Skip to content

satanieremii/recipe_app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

14 Commits
docs
docs
Β 
Β 
static/css
static/css
Β 
Β 
templates
templates
Β 
Β 
.env.example
.env.example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
README.md
README.md
Β 
Β 
app.py
app.py
Β 
Β 
forms.py
forms.py
Β 
Β 
models.py
models.py
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 

Repository files navigation

Recipe App (Flask)

A small Flask web application to store and share recipes.

Key features

  • User registration and login (passwords hashed with Werkzeug).
  • Add recipes with optional image upload (stored in static/uploads/).
  • View recipe with author and date (date shown as DD.MM.YYYY).
  • Safe search endpoint /search_safe using parameterized queries (ORM).
  • Local educational demo of a vulnerable search endpoint /search_vuln (SQL injection) β€” disabled by default and only enabled when the environment variable ENABLE_DEMO_SQLI=1 is set.

Security note: The vulnerable endpoint is included for educational/portfolio demonstration only. Do not enable ENABLE_DEMO_SQLI on any public or production server.

Licence & contact: This project is for learning/portfolio purposes. If you want to try improvements or have questions β€” open an issue/contact me.

Screenshots

Include screenshots in docs/ (examples):

  • docs/home.png β€” Home page listing recipes
  • docs/add_recipe.png β€” Add recipe form with image upload
  • docs/recipe.png β€” Recipe page showing author, date and image
  • docs/safe_search.png β€” Safe search results
  • docs/sql_injection_search_2.png β€” Demo showing SQLi on /search_vuln locally

Quick start (run locally)

  1. Clone repo:
git clone https://github.com/satanieremii/recipe_app.git
cd recipe_app
  1. Create virtual environment and install:
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
  1. Prepare environment variables (example):
# generate a secure key and paste it
export SECRET_KEY='paste_a_generated_secret_here'
# enable demo vulnerable route only locally when you want to test
export ENABLE_DEMO_SQLI=0

You can create a local .env (NOT committed) and then source .env if preferred.

  1. Run the app:
python app.py
# open http://127.0.0.1:5000
  1. To enable the local SQLi demo (ONLY on your machine):
export ENABLE_DEMO_SQLI=1
python app.py
# then open /search_vuln and test payload like: %' OR '1'='1

Project structure

recipe_app/
β”œβ”€ app.py
β”œβ”€ models.py
β”œβ”€ forms.py
β”œβ”€ templates/
β”œβ”€ static/
β”‚  β”œβ”€ css/
β”‚  └─ uploads/
β”œβ”€ docs/
β”œβ”€ requirements.txt
β”œβ”€ .gitignore
β”œβ”€ .env.example
└─ README.md

About

Flask-based recipe sharing app with user authentication, secure search, and an optional local SQL Injection demo for learning web security. πŸ₯˜πŸ” A portfolio/education project β€” feedback welcome!

Topics

python learning recipes flask demo sqlalchemy forms sqlite web-application sql-injection image-upload student-project portfolio-project user-authentication

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Recipe App β€” Portfolio Edition (v1.0.0) Latest
Oct 26, 2025

Packages

 
 
 

Contributors

Languages