Split routes into multiple files (#2)

* split into files * attempted path fix * perms fix * added missed functions * fixed circular dependancy * I hate splitting * env fix * path fix
2026-05-14 22:16:54 +00:00 · 2025-02-18 01:27:40 +00:00
parent 4c7853fb3f
commit c1f26094de
24 changed files with 584 additions and 470 deletions
@@ -13,4 +13,4 @@ COPY . .

 EXPOSE 5121

-CMD ["python", "app.py"]
+CMD ["python", "run.py"]
@@ -1,8 +1,7 @@
 all: run

 run:
-	docker compose build
-	docker compose up -d
+	docker compose up --build -d

 stop:
 	docker compose down -v
@@ -1,447 +0,0 @@
-from flask import (
-    Flask,
-    render_template,
-    request,
-    redirect,
-    url_for,
-    send_from_directory,
-    flash,
-    abort,
-    jsonify,
-    session,
-)
-from flask_sqlalchemy import SQLAlchemy
-from flask_login import (
-    LoginManager,
-    UserMixin,
-    login_user,
-    logout_user,
-    login_required,
-    current_user,
-)
-from flask_apscheduler import APScheduler
-from werkzeug.security import generate_password_hash, check_password_hash
-from werkzeug.exceptions import NotFound
-import os
-import shutil
-from datetime import datetime, timedelta
-from waitress import serve
-import re
-from secrets import token_hex
-
-app = Flask(__name__)
-app.config["SESSION_TYPE"] = "filesystem"
-app.config["SESSION_FILE_DIR"] = "/app/instance/flask_session"
-
-try:
-    with open("/app/instance/secret.key", "rb") as f:
-        app.config["SECRET_KEY"] = bytes.hex(f.readline())
-except FileNotFoundError as e:
-    if not os.path.exists("/app/instance"):
-        os.mkdir("/app/instance")
-
-    with open("/app/instance/secret.key", "wb") as f:
-        newKey = token_hex(64)
-        f.write(bytearray.fromhex(newKey))
-        app.config["SECRET_KEY"] = newKey
-
-PORT = 5121
-app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:////app/instance/db.sqlite"
-app.config["UPLOAD_FOLDER"] = "sites"
-app.config["SERVER_NAME"] = "tinysite.cloud"
-app.config["SESSION_COOKIE_DOMAIN"] = ".tinysite.cloud"
-app.config["SESSION_COOKIE_NAME"] = "tinysite_session"
-app.config["SESSION_COOKIE_HTTPONLY"] = True
-app.config["SESSION_COOKIE_SECURE"] = True  # If using HTTPS
-app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
-app.config["SQLALCHEMY_ENGINE_OPTIONS"] = {
-    "pool_pre_ping": True,
-    "pool_recycle": 300,
-}
-db = SQLAlchemy(app)
-
-
-RESERVED_SUBDOMAINS = {
-    "",
-    "www",
-    "api",
-    "admin",
-    "support",
-    "docs",
-    "blog",
-    "cdn",
-    "test",
-    "dev",
-    "staging",
-    "secure",
-    "mail",
-    "status",
-    "gateway",
-}
-
-
-# TODO: add specific page redirects here as they're added
-def isDefaultRoute(hostname: str):
-    # exactly the main domain
-    if hostname == app.config["SERVER_NAME"]:
-        return True
-
-    # a reserved subdomain
-    parts = hostname.split(".")
-    server_parts = app.config["SERVER_NAME"].split(".")
-
-    # the host ends with the server domain
-    if parts[-len(server_parts) :] != server_parts:
-        return False
-
-    # subdomain portion
-    subdomain = ".".join(parts[: -len(server_parts)])
-
-    # any part of the subdomain is reserved
-    return (
-        any(part in RESERVED_SUBDOMAINS for part in subdomain.split("."))
-        or subdomain in RESERVED_SUBDOMAINS
-    )
-
-
-# Models
-class User(UserMixin, db.Model):
-    id = db.Column(db.Integer, primary_key=True)
-    email = db.Column(db.String(100), unique=True)
-    password_hash = db.Column(db.String(128))  # Renamed for clarity
-
-    def set_password(self, password):
-        self.password_hash = generate_password_hash(password)
-
-    def check_password(self, password):
-        return check_password_hash(self.password_hash, password)
-
-
-class Site(db.Model):
-    id = db.Column(db.Integer, primary_key=True)
-    user_id = db.Column(db.Integer)
-    name = db.Column(db.String(100))
-    subdomain = db.Column(db.String(100), unique=True)
-    last_accessed = db.Column(db.DateTime)
-    created_at = db.Column(db.DateTime, default=datetime.utcnow)
-
-
-@app.context_processor
-def inject_subdomain():
-    host = request.host
-    server_parts = app.config["SERVER_NAME"].split(".")
-    host_parts = host.split(".")
-
-    subdomain = None
-    if host_parts[-len(server_parts) :] == server_parts:
-        subdomain_parts = host_parts[: -len(server_parts)]
-        if subdomain_parts:
-            subdomain = ".".join(subdomain_parts)
-
-    return {
-        "SUBDOMAIN": subdomain,
-        "FULL_DOMAIN": host,
-        "SERVERNAME": app.config["SERVER_NAME"],
-    }
-
-
-@app.errorhandler(404)
-def page_not_found(_):
-    host = request.host
-    server_name = app.config["SERVER_NAME"]
-    server_parts = server_name.split(".")
-    host_parts = host.split(".")
-    show_domain = False
-
-    # Case 1: Direct match of main domain
-    if host == server_name:
-        show_domain = True
-    else:
-        # Extract potential subdomain
-        if host_parts[-len(server_parts) :] == server_parts:
-            subdomain = ".".join(host_parts[: -len(server_parts)])
-
-            # Case 2: Subdomain doesn't exist and isn't reserved
-            if subdomain and subdomain not in RESERVED_SUBDOMAINS:
-                if not Site.query.filter_by(subdomain=subdomain).first():
-                    show_domain = True
-
-    return (
-        render_template(
-            "404.html",
-            domain=host if show_domain else None,
-            is_main_domain=(host == server_name),
-        ),
-        404,
-    )
-
-
-# Auth setup
-login_manager = LoginManager()
-login_manager.init_app(app)
-login_manager.login_view = "login"
-
-
-@login_manager.user_loader
-def load_user(user_id):
-    return User.query.get(int(user_id))
-
-
-# Scheduler for auto-deletion
-scheduler = APScheduler()
-scheduler.init_app(app)
-
-
-def delete_inactive_sites():
-    with app.app_context():
-        cutoff = datetime.utcnow() - timedelta(days=30)
-        sites = Site.query.filter(Site.last_accessed < cutoff).all()
-        for site in sites:
-            site_dir = os.path.join(
-                app.config["UPLOAD_FOLDER"], str(site.user_id), str(site.id)
-            )
-            if os.path.exists(site_dir):
-                shutil.rmtree(site_dir)
-            db.session.delete(site)
-        db.session.commit()
-
-
-if not scheduler.running:
-    scheduler.start()
-    scheduler.add_job(
-        id="delete_job", func=delete_inactive_sites, trigger="interval", days=1
-    )
-
-
-# Routes
-@app.route("/login", methods=["GET", "POST"])
-def login():
-    if request.method == "POST":
