
+{% endblock %} {% block scripts %}
+<script src="{{ url_for('static', filename='js/admindash.js') }}"></script>
+{% endblock %}

templates/base.html

@@ -0,0 +1,49 @@
+<!doctype html>
+<html lang="en">
+    <head>
+        <meta charset="UTF-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+        <title>{% block title %}Grimvault{% endblock %}</title>
+        <link
+            rel="stylesheet"
+            href="{{ url_for('static', filename='css/styles.css') }}"
+        />
+        <script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
+    </head>
+    <body>
+        <header>
+            <nav>
+                <ul>
+                    <li><a href="{{ url_for('main.index') }}">Grimvault</a></li>
+                    {% if current_user.is_authenticated %} {% if
+                    current_user.is_admin %}
+                    <li>
+                        <a href="{{ url_for('admin.admin_dashboard') }}"
+                            >Admin Dashboard</a
+                        >
+                    </li>
+                    {% else %}
+                    <li>
+                        <a href="{{ url_for('files.dashboard') }}">Dashboard</a>
+                    </li>
+                    {% endif %} {% else %}
+                    <li><a href="{{ url_for('auth.login') }}">Login</a></li>
+                    <li>
+                        <a href="{{ url_for('auth.register') }}">Register</a>
+                    </li>
+                    {% endif %}
+                </ul>
+            </nav>
+        </header>
+
+        <main>
+            <div id="loading-indicator" class="loading" style="display: none">
+                Loading...
+            </div>
+            {% block content %}{% endblock %}
+        </main>
+
+        <script src="{{ url_for('static', filename='js/main.js') }}"></script>
+        {% block scripts %}{% endblock %}
+    </body>
+</html>

templates/dashboard.html

@@ -0,0 +1,51 @@
+{% extends "base.html" %} {% block title %}Dashboard - Grimvault{% endblock %}
+{% block content %}
+<div class="container">
+    <h1>My Files</h1>
+    <div class="storage-info">
+        <p>
+            Used storage: {{ (used_storage / 1024 / 1024) | round(2) }} MB / {{
+            (storage_limit / 1024 / 1024 / 1024) | round(2) }} GB
+        </p>
+        <progress
+            value="{{ used_storage }}"
+            max="{{ storage_limit }}"
+        ></progress>
+    </div>
+    <div class="file-actions">
+        <form id="upload-form" enctype="multipart/form-data">
+            <input type="file" id="file-input" name="file" required />
+            <button type="submit" class="btn btn-primary">Upload</button>
+        </form>
+        <button id="empty-vault" class="btn btn-danger">Empty Vault</button>
+        <a
+            href="{{ url_for('auth.logout') }}"
+            class="btn btn-secondary"
+            id="logout-btn"
+            >Logout</a
+        >
+    </div>
+    <ul id="file-list">
+        {% for file in files %}
+        <li>
+            <span>{{ file.filename }}</span>
+            <span>{{ file.size | filesizeformat }}</span>
+            <button
+                class="btn btn-secondary download-btn"
+                data-filename="{{ file.filename }}"
+            >
+                Download
+            </button>
+            <button
+                class="btn btn-danger delete-btn"
+                data-filename="{{ file.filename }}"
+            >
+                Delete
+            </button>
+        </li>
+        {% endfor %}
+    </ul>
+</div>
+{% endblock %} {% block scripts %}
+<script src="{{ url_for('static', filename='js/dashboard.js') }}"></script>
+{% endblock %}

templates/index.html

@@ -0,0 +1,23 @@
+{% extends "base.html" %} {% block title %}Welcome to Grimvault{% endblock %} {%
+block content %}
+<div class="container">
+    <h1>Welcome to Grimvault</h1>
+    <p>42hr encrypted cloud storage for your files.</p>
+    {% if current_user.is_authenticated %}
+    <p>Welcome back, {{ current_user.username }}!</p>
+    {% if current_user.is_admin %}
+    <a href="{{ url_for('admin.admin_dashboard') }}" class="btn btn-primary"
+        >Go to Admin Dashboard</a
+    >
+    {% else %}
+    <a href="{{ url_for('files.dashboard') }}" class="btn btn-primary"
+        >Go to My Files</a
+    >
+    {% endif %} {% else %}
+    <a href="{{ url_for('auth.login') }}" class="btn btn-primary">Login</a>
+    <a href="{{ url_for('auth.register') }}" class="btn btn-secondary"
+        >Register</a
+    >
+    {% endif %}
+</div>
+{% endblock %}

templates/login.html

@@ -0,0 +1,20 @@
+{% extends "base.html" %} {% block title %}Login - Grimvault{% endblock %} {%
+block content %}
+<div class="container">
+    <h1>Login</h1>
+    <form id="login-form">
+        <div class="form-group">
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="username" required />
+        </div>
+        <div class="form-group">
+            <label for="password">Password:</label>
+            <input type="password" id="password" name="password" required />
+        </div>
+        <button type="submit" class="btn btn-primary">Login</button>
+    </form>
+    <p id="login-message"></p>
+</div>
+{% endblock %} {% block scripts %}
+<script src="{{ url_for('static', filename='js/login.js') }}"></script>
+{% endblock %}

templates/register.html

@@ -0,0 +1,34 @@
+{% extends "base.html" %} {% block title %}Register - Grimvault{% endblock %} {%
+block content %}
+<div class="container">
+    <h1>Register</h1>
+    <form id="register-form">
+        <div class="form-group">
+            <label for="username">Username:</label>
+            <input type="text" id="username" name="username" required />
+        </div>
+        <div class="form-group">
+            <label for="password">Password:</label>
+            <input type="password" id="password" name="password" required />
+            <div id="password-strength"></div>
+        </div>
+        <div class="form-group">
+            <label for="confirm-password">Confirm Password:</label>
+            <input
+                type="password"
+                id="confirm-password"
+                name="confirm_password"
+                required
+            />
+        </div>
+        <p class="warning">
+            Warning: There is no password recovery option. Please remember your
+            password.
+        </p>
+        <button type="submit" class="btn btn-primary" disabled>Register</button>
+    </form>
+    <p id="register-message"></p>
+</div>
+{% endblock %} {% block scripts %}
+<script src="{{ url_for('static', filename='js/register.js') }}"></script>
+{% endblock %}