from flask import Flask, render_template, request, redirect, url_for, session
from werkzeug.middleware.proxy_fix import ProxyFix
import os

app = Flask(__name__)
app.secret_key = os.urandom(24)  # Generate a random secret key
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)

# Configure session to work behind proxy
app.config['SESSION_COOKIE_PATH'] = '/ecfs/'
app.config['SESSION_COOKIE_SECURE'] = False  # Set to True if you want HTTPS-only cookies
app.config['SESSION_COOKIE_HTTPONLY'] = True
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'

@app.route('/ecfs/')
def index():
    if 'logged_in' in session:
        return redirect(url_for('hello'))
    return redirect(url_for('login'))

@app.route('/ecfs/login', methods=['GET', 'POST'])
def login():
    error = None
    if request.method == 'POST':
        if request.form['username'] == 'u' and request.form['password'] == 'p':
            session['logged_in'] = True
            return redirect(url_for('hello'))
        else:
            error = 'Invalid credentials. Please try again.'
    return render_template('login.html', error=error)

@app.route('/ecfs/hello')
def hello():
    if 'logged_in' not in session:
        return redirect(url_for('login'))
    return render_template('hello.html')

@app.route('/ecfs/logout')
def logout():
    session.pop('logged_in', None)
    return redirect(url_for('login'))

if __name__ == '__main__':
    # app.run(host='127.0.0.1', port=9000, debug=False)
    app.run(host='127.0.0.1', port=9000, debug=False)