Implemented search

2020-11-29 02:27:36 +01:00 · 2020-11-29 02:27:36 +01:00 · 1dd4e5eff3
parent 69555d4444
commit 1dd4e5eff3
2 changed files with 18 additions and 4 deletions
--- a/src/templates/index.html
+++ b/src/templates/index.html
@ -1,5 +1,10 @@
 {% extends 'base.html' %}
 {% block content %}
+    {% if search_query %}
+        <div class="row mx-2">
+            <h3>Results for {{ search_query }}</h3>
+        </div>
+    {% endif %}
    {% if items %}
        <div class="row mx-2">
            {% for item in items %}
--- a/src/views/indexview.py
+++ b/src/views/indexview.py
@ -1,9 +1,11 @@
 #!/usr/bin/env python3
-from flask import render_template
+from flask import render_template, request
 from flask_classful import FlaskView

 from models import Item

+import bleach
+
 """
 Index VIEW
 """
@ -15,9 +17,16 @@ __version__text__ = "1"


 class IndexView(FlaskView):
-
    route_base = '/'

    def index(self):
-        items = Item.query.all()
-        return render_template("index.html", items=items)
+        search_query = request.args.get('search')
+
+        if search_query:
+            search_query = bleach.clean(search_query, tags=[])
+            # https://stackoverflow.com/questions/31949733/is-a-sqlalchemy-query-vulnerable-to-injection-attacks/31949750#31949750
+            items = Item.query.filter(Item.name.ilike(f"%{search_query}%")).all()
+        else:
+            items = Item.query.all()
+
+        return render_template("index.html", items=items, search_query=search_query)