-        email = request.form.get("email")
-        password = request.form.get("password")
-        user = User.query.filter_by(email=email).first()
-
-        if user and user.check_password(password):
-            login_user(user)
-            session.permanent = True  # Add this line
-            return redirect(url_for("dashboard"))
-        flash("Invalid email or password")
-    return render_template("login.html")
-
-
-@app.route("/logout")
-def logout():
-    logout_user()
-    return redirect(url_for("home"))
-
-
-@app.route("/register", methods=["GET", "POST"])
-def register():
-    if request.method == "POST":
-        email = request.form.get("email")
-        password = request.form.get("password")
-
-        if User.query.filter_by(email=email).first():
-            flash("Email already exists")
-            return redirect(url_for("register"))
-
-        new_user = User(email=email)
-        new_user.set_password(password)
-        db.session.add(new_user)
-        db.session.commit()
-
-        login_user(new_user)
-        return redirect(url_for("dashboard"))
-    return render_template("register.html")
-
-
-@app.route("/dashboard")
-@login_required
-def dashboard():
-    sites = Site.query.filter_by(user_id=current_user.id).all()
-    return render_template(
-        "dashboard.html",
-        sites=sites,
-        subdomain=request.host.split(".")[0],
-        hostname=app.config["SERVER_NAME"],
-    )
-
-
-@app.route("/upload", methods=["POST"])
-@login_required
-def upload_site():
-    site_name = request.form.get("name")
-    subdomain = request.form.get("subdomain").strip().lower()  # normalize to lowercase
-
-    # Subdomain validation
-    if not re.match(r"^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$", subdomain):
-        flash(
-            "Invalid subdomain. Use lowercase letters, numbers, and hyphens.", "error"
-        )
-        return redirect(url_for("dashboard"))
-
-    if not site_name or not subdomain:
-        flash("Site name and URL subdomain are required", "error")
-        return redirect(url_for("dashboard"))
-
-    # Check subdomain availability
-    if Site.query.filter_by(subdomain=subdomain).first():
-        flash("This URL is already taken", "error")
-        return redirect(url_for("dashboard"))
-
-    # Check if index.html is included
-    files = request.files.getlist("files")
-    if not any(file.filename == "index.html" for file in files):
-        flash("You must include an index.html file", "error")
-        return redirect(url_for("dashboard"))
-
-    # Create site directory
-    site = Site(user_id=current_user.id, name=site_name, subdomain=subdomain)
-    db.session.add(site)
-    db.session.commit()
-
-    site_dir = os.path.join(
-        app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
-    )
-    os.makedirs(site_dir, exist_ok=True)
-
-    # Save uploaded files
-    for file in files:
-        if file.filename == "":
-            continue
-        file.save(os.path.join(site_dir, file.filename))
-
-    flash("Site created successfully!", "success")
-    return redirect(url_for("dashboard"))
-
-
-@app.route("/edit/<int:site_id>", methods=["GET", "POST"])
-@login_required
-def edit_site(site_id):
-    site = Site.query.get_or_404(site_id)
-    if site.user_id != current_user.id:
-        return "Unauthorized", 403
-
-    site_dir = os.path.join(
-        app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
-    )
-
-    if request.method == "POST":
-        site.name = request.form.get("name", site.name)
-        db.session.commit()
-
-        for filename, content in request.form.items():
-            if filename.endswith((".html", ".css", ".js")):
-                filepath = os.path.join(site_dir, filename)
-                with open(filepath, "w") as f:
-                    f.write(content)
-
-        if request.headers.get("X-Requested-With") == "XMLHttpRequest":
-            return jsonify({"success": True, "message": "Site updated successfully!"})
-
-        flash("Site updated successfully!", "success")
-        return redirect(url_for("edit_site", site_id=site.id))
-
-    files = {}
-    for file in os.listdir(site_dir):
-        with open(os.path.join(site_dir, file), "r") as f:
-            files[file] = f.read()
-
-    return render_template("edit.html", site=site, files=files)
-
-
-@app.route("/delete/<int:site_id>", methods=["POST"])
-@login_required
-def delete_site(site_id):
-    site = Site.query.get_or_404(site_id)
-    if site.user_id != current_user.id:
-        return "Unauthorized", 403
-
-    site_dir = os.path.join(
-        app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
-    )
-    if os.path.exists(site_dir):
-        shutil.rmtree(site_dir)
-
-    db.session.delete(site)
-    db.session.commit()
-    return redirect(url_for("dashboard"))
-
-
-@app.route("/delete_file/<int:site_id>/<filename>", methods=["POST"])
-@login_required
-def delete_file(site_id, filename):
-    # Get the site and verify ownership
-    site = Site.query.get_or_404(site_id)
-    if site.user_id != current_user.id:
-        return "Unauthorized", 403
-
-    # Build the file path
-    site_dir = os.path.join(
-        app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
-    )
-    file_path = os.path.join(site_dir, filename)
-
-    # Delete the file if it exists
-    if os.path.exists(file_path):
-        os.remove(file_path)
-        flash(f"File '{filename}' deleted successfully!", "success")
-    else:
-        flash(f"File '{filename}' not found!", "error")
-
-    return redirect(url_for("dashboard"))
-
-
-@app.route("/", subdomain="<subdomain>", defaults={"filename": "index.html"})
-@app.route("/<path:filename>", subdomain="<subdomain>")
-def serve_site_content(subdomain, filename):
-    if isDefaultRoute(request.host):
-        abort(404)  # Reserve default routes for main app
-
-    site = Site.query.filter_by(subdomain=subdomain).first_or_404()
-    site.last_accessed = datetime.utcnow()
-    db.session.commit()
-
-    site_dir = os.path.join(
-        app.config["UPLOAD_FOLDER"], str(site.user_id), str(site.id)
-    )
-
-    # Security checks
-    if ".." in filename or filename.startswith("/") or not os.path.exists(site_dir):
-        abort(404)
-
-    try:
-        return send_from_directory(site_dir, filename)
-    except NotFound:
-        if "." not in filename:
-            try:
-                return send_from_directory(site_dir, f"{filename}.html")
-            except NotFound:
-                return send_from_directory(site_dir, "index.html")
-        abort(404)
-
-
-def list_files(directory):
-    try:
-        return os.listdir(directory)
-    except FileNotFoundError:
-        return []
-
-
-@app.context_processor
-def inject_utilities():
-    return dict(list_files=list_files)
-
-
-@app.route("/")
-def home():
-    if not isDefaultRoute(request.host):
-        abort(404)
-    return render_template("home.html")
-
-
-if __name__ == "__main__":
-    os.makedirs(app.config["UPLOAD_FOLDER"], exist_ok=True)
-    with app.app_context():
-        db.create_all()
-        serve(app, host="0.0.0.0", port=PORT)
@@ -0,0 +1,30 @@
+from flask import Flask
+from flask_sqlalchemy import SQLAlchemy
+from flask_login import LoginManager
+from .scheduler import scheduler
+
+db = SQLAlchemy()
+login_manager = LoginManager()
+
+
+def create_app():
+    app = Flask(__name__)
+
+    # Configuration
+    app.config.from_object("app.config.Config")
+
+    # Initialize extensions
+    db.init_app(app)
+    login_manager.init_app(app)
+
+    # Initialize scheduler
+    from .scheduler import init_scheduler
+
+    init_scheduler(app)
+
+    # Register blueprints
+    from .routes import main_routes
+
+    app.register_blueprint(main_routes)
+
+    return app
@@ -0,0 +1,47 @@
+import os
+from secrets import token_hex
+
+
+def get_secret_key():
+    try:
+        with open("/app/instance/secret.key", "rb") as f:
+            return bytes.hex(f.readline())
+    except FileNotFoundError as e:
+        if not os.path.exists("/app/instance"):
+            os.mkdir("/app/instance")
+
+        with open("/app/instance/secret.key", "wb") as f:
+            newKey = token_hex(64)
+            f.write(bytearray.fromhex(newKey))
+            return newKey
+
+
+class Config:
+    SECRET_KEY = get_secret_key()
+    SQLALCHEMY_DATABASE_URI = "sqlite:////app/instance/db.sqlite"
+    UPLOAD_FOLDER = "/app/sites"
+    SERVER_NAME = "tinysite.cloud"
+    SESSION_COOKIE_DOMAIN = ".tinysite.cloud"
+    SESSION_COOKIE_NAME = "tinysite_session"
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_SAMESITE = "Lax"
+    SQLALCHEMY_ENGINE_OPTIONS = {"pool_pre_ping": True, "pool_recycle": 300}
+    PORT = 5121
+    RESERVED_SUBDOMAINS = {
+        "",
+        "www",
+        "api",
+        "admin",
+        "support",
+        "docs",
+        "blog",
+        "cdn",
+        "test",
+        "dev",
+        "staging",
+        "secure",
+        "mail",
+        "status",
+        "gateway",
+    }
@@ -0,0 +1,27 @@
+from flask import current_app
+from datetime import datetime, timedelta
+import os
+import shutil
+
+
+def delete_inactive_sites():
+    from .models import db, Site  # lazy import to avoid circular dependency
+
+    with current_app.app_context():
+        cutoff = datetime.utcnow() - timedelta(days=30)
+        sites = Site.query.filter(Site.last_accessed < cutoff).all()
+        for site in sites:
+            site_dir = os.path.join(
+                current_app.config["UPLOAD_FOLDER"], str(site.user_id), str(site.id)
+            )
+            if os.path.exists(site_dir):
+                shutil.rmtree(site_dir)
+            db.session.delete(site)
+        db.session.commit()
+
+
+def list_files(directory):
+    try:
+        return os.listdir(directory)
+    except FileNotFoundError:
+        return []
@@ -0,0 +1,25 @@
+from . import db
+from datetime import datetime
+from flask_login import UserMixin
+from werkzeug.security import generate_password_hash, check_password_hash
+
+
+class User(UserMixin, db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    email = db.Column(db.String(100), unique=True)
+    password_hash = db.Column(db.String(128))
+
+    def set_password(self, password):
+        self.password_hash = generate_password_hash(password)
+
+    def check_password(self, password):
+        return check_password_hash(self.password_hash, password)
+
+
+class Site(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer)
+    name = db.Column(db.String(100))
+    subdomain = db.Column(db.String(100), unique=True)
+    last_accessed = db.Column(db.DateTime)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
@@ -0,0 +1,293 @@
+from flask import (
+    Blueprint,
+    render_template,
+    request,
+    redirect,
+    url_for,
+    flash,
+    session,
+    send_from_directory,
+    abort,
+    jsonify,
+    current_app,
+)
+from flask_login import login_required, current_user, login_user, logout_user
+from werkzeug.exceptions import NotFound
+from datetime import datetime, timedelta
+import os
+import shutil
+from .models import db, User, Site
+from .upload import handle_upload
+from . import login_manager
+from .helpers import list_files
+from .config import Config
+
+main_routes = Blueprint("main", __name__, template_folder="templates")
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+
+@main_routes.app_context_processor
+def inject_utilities():
+    return dict(list_files=list_files)
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+
+# Context processor
+@main_routes.app_context_processor
+def inject_subdomain():
+    host = request.host
+    server_parts = current_app.config["SERVER_NAME"].split(".")
+    host_parts = host.split(".")
+
+    subdomain = None
+    if host_parts[-len(server_parts) :] == server_parts:
+        subdomain_parts = host_parts[: -len(server_parts)]
+        if subdomain_parts:
+            subdomain = ".".join(subdomain_parts)
+
+    return {
+        "SUBDOMAIN": subdomain,
+        "FULL_DOMAIN": host,
+        "SERVERNAME": current_app.config["SERVER_NAME"],
+    }
+
+
+# Route definitions
+@main_routes.route("/login", methods=["GET", "POST"])
+def login():
+    if request.method == "POST":
+        email = request.form.get("email")
+        password = request.form.get("password")
+        user = User.query.filter_by(email=email).first()
+
+        if user and user.check_password(password):
+            login_user(user)
+            session.permanent = True
+            return redirect(url_for("main.dashboard"))
+        flash("Invalid email or password")
+    return render_template("login.html")
+
+
+@main_routes.route("/logout")
+def logout():
+    logout_user()
+    return redirect(url_for("main.home"))
+
+
+@main_routes.route("/register", methods=["GET", "POST"])
+def register():
+    if request.method == "POST":
+        email = request.form.get("email")
+        password = request.form.get("password")
+
+        if User.query.filter_by(email=email).first():
+            flash("Email already exists")
+            return redirect(url_for("main.register"))
+
+        new_user = User(email=email)
+        new_user.set_password(password)
+        db.session.add(new_user)
+        db.session.commit()
+
