Secure Cancellation

Okay, I will add this HTML file to serve as the frontend for your cancellation API. I'll also update the Flask app to serve this page. Flask bcrypt import sqlite3 import bcrypt import os DB_FILE = 'users.db' EMAIL = 'test@example.com' PASSWORD = 'password123' # Remove existing DB if it exists to ensure a clean setup if os.path.exists(DB_FILE): os.remove(DB_FILE) # Hash the password hashed_password = bcrypt.hashpw(PASSWORD.encode('utf-8'), bcrypt.gensalt()) # Connect to the database (creates it if it doesn't exist) conn = sqlite3.connect(DB_FILE) cursor = conn.cursor() # Create the users table cursor.execute(''' CREATE TABLE users ( email TEXT PRIMARY KEY, password TEXT NOT NULL ) ''') # Insert the sample user cursor.execute('INSERT INTO users (email, password) VALUES (?, ?)', (EMAIL, hashed_password.decode('utf-8'))) # Commit changes and close the connection conn.commit() conn.close() print(f"Database '{DB_FILE}' created and initialized with user '{EMAIL}'.") print(f"Use password: '{PASSWORD}' for testing.") Secure Cancellation

Secure Cancellation

from flask import Flask, request, jsonify, send_from_directory import bcrypt #for password hashing import sqlite3 #or your database of choice import os # To check if DB exists app = Flask(__name__) DB_FILE = 'users.db' def get_db_connection(): conn = sqlite3.connect(DB_FILE) #replace with your database. conn.row_factory = sqlite3.Row return conn # Check if the database exists, if not, prompt to run setup if not os.path.exists(DB_FILE): print(f"Database '{DB_FILE}' not found.") print("Please run 'python setup_db.py' first to initialize the database.") # We'll let Flask start but API routes will fail until DB exists. # The root route will still work. @app.route('/') def index(): # Serve the index.html file from the current directory return send_from_directory('.', 'index.html') @app.route('/cancel', methods=['POST']) def cancel_account(): if not os.path.exists(DB_FILE): return jsonify({'success': False, 'message': f"Database '{DB_FILE}' not found. Run setup."}), 500 data = request.get_json() if not data: return jsonify({'success': False, 'message': 'Invalid JSON payload.'}), 400 email = data.get('email') password = data.get('password') # confirmation_code = data.get('confirmationCode') # Keep for future use if not email or not password: return jsonify({'success': False, 'message': 'Email and password are required.'}), 400 conn = None try: conn = get_db_connection() user = conn.execute('SELECT * FROM users WHERE email = ?', (email,)).fetchone() if user: # Ensure user['password'] is treated as bytes if stored as BLOB, or decode if stored as TEXT stored_password_bytes = user['password'].encode('utf-8') if isinstance(user['password'], str) else user['password'] if bcrypt.checkpw(password.encode('utf-8'), stored_password_bytes): #compare the password. # Add confirmation code verification here, if needed. conn.execute('DELETE FROM users WHERE email = ?', (email,)) conn.commit() return jsonify({'success': True, 'message': 'Account canceled successfully.'}) else: # Use 401 Unauthorized for bad credentials return jsonify({'success': False, 'message': 'Incorrect password.'}), 401 else: # Use 404 Not Found if user doesn't exist return jsonify({'success': False, 'message': 'User not found.'}), 404 except sqlite3.Error as e: print(f"Database error: {e}") # Use 500 Internal Server Error for database issues return jsonify({'success': False, 'message': 'Database error occurred.'}), 500 except Exception as e: print(f"An error occurred: {e}") # Use 500 Internal Server Error for other unexpected errors return jsonify({'success': False, 'message': 'An internal server error occurred.'}), 500 finally: if conn: conn.close() if __name__ == '__main__': # Use 0.0.0.0 to make it accessible externally if needed in some environments app.run(debug=True, host='0.0.0.0', port=5000) First, ensure the database is set up: sh pip install -r requirements.txt python setup_db.py Then, run the Flask application: sh flask run --host=0.0.0.0 --port=5000 Now you can open the provided URL in your browser to access the cancellation form. Enter the test credentials (`test@example.com` / `password123`) to test the cancellation process.