From ed71714a79c4579a85aa2f5a97d1711a5208ec33 Mon Sep 17 00:00:00 2001
From: PV Tejas <pvtejas@protonmail.com>
Date: Fri, 27 Feb 2026 20:13:10 +0530
Subject: [PATCH 1/4] Fixed errors in tests

---
 flaskr/auth.py     | 2 +-
 tests/test_blog.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/flaskr/auth.py b/flaskr/auth.py
index 5874e97..ad930fb 100644
--- a/flaskr/auth.py
+++ b/flaskr/auth.py
@@ -11,7 +11,7 @@ bp = Blueprint('auth', __name__, url_prefix='/auth')
 
 @bp.route('/register', methods=('GET', 'POST'))
 def register():
-    return "Admin only", 403
+    # return "Admin only", 403
     if request.method == 'POST':
         username = request.form['username']
         password = request.form['password']
diff --git a/tests/test_blog.py b/tests/test_blog.py
index 2479428..deb52bc 100644
--- a/tests/test_blog.py
+++ b/tests/test_blog.py
@@ -58,7 +58,7 @@ def test_create(client, auth, app):
 def test_update(client, auth, app):
     auth.login()
     assert client.get('/1/update').status_code == 200
-    client.post('/1/update', data={'title': 'updated', 'body': ''})
+    client.post('/1/update', data={'title': 'updated', 'body': '', 'created': '1970-01-01 00:00:00'})
 
     with app.app_context():
         db = get_db()
@@ -71,7 +71,7 @@ def test_update(client, auth, app):
 ))
 def test_create_update_validate(client, auth, path):
     auth.login()
-    response = client.post(path, data={'title': '', 'body': ''})
+    response = client.post(path, data={'title': '', 'body': '', 'created': '1970-01-01 00:00:00'})
     assert b'Title is required.' in response.data
 
 def test_delete(client, auth, app):

From 67953ac42e5c78751a398dea932978cdfe9b4f69 Mon Sep 17 00:00:00 2001
From: PV Tejas <pvtejas@protonmail.com>
Date: Sun, 1 Mar 2026 19:30:52 +0530
Subject: [PATCH 2/4] Remove register URL | Closes #2

---
 flaskr/__init__.py         | 1 +
 flaskr/auth.py             | 5 +++--
 flaskr/templates/base.html | 1 -
 tests/conftest.py          | 1 +
 tests/test_auth.py         | 4 ++++
 tests/test_blog.py         | 2 +-
 6 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/flaskr/__init__.py b/flaskr/__init__.py
index ed7d989..7d7ec81 100644
--- a/flaskr/__init__.py
+++ b/flaskr/__init__.py
@@ -8,6 +8,7 @@ def create_app(test_config=None):
     app.config.from_mapping(
         SECRET_KEY='dev',
         DATABASE=os.path.join(app.instance_path, 'flaskr.sqlite'),
+        ALLOW_REGISTER=False,
     )
 
     app.wsgi_app = ProxyFix(
diff --git a/flaskr/auth.py b/flaskr/auth.py
index ad930fb..6b95143 100644
--- a/flaskr/auth.py
+++ b/flaskr/auth.py
@@ -1,7 +1,7 @@
 import functools
 
 from flask import (
-    Blueprint, flash, g, redirect, render_template, request, session, url_for
+    Blueprint, flash, g, redirect, render_template, request, session, url_for, current_app
 )
 from werkzeug.security import check_password_hash, generate_password_hash
 
@@ -11,7 +11,8 @@ bp = Blueprint('auth', __name__, url_prefix='/auth')
 
 @bp.route('/register', methods=('GET', 'POST'))
 def register():
-    # return "Admin only", 403
+    if not current_app.config["ALLOW_REGISTER"]:
+        return "Admin only", 403
     if request.method == 'POST':
         username = request.form['username']
         password = request.form['password']
diff --git a/flaskr/templates/base.html b/flaskr/templates/base.html
index 6c1d788..152f1af 100644
--- a/flaskr/templates/base.html
+++ b/flaskr/templates/base.html
@@ -9,7 +9,6 @@
       <li><span>{{ g.user['username'] }}</span>
       <li><a href="{{ url_for('auth.logout') }}">Log Out</a>
     {% else %}
-      <li><a href="{{ url_for('auth.register') }}">Register</a>
       <li><a href="{{ url_for('auth.login') }}">Log In</a>
     {% endif %}
   </ul>
diff --git a/tests/conftest.py b/tests/conftest.py
index 2db6e29..836a5ad 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -15,6 +15,7 @@ def app():
     app = create_app({
         'TESTING': True,
         'DATABASE': db_path,
+        'ALLOW_REGISTER': True,
     })
 
     with app.app_context():
diff --git a/tests/test_auth.py b/tests/test_auth.py
index d9b9b9e..1f45590 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -14,6 +14,10 @@ def test_register(client, app):
             "SELECT * FROM user WHERE USERNAME = 'a'",
         ).fetchone() is not None
 