+        login_user(new_user)
+        return redirect(url_for("main.dashboard"))
+    return render_template("register.html")
+
+
+@main_routes.route("/dashboard")
+@login_required
+def dashboard():
+    sites = Site.query.filter_by(user_id=current_user.id).all()
+    return render_template(
+        "dashboard.html",
+        sites=sites,
+        subdomain=request.host.split(".")[0],
+        hostname=current_app.config["SERVER_NAME"],
+    )
+
+
+@main_routes.route("/upload", methods=["POST"])
+@login_required
+def upload_site():
+    site_name = request.form.get("name")
+    subdomain = request.form.get("subdomain").strip().lower()
+    files = request.files.getlist("files")
+    return handle_upload(current_user, site_name, subdomain, files)
+
+
+@main_routes.route("/edit/<int:site_id>", methods=["GET", "POST"])
+@login_required
+def edit_site(site_id):
+    site = Site.query.get_or_404(site_id)
+    if site.user_id != current_user.id:
+        return "Unauthorized", 403
+
+    site_dir = os.path.join(
+        current_app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
+    )
+
+    if request.method == "POST":
+        site.name = request.form.get("name", site.name)
+        db.session.commit()
+
+        for filename, content in request.form.items():
+            if filename.endswith((".html", ".css", ".js")):
+                filepath = os.path.join(site_dir, filename)
+                with open(filepath, "w") as f:
+                    f.write(content)
+
+        if request.headers.get("X-Requested-With") == "XMLHttpRequest":
+            return jsonify({"success": True, "message": "Site updated successfully!"})
+
+        flash("Site updated successfully!", "success")
+        return redirect(url_for("main.edit_site", site_id=site.id))
+
+    files = {}
+    for file in os.listdir(site_dir):
+        with open(os.path.join(site_dir, file), "r") as f:
+            files[file] = f.read()
+
+    return render_template("edit.html", site=site, files=files)
+
+
+@main_routes.route("/delete/<int:site_id>", methods=["POST"])
+@login_required
+def delete_site(site_id):
+    site = Site.query.get_or_404(site_id)
+    if site.user_id != current_user.id:
+        return "Unauthorized", 403
+
+    site_dir = os.path.join(
+        current_app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
+    )
+    if os.path.exists(site_dir):
+        shutil.rmtree(site_dir)
+
+    db.session.delete(site)
+    db.session.commit()
+    return redirect(url_for("main.dashboard"))
+
+
+@main_routes.route("/delete_file/<int:site_id>/<filename>", methods=["POST"])
+@login_required
+def delete_file(site_id, filename):
+    site = Site.query.get_or_404(site_id)
+    if site.user_id != current_user.id:
+        return "Unauthorized", 403
+
+    site_dir = os.path.join(
+        current_app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
+    )
+    file_path = os.path.join(site_dir, filename)
+
+    if os.path.exists(file_path):
+        os.remove(file_path)
+        flash(f"File '{filename}' deleted successfully!", "success")
+    else:
+        flash(f"File '{filename}' not found!", "error")
+
+    return redirect(url_for("main.dashboard"))
+
+
+@main_routes.route(
+    "/",
+    subdomain="<subdomain>",
+    defaults={"subdomain": ""},
+)
+@main_routes.route("/<path:filename>", subdomain="<subdomain>")
+@main_routes.route("/<path:filename>")
+def serve_site_content(filename="index.html", subdomain=""):
+    if is_default_route(request.host):
+        abort(404)
+
+    # no subdomain provided via route --> extract from host header
+    if not subdomain:
+        server_parts = current_app.config["SERVER_NAME"].split('.')
+        host_parts = request.host.split('.')
+        if host_parts[-len(server_parts):] == server_parts and len(host_parts) > len(server_parts):
+            subdomain = ".".join(host_parts[:-len(server_parts)])
+        else:
+            abort(404)
+
+    site = Site.query.filter_by(subdomain=subdomain).first_or_404()
+    site.last_accessed = datetime.utcnow()
+    db.session.commit()
+
+    site_dir = os.path.join(
+        current_app.config["UPLOAD_FOLDER"], str(site.user_id), str(site.id)
+    )
+
+    if ".." in filename or filename.startswith("/") or not os.path.exists(site_dir):
+        abort(404)
+
+    try:
+        return send_from_directory(site_dir, filename)
+    except NotFound:
+        if "." not in filename:
+            try:
+                return send_from_directory(site_dir, f"{filename}.html")
+            except NotFound:
+                return send_from_directory(site_dir, "index.html")
+        abort(404)
+
+
+@main_routes.route("/")
+def home():
+    if not is_default_route(request.host):
+        abort(404)
+    return render_template("home.html")
+
+
+# Helper functions
+def is_default_route(hostname: str):
+    if hostname == current_app.config["SERVER_NAME"]:
+        return True
+
+    parts = hostname.split(".")
+    server_parts = current_app.config["SERVER_NAME"].split(".")
+
+    if parts[-len(server_parts) :] != server_parts:
+        return False
+
+    subdomain = ".".join(parts[: -len(server_parts)])
+    return (
+        any(part in Config.RESERVED_SUBDOMAINS for part in subdomain.split("."))
+        or subdomain in Config.RESERVED_SUBDOMAINS
+    )
+
+
+# Error handler (would typically be registered in current_app factory)
+@main_routes.app_errorhandler(404)
+def page_not_found(_):
+    print("404", request.host)
+    host = request.host
+    server_name = current_app.config["SERVER_NAME"]
+    server_parts = server_name.split(".")
+    host_parts = host.split(".")
+    show_domain = False
+
+    if host == server_name:
+        show_domain = True
+    else:
+        if host_parts[-len(server_parts) :] == server_parts:
+            subdomain = ".".join(host_parts[: -len(server_parts)])
+            if subdomain and subdomain not in Config.RESERVED_SUBDOMAINS:
+                if not Site.query.filter_by(subdomain=subdomain).first():
+                    show_domain = True
+
+    return (
+        render_template(
+            "404.html",
+            domain=host if show_domain else None,
+            is_main_domain=(host == server_name),
+        ),
+        404,
+    )
@@ -0,0 +1,16 @@
+# app/scheduler.py
+from flask_apscheduler import APScheduler
+from .helpers import delete_inactive_sites
+
+scheduler = APScheduler()
+
+
+def init_scheduler(app):
+    scheduler.init_app(app)
+    scheduler.start()
+    scheduler.add_job(
+        id="delete_job",
+        func=delete_inactive_sites,
+        trigger="interval",
+        days=1,
+    )
@@ -66,14 +66,14 @@

