Hopefully that wraps the update

Procfile

@@ -1 +1 @@
-web: gunicorn run:app
+web: gunicorn --workers 1 run:app

boyd_bot/__init__.py

@@ -7,7 +7,7 @@
 app.logger.setLevel(logging.DEBUG)
 
 app_url = os.environ.get("APP_URL", "http://127.0.0.1")
-app.config["SECRET_KEY"] = os.environ.get("FLASK_KEY", os.urandom(24))
+app.config["SECRET_KEY"] = os.environ.get("FLASK_KEY")
 
 from . import _config
 
@@ -58,3 +58,16 @@ def log(message):
 from .app import *
 
 app.register_blueprint(blueprint, url_prefix=app.config["URL_ROOT"])
+
+
+@app.after_request
+def secure_http_header(response):
+    response.headers[
+        "Strict-Transport-Security"
+    ] = "max-age=31536000; includeSubDomains"
+    response.headers["Content-Security-Policy"] = "default-src * 'unsafe-inline'"
+    response.headers["X-Frame-Options"] = "SAMEORIGIN"
+    response.headers["X-Content-Type-Options"] = "nosniff"
+    response.headers["Referrer-Policy"] = "same-origin"
+    response.headers["Feature-Policy"] = "none"
+    return response

boyd_bot/_config.py

@@ -5,6 +5,12 @@
 app.config["URL_ROOT"] = "/"
 
 
+# Template Option
+app.config["TEMPLATES"] = {
+    "REG_FORM": "uni_theme_reg.html",  # uni_theme or default
+}
+
+
 # Simple string messages that can be replaced
 app.config["MSG"] = {
     "REG_ACKNOWLEDGE": "Alrighty! We can get started. :D",
@@ -16,6 +22,6 @@
 
 # Features you can switch on/off
 app.config["FEATURES"] = {
-    "ONE_TIME_USE": True,  # Highly experimental and somewhat unstable; recommended to keep False
+    "ONE_TIME_USE": True,  # On-going issue (read https://github.com/ineshbose/boyd_bot_messenger/issues/8)
     "DEMO": True,  # Works for chatbots without platform user-accounts (eg Dialogflow Web Demo / Embedded)
 }

boyd_bot/app.py

@@ -25,7 +25,11 @@ def webhook():
 
     else:
         user_data = platform.get_user_data(sender_id)
-        if not sender_id or ("error" in user_data and platform_user):
+        if (
+            not sender_id
+            or ("error" in user_data and platform_user)
+            or not (platform_user or app.config["FEATURES"]["DEMO"])
+        ):
             log("{} is not a valid user".format(sender_id))
             abort(401)
 
@@ -44,7 +48,7 @@ def new_user_registration(reg_id):
     if request.method == "GET":
         return (
             render_template(
-                "register.html",
+                app.config["TEMPLATES"]["REG_FORM"],
                 form=RegisterForm(reg_id=reg_id, remember=db.get_reg_id_result(reg_id)),
             )
             if db.get_data(reg_id)
@@ -62,15 +66,20 @@ def new_user_registration(reg_id):
         reg_id = request.form.get("reg_id")
         uni_id = request.form.get("uni_id")
         uni_pw = request.form.get("uni_pw")
-        remember = request.form.get("remember")
+
+        remember = (
+            request.form.get("remember")
+            if app.config["FEATURES"]["ONE_TIME_USE"]
+            else db.get_reg_id_result(reg_id)
+        )
 
         uid = db.get_user_id(reg_id)
         login_result = timetable.login(uid, uni_id, uni_pw)
         log("{} undergoing registration. Result: {}".format(uid, login_result))
 
         if not login_result[0]:
             return render_template(
-                "register.html",
+                app.config["TEMPLATES"]["REG_FORM"],
                 form=RegisterForm(reg_id=reg_id, remember=remember),
                 message=login_result[1],
             )
@@ -81,7 +90,7 @@ def new_user_registration(reg_id):
         db.insert_data(uid, **user_details)
         platform.send_message(uid, app.config["MSG"]["REG_ACKNOWLEDGE"])
 
-        return render_template("register.html", success=True)
+        return render_template(app.config["TEMPLATES"]["REG_FORM"], success=True)
 
 
 def user_gateway(request_data, uid):

boyd_bot/static/css/styles.css

@@ -10306,8 +10306,10 @@ body {
 }
 
 .signup-section {
-  padding: 10rem 0;
-  background: linear-gradient(#007bff, #000000);
+  padding: 5rem 2rem;
+  align-items: center;
+  text-align: center;
+  background: linear-gradient(#3697ff, #a28dff);
   background-position: center;
   background-repeat: no-repeat;
   background-attachment: scroll;

boyd_bot/templates/default_reg.html

@@ -0,0 +1,22 @@
+{% extends 'base.html' %}
+
+{% block body_block %}
+    <div class="signup-section">
+    {% if success %}
+    <div class="alert-success">{{ config.MSG.SUCCESS_MSG }}</div>
+    {% else %}
+    {% if message %}
+    <div class="alert-danger">{{message}}</div>
+    {% endif %}
+    <form action="{{ url_for('.new_user_registration', reg_id=form.reg_id.data) }}" method="post" validate>
+        {{ form.hidden_tag() }}
+        {{ form.uni_id(placeholder=form.uni_id.label.text, class_="form-control") }}
+        {{ form.uni_pw(placeholder=form.uni_pw.label.text, class_="form-control") }} <br>
+        {{ form.submit(value=form.submit.label.text, class_="button-control") }} <br>
+        {% if config.FEATURES.ONE_TIME_USE and form.remember.data %}
+            {{ form.remember }} {{ form.remember.label }}
+        {% endif %}
+    </form>
+    {% endif %}
+    </div>
+{% endblock %}

boyd_bot/timetable.py

@@ -48,7 +48,7 @@ def format_event(self, event):
             event.get("location", "No Location Found"),
         )
 