+    app.config["ALLOW_REGISTER"] = False
+    response = client.get('/auth/register')
+    assert b"Admin only" in response.data
+
 @pytest.mark.parametrize(('username', 'password', 'message'), (
     ('', '', b'Username is required.'),
     ('a', '', b'Password is required.'),
diff --git a/tests/test_blog.py b/tests/test_blog.py
index deb52bc..5f7e816 100644
--- a/tests/test_blog.py
+++ b/tests/test_blog.py
@@ -4,7 +4,7 @@ from flaskr.db import get_db
 def test_index(client, auth):
     response = client.get('/')
     assert b"Log In" in response.data
-    assert b"Register" in response.data
+    assert b"Register" not in response.data
 
     auth.login()
     response = client.get('/')

From 39243beff486901dfc02f5dff0c6f1c810ffd15f Mon Sep 17 00:00:00 2001
From: PV Tejas <pvtejas@protonmail.com>
Date: Sun, 1 Mar 2026 19:37:45 +0530
Subject: [PATCH 3/4] Remove login URL | Fixes #3

---
 flaskr/templates/base.html | 2 --
 tests/test_blog.py         | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/flaskr/templates/base.html b/flaskr/templates/base.html
index 152f1af..ae63dea 100644
--- a/flaskr/templates/base.html
+++ b/flaskr/templates/base.html
@@ -8,8 +8,6 @@
     {% if g.user %}
       <li><span>{{ g.user['username'] }}</span>
       <li><a href="{{ url_for('auth.logout') }}">Log Out</a>
-    {% else %}
-      <li><a href="{{ url_for('auth.login') }}">Log In</a>
     {% endif %}
   </ul>
 </nav>
diff --git a/tests/test_blog.py b/tests/test_blog.py
index 5f7e816..810ade1 100644
--- a/tests/test_blog.py
+++ b/tests/test_blog.py
@@ -3,7 +3,7 @@ from flaskr.db import get_db
 
 def test_index(client, auth):
     response = client.get('/')
-    assert b"Log In" in response.data
+    assert b"Log In" not in response.data
     assert b"Register" not in response.data
 
     auth.login()

From f2fb55ea3330c8ab2dbc51f20c0baa94fd4e57c3 Mon Sep 17 00:00:00 2001
From: PV Tejas <pvtejas@protonmail.com>
Date: Sun, 1 Mar 2026 20:32:48 +0530
Subject: [PATCH 4/4] Working code, failing test

---
 flaskr/__init__.py                  |  2 +-
 flaskr/blog.py                      | 22 ++++++++++++++++++++++
 flaskr/templates/blog/firehose.html | 28 ++++++++++++++++++++++++++++
 flaskr/templates/blog/index.html    |  1 -
 flaskr/templates/blog/post.html     | 19 +++++++++++++++++++
 tests/test_blog.py                  | 19 +++++++++++++++++++
 6 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 flaskr/templates/blog/firehose.html
 create mode 100644 flaskr/templates/blog/post.html

diff --git a/flaskr/__init__.py b/flaskr/__init__.py
index 7d7ec81..33779f8 100644
--- a/flaskr/__init__.py
+++ b/flaskr/__init__.py
@@ -8,7 +8,7 @@ def create_app(test_config=None):
     app.config.from_mapping(
         SECRET_KEY='dev',
         DATABASE=os.path.join(app.instance_path, 'flaskr.sqlite'),
-        ALLOW_REGISTER=False,
+        ALLOW_REGISTER=True,
     )
 
     app.wsgi_app = ProxyFix(
diff --git a/flaskr/blog.py b/flaskr/blog.py
index 523cfaf..6bf9b55 100644
--- a/flaskr/blog.py
+++ b/flaskr/blog.py
@@ -28,6 +28,23 @@ def index():
         posts.append(post)
     return render_template('blog/index.html', posts=posts)
 