 	{% if current_user.is_authenticated %}
 	{% if domain %}
-	<a href="{{ url_for('dashboard', _external=True) }}" class="btn cta-button">
+	<a href="{{ url_for('main.dashboard', _external=True) }}" class="btn cta-button">
 		🚀 Create {{ domain.split('.')[0]|default("Site", true) }}
 	</a>
 	{% else %}
 	<div class="auth-buttons">
 		{% if is_main_domain %}
 		<p>Start your web hosting journey today!</p>
-		<a href="{{ url_for('register', _external=True) }}" class="btn cta-button">Sign Up</a>
+		<a href="{{ url_for('main.register', _external=True) }}" class="btn cta-button">Sign Up</a>
 		{% else %}
 		<p>The page you requested doesn't exist on this site.</p>
 		{% endif %}
@@ -82,8 +82,8 @@
 	{% else %}
 	<div class="auth-buttons">
 		<p>Start your web hosting journey today!</p>
-		<a href="{{ url_for('login', _external=True) }}" class="btn cta-button">Login</a>
-		<a href="{{ url_for('register', _external=True) }}" class="btn cta-button">Sign Up</a>
+		<a href="{{ url_for('main.login', _external=True) }}" class="btn cta-button">Login</a>
+		<a href="{{ url_for('main.register', _external=True) }}" class="btn cta-button">Sign Up</a>
 	</div>
 	{% endif %}