-    def jsonify_desc(self, event):
+    def parse_desc(self, event):
         return (
             dict(
                 (k.strip(), v.strip())

docs/files/app.md

@@ -1,6 +1,6 @@
 # [`app.py`](https://github.com/ineshbose/boyd_bot_messenger/blob/master/boyd_bot/app.py)
 
-This script is the Flask app. It is the only script to have access to the keys and enables webhook.
+This script has essential implementations that helps the bot function.
 
 
 

docs/files/init.md

@@ -64,4 +64,10 @@ APP: lorem ipsum
 
 |                 Parameters              |    Returns  |
 |-----------------------------------------|-------------|
-| **`message`:** the message to log       | **`None`**  |
+| **`message`:** the message to log       | **`None`**  |
+
+
+
+## `secure_http_header(request)`
+
+Specifies values for HTTP Headers to make connection secure.

docs/files/miscellaneous/config.md

@@ -7,6 +7,11 @@ This file is not a `.cfg` file placed outside of the app folder for a little eas
 `app.config["URL_ROOT"]` allows you to put all routes under a sub-path if needed (say it's a sub-app of another app) with the help of `Blueprints`.
 
 
+## Templates
+
+`app.config["TEMPLATES"]` makes it easy to switch templates that are rendered through the app.
+
+
 ## Messages
 
 `app.config["MSG"]` allows you to replace some messages wherever possible.
@@ -16,4 +21,12 @@ This file is not a `.cfg` file placed outside of the app folder for a little eas
 ## Features
 
 `app.config["FEATURES"]` allows you to toggle some features using boolean values.
-`True` means on, `False` means off.
+`True` means on, `False` means off.
+
+### `ONE_TIME_USE`
+
+Allows users to use the bot without having their credentials stored in the database. This means that their calendar is fetched ONCE and remains in the app for a limited time.
+
+### `DEMO`
+
+Allows demonstration of the bot outside of the platform using embedded chats, etc. This uses a unique ID (usually session ID) as the sender ID. All demo users are forced one-time-use i.e. their credentials aren't stored and the chat dies after a while.

docs/files/miscellaneous/templates.md

@@ -1,17 +1,21 @@
 # [templates](https://github.com/ineshbose/boyd_bot_messenger/blob/master/boyd_bot/templates)
 
-## `register.html`
+
+## Registration Form
 
 This is the registration form. Tailor this according to your university.
 
+### The Hillhead Theme
+
 ```html
 <!-- It's a good idea to style the registration form with a theme that is familiar to users and can get their trust.-->
 ```
 
+The hillhead theme is extracted from [University of Glasgow Moodle](https://moodle.gla.ac.uk/) and used in `uni_theme_reg.html`.
 
-### The Hillhead Theme
+### Standard / Default Theme
 
-The hillhead theme is extracted from [University of Glasgow Moodle](https://moodle.gla.ac.uk/)
+If you're not into making your own form, a pre-built generic form template is given and can be toggled in `_config.py`.
 
 
 

docs/files/timetable.md

@@ -82,9 +82,9 @@ The events in `icalendar.Calendar` are in the form of a dictionary. This functio
 
 
 
-## `Timetable`.**`jsonify_desc(event)`**
+## `Timetable`.**`parse_desc(event)`**
 
-Creates a `dict` from the description of the event. <br>
+Breaks down essential information from the description of the event. <br>
 **Note:** The formatting is according to how event conventions are for the University of Glasgow. For example, usually events have description like
 ```
 Course: Random Course Name
@@ -94,13 +94,13 @@ Details: Lecture.
 ```
 
 ```python
->>> jsonify_desc(event)
+>>> parse_desc(event)
 {"Course": "Random Course Name", "Class Type": "Lecture", "Lecturer": "Orr, Dr Boyd", "Details": "Lecture."}
 ```
 
-|                       Parameters                      |                    Returns                      |
-|-------------------------------------------------------|-------------------------------------------------|
-| **`event`:** the `icalendar.Calendar.event` to format | **`str`:** a string representation of the event |
+|                       Parameters                      |                       Returns                      |
+|-------------------------------------------------------|----------------------------------------------------|
+| **`event`:** the `icalendar.Calendar.event` to format | **`dict`:** information from the desc of the event |
 
 
 

docs/requirements.txt

@@ -1,3 +1,3 @@
 mkdocs==1.1.2
-mkdocs-material==5.5.0
+mkdocs-material==5.5.5
 mkdocs-material-extensions==1.0

run.py

@@ -2,4 +2,4 @@
 
 
 if __name__ == "__main__":
-    app.run(debug=True, port=80)
+    app.run(debug=False, port=80)