+@bp.route('/firehose')
+def firehose():
+    db = get_db()
+    db_posts = db.execute(
+        'SELECT p.id, title, body, created, author_id, username'
+        ' FROM post p JOIN user u ON p.author_id = u.id'
+        ' ORDER BY created DESC'
+    ).fetchall()
+    posts = []
+    for post in db_posts:
+        if post['created'] > datetime.datetime.utcnow():
+            continue
+        post = dict(post)
+        post['body'] = markdown.markdown(post['body'])
+        posts.append(post)
+    return render_template('blog/firehose.html', posts=posts)
+
 @bp.route('/create',methods=('GET', 'POST'))
 @login_required
 def create():
@@ -69,6 +86,11 @@ def get_post(id, check_author=True):
 
     return post
 
+@bp.route('/<int:id>')
+def individual_post(id):
+    post = get_post(id, False)
+    return render_template('blog/post.html', post=post)
+
 @bp.route('/<int:id>/update', methods=('GET', 'POST'))
 @login_required
 def update(id):
diff --git a/flaskr/templates/blog/firehose.html b/flaskr/templates/blog/firehose.html
new file mode 100644
index 0000000..21e3178
--- /dev/null
+++ b/flaskr/templates/blog/firehose.html
@@ -0,0 +1,28 @@
+{% extends 'base.html' %}
+
+{% block header %}
+  <h1>{% block title %}Posts{% endblock %}</h1>
+  {% if g.user %}
+    <a class="action" href="{{ url_for('blog.create') }}">New</a>
+  {% endif %}
+{% endblock %}
+
+{% block content %}
+  {% for post in posts %}
+    <article class="post">
+      <header>
+	<div>
+	  <h1>{{ post['title'] }}</h1>
+	  <div class="about">by {{ post['username'] }} on {{ post['created'].strftime('%Y-%m-%d') }}</div>
+	</div>
+	{% if g.user['id'] == post['author_id'] %}
+	  <a class="action" href="{{ url_for('blog.update', id=post['id']) }}">Edit</a>
+	  {% endif %}
+      </header>
+      <p class="body">{{ post['body']|safe }}</p>
+    </article>
+    {% if not loop.last %}
+      <hr>
+    {% endif %}
+  {% endfor %}
+{% endblock %}
diff --git a/flaskr/templates/blog/index.html b/flaskr/templates/blog/index.html
index ffd9fbc..7f1e4e8 100644
--- a/flaskr/templates/blog/index.html
+++ b/flaskr/templates/blog/index.html
@@ -19,7 +19,6 @@
 	  <a class="action" href="{{ url_for('blog.update', id=post['id']) }}">Edit</a>
 	  {% endif %}
       </header>
-      <p class="body">{{ post['body']|safe }}</p>
     </article>
     {% if not loop.last %}
       <hr>
diff --git a/flaskr/templates/blog/post.html b/flaskr/templates/blog/post.html
new file mode 100644
index 0000000..c2a612c
--- /dev/null
+++ b/flaskr/templates/blog/post.html
@@ -0,0 +1,19 @@
+{% extends 'base.html' %}
+
+{% block header %}
+  <h1>{% block title %}{{ post['title'] }}{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+  <article class="post">
+    <header>
+  <div>
+    <div class="about">by {{ post['username'] }} on {{ post['created'].strftime('%Y-%m-%d') }}</div>
+  </div>
+  {% if g.user['id'] == post['author_id'] %}
+  <a class="action" href="{{ url_for('blog.update', id=post['id']) }}">Edit</a>
+    {% endif %}
+    </header>
+    <p class="body">{{ post['body']|safe }}</p>
+  </article>
+{% endblock %}
diff --git a/tests/test_blog.py b/tests/test_blog.py
index 810ade1..175e5b5 100644
--- a/tests/test_blog.py
+++ b/tests/test_blog.py
@@ -6,6 +6,19 @@ def test_index(client, auth):
     assert b"Log In" not in response.data
     assert b"Register" not in response.data
 
+    auth.login()
+    response = client.get('/')
+    assert b'Log Out' in response.data
+    assert b'test title' in response.data
+    assert b'by test on 2018-01-01' in response.data
+    assert b'test\nbody' not in response.data
+    assert b'href="/1/update"' in response.data
+
+def test_firehose(client, auth):
+    response = client.get('/')
+    assert b"Log In" not in response.data
+    assert b"Register" not in response.data
+
     auth.login()
     response = client.get('/')
     assert b'Log Out' in response.data
@@ -14,6 +27,12 @@ def test_index(client, auth):
     assert b'test\nbody' in response.data
     assert b'href="/1/update"' in response.data
 
+def test_individual_page(client, auth):
+    response = client.get('/1')
+    assert b'test title' in response.data
+    assert b'by test on 2018-01-01' in response.data
+    assert b'test\nbody' in response.data
+
 @pytest.mark.parametrize('path', (
     '/create',
     '/1/update',