@@ -52,13 +52,13 @@
 <body>
 	<nav class="navbar">
 		<div class="container">
-			<a href="{{ url_for('home', _external=True) }}">Home</a>
+			<a href="{{ url_for('main.home', _external=True) }}">Home</a>
 			{% if current_user.is_authenticated %}
-			<a href="{{ url_for('dashboard', _external=True) }}">Dashboard</a>
-			<a href="{{ url_for('logout', _external=True) }}">Logout</a>
+			<a href="{{ url_for('main.dashboard', _external=True) }}">Dashboard</a>
+			<a href="{{ url_for('main.logout', _external=True) }}">Logout</a>
 			{% else %}
-			<a href="{{ url_for('login', _external=True) }}">Login</a>
-			<a href="{{ url_for('register', _external=True) }}">Register</a>
+			<a href="{{ url_for('main.login', _external=True) }}">Login</a>
+			<a href="{{ url_for('main.register', _external=True) }}">Register</a>
 			{% endif %}
 			<button id="theme-toggle" class="btn">Toggle Dark Mode</button>
 		</div>
@@ -6,7 +6,7 @@
 <h2>Your Sites</h2>

 <h3>Create New Site</h3>
-<form method="POST" action="{{ url_for('upload_site') }}" enctype="multipart/form-data">
+<form method="POST" action="{{ url_for('main.upload_site') }}" enctype="multipart/form-data">
 	<div class="form-group">
 		<label>Site Name:</label>
 		<input type="text" name="name" required>
@@ -59,7 +59,7 @@
 						class="file-icon {{ 'html' if file.endswith('.html') else 'css' if file.endswith('.css') else 'js' }}">
 					</div>
 					<span class="file-name">{{ file }}</span>
-					<form method="POST" action="{{ url_for('delete_file', site_id=site.id, filename=file) }}"
+					<form method="POST" action="{{ url_for('main.delete_file', site_id=site.id, filename=file) }}"
 						style="display: inline;">
 						<button type="submit" class="file-close">&times;</button>
 					</form>
@@ -70,11 +70,11 @@

 		<!-- Site Actions -->
 		<div class="site-actions">
-			<a href="{{ url_for('edit_site', site_id=site.id) }}" class="btn">Edit</a>
-			<a href="{{ url_for('serve_site_content', filename='index.html', _external=True, subdomain=site.subdomain) }}">Visit
+			<a href="{{ url_for('main.edit_site', site_id=site.id) }}" class="btn">Edit</a>
+			<a href="{{ url_for('main.serve_site_content', filename='index.html', _external=True, subdomain=site.subdomain) }}">Visit
 				{{ site.name }}
 			</a>
-			<form method="POST" action="{{ url_for('delete_site', site_id=site.id) }}" style="display: inline;">
+			<form method="POST" action="{{ url_for('main.delete_site', site_id=site.id) }}" style="display: inline;">
 				<button type="submit" class="btn btn-danger">Delete Site</button>
 			</form>
 		</div>
@@ -4,7 +4,7 @@

 {% block content %}
 <h2>Edit {{ site.name }}</h2>
-<a href="{{ url_for('serve_site_content', subdomain=site.subdomain) }}" class="btn" target="_blank">View Site</a>
+<a href="{{ url_for('main.serve_site_content', subdomain=site.subdomain) }}" class="btn" target="_blank">View Site</a>

 <div style="margin-bottom: 30px;"></div>

@@ -103,7 +103,7 @@
 	<div class="cta-section">
 		<h2>Get Started Now</h2>
 		<p>No signup required. Upload your first site and go live instantly!</p>
-		<a href="{{ url_for('dashboard') }}" class="btn">Upload Your Site</a>
+		<a href="{{ url_for('main.dashboard') }}" class="btn">Upload Your Site</a>
 	</div>
 </div>

@@ -4,7 +4,7 @@

 {% block content %}
 <h2>Login</h2>
-<form method="POST" action="{{ url_for('login') }}">
+<form method="POST" action="{{ url_for('main.login') }}">
 	<div class="form-group">
 		<label>Email:</label>
 		<input type="email" name="email" required>
@@ -4,7 +4,7 @@

 {% block content %}
 <h2>Register</h2>
-<form method="POST" action="{{ url_for('register') }}">
+<form method="POST" action="{{ url_for('main.register') }}">
 	<div class="form-group">
 		<label>Email:</label>
 		<input type="email" name="email" required>
@@ -0,0 +1,112 @@
+# upload_handler.py
+from flask import flash, redirect, url_for, current_app
+import os
+import re
+from .config import Config
+from .models import Site
+from . import db
+
+# Constants
+MAX_FILE_SIZE = 5 * 1024 * 1024  # 5MB per file
+MAX_TOTAL_STORAGE = 100 * 1024 * 1024  # 100MB per user
+ALLOWED_EXTENSIONS = {
+    "html",
+    "css",
+    "js",
+    "png",
+    "jpg",
+    "jpeg",
+    "gif",
+    "svg",
+    "ico",
+    "webp",
+    "txt",
+    "pdf",
+}
+MAX_FILES_PER_UPLOAD = 50
+
+
+def get_user_storage(user_id):
+    total_size = 0
+    user_dir = os.path.join(current_app.config["UPLOAD_FOLDER"], str(user_id))
+    if os.path.exists(user_dir):
+        for site_dir in os.listdir(user_dir):
+            site_path = os.path.join(user_dir, site_dir)
+            if os.path.isdir(site_path):
+                for root, _, files in os.walk(site_path):
+                    for f in files:
+                        fp = os.path.join(root, f)
+                        total_size += os.path.getsize(fp)
+    return total_size
+
+
+def handle_upload(current_user, site_name, subdomain, files):
+    # Validation checks
+    if not re.match(r"^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$", subdomain):
+        flash("Invalid subdomain format", "error")
+        return redirect(url_for("main.dashboard"))
+
+    if not site_name or not subdomain:
+        flash("Name and subdomain required", "error")
+        return redirect(url_for("main.dashboard"))
+
+    if Site.query.filter_by(subdomain=subdomain).first():
+        flash("Subdomain taken", "error")
+        return redirect(url_for("main.dashboard"))
+
+    if len(files) > MAX_FILES_PER_UPLOAD:
+        flash(f"Max {MAX_FILES_PER_UPLOAD} files per upload", "error")
+        return redirect(url_for("main.dashboard"))
+
+    for file in files:
+        if "." not in file.filename:
+            flash(f"File {file.filename} has no extension", "error")
+            return redirect(url_for("main.dashboard"))
+        ext = file.filename.rsplit(".", 1)[1].lower()
+        if ext not in ALLOWED_EXTENSIONS:
+            flash(f".{ext} files not allowed", "error")
+            return redirect(url_for("main.dashboard"))
+
+    total_new_size = 0
+    for file in files:
+        file.stream.seek(0, os.SEEK_END)
+        size = file.stream.tell()
+        file.stream.seek(0)
+        if size > MAX_FILE_SIZE:
+            flash(f"{file.filename} exceeds {MAX_FILE_SIZE//1024//1024}MB", "error")
+            return redirect(url_for("main.dashboard"))
+        total_new_size += size
+
+    current_storage = get_user_storage(current_user.id)
+    if current_storage + total_new_size > MAX_TOTAL_STORAGE:
+        flash(f"Storage limit ({MAX_TOTAL_STORAGE//1024//1024}MB) exceeded", "error")
+        return redirect(url_for("main.dashboard"))
+
+    if not any(f.filename == "index.html" for f in files):
+        flash("Missing index.html", "error")
+        return redirect(url_for("main.dashboard"))
+
+    # Create site
+    site = Site(user_id=current_user.id, name=site_name, subdomain=subdomain)
+    db.session.add(site)
+    db.session.commit()
+
+    # Save files
+    site_dir = os.path.join(
+        current_app.config["UPLOAD_FOLDER"], str(current_user.id), str(site.id)
+    )
+    os.makedirs(site_dir, exist_ok=True)
+
+    try:
+        for file in files:
+            if file.filename:
+                file.save(os.path.join(site_dir, file.filename))
+    except Exception as e:
+        db.session.delete(site)
+        db.session.commit()
+        flash("Upload failed", "error")
+        return redirect(url_for("main.dashboard"))
+
+    flash("Site created!", "success")
+    return redirect(url_for("main.dashboard"))
+
@@ -7,7 +7,7 @@ services:
      - static
    volumes:
      - instance:/app/instance
-      - ./sites:/app/sites
+      - sites:/app/sites
    environment:
      - FLASK_ENV=production

@@ -16,3 +16,4 @@ networks:

 volumes:
  instance:
+  sites:
@@ -0,0 +1,11 @@
+from waitress import serve
+import os
+from app import create_app, db, config
+
+app = create_app()
+
+if __name__ == "__main__":
+    os.makedirs(app.config["UPLOAD_FOLDER"], exist_ok=True)
+    with app.app_context():
+        db.create_all()
+        serve(app, host="0.0.0.0", port=config.Config.PORT)