Skip to content

Ha-Mundo/Blood-Connect

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

315 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

🩸 Blood Connect

A security-focused full-stack web application built with Flask for managing blood donations and blood requests.

The platform allows users to submit donation and request operations while administrators validate and manage the complete workflow through a dedicated admin dashboard.

✨ Features

πŸ‘€ User Features

  • Secure authentication system
  • Email verification
  • Password reset via timed tokens
  • Blood donation and request management
  • Eligibility tracking system
  • Optional email notifications
  • Personal statistics dashboard
  • Profile management

πŸ‘‘ Admin Features

  • Donation/request approval workflow
  • User ban/reactivation system
  • CSV export tools
  • Database cleanup utilities
  • Administrative analytics dashboard

πŸ”„ Core Workflow

  • Users create blood donations or blood requests
  • All operations start in a Pending state
  • Administrators validate and complete operations
  • Approved donations become searchable
  • Automated notifications update users during the workflow

🧱 Architecture

The application follows a service-layer architecture:

Routes β†’ Services β†’ Models β†’ Database

Core backend logic is isolated inside dedicated service classes for maintainability and scalability.

πŸ” Security

The project was developed with a security-oriented mindset and includes protections against common web attacks.

Implemented protections include:

  • Password hashing with bcrypt
  • CSRF protection
  • Rate limiting
  • RBAC authorization
  • Timed email tokens
  • Secure session handling
  • SQL injection prevention
  • Input validation
  • Business logic abuse prevention

See:

  • SECURITY.md
  • ROADMAP.md

πŸ§ͺ Running Tests

pytest

πŸš€ Quick Local Setup

Requirements

  • Python 3.11+
  • Mailpit
  • pip

Installation

git clone <repository-url>
cd Blood-Connect

python -m venv .venv

# Windows
.\.venv\Scripts\Activate.ps1

# Linux/macOS
source .venv/bin/activate

pip install -r requirements.txt

Environment Variables

Create a .env file:

SECRET_KEY=your_secret_key
PYTHONPATH=.

Initialize Database

python create_admin.py
python seed_data.py

Start Mailpit

mailpit

SMTP:

localhost:1025

Web UI:

http://localhost:8025

Run Application

flask --app run.py run

πŸ“‚ Project Structure

Blood-Connect/
β”‚
β”œβ”€β”€ app/
β”‚   β”œβ”€β”€ admin/
β”‚   β”‚   └── routes.py
β”‚   β”‚
β”‚   β”œβ”€β”€ auth/
β”‚   β”‚   └── routes.py
β”‚   β”‚
β”‚   β”œβ”€β”€ blood_operations/
β”‚   β”‚   └── routes.py
β”‚   β”‚
β”‚   β”œβ”€β”€ config/
β”‚   β”‚   └── rules.py
β”‚   β”‚
β”‚   β”œβ”€β”€ main/
β”‚   β”‚   └── routes.py
β”‚   β”‚
β”‚   β”œβ”€β”€ services/
β”‚   β”‚   β”œβ”€β”€ admin_service.py
β”‚   β”‚   β”œβ”€β”€ auth_service.py
β”‚   β”‚   β”œβ”€β”€ blood_service.py
β”‚   β”‚   β”œβ”€β”€ email_service.py
β”‚   β”‚   └── main_service.py
β”‚   β”‚
β”‚   β”œβ”€β”€ static/
β”‚   β”‚
β”‚   β”œβ”€β”€ templates/
β”‚   β”œβ”€β”€ __init__.py
β”‚   β”œβ”€β”€ extensions.py
β”‚   β”œβ”€β”€ forms.py
β”‚   β”œβ”€β”€ models.py
β”‚   β”œβ”€β”€ security.py
β”‚   └── time_limit.py
β”‚
β”œβ”€β”€ instance/
β”‚   └── BloodConnect.db
β”‚   
β”œβ”€β”€ tests/
β”‚   β”œβ”€β”€ conftest.py
β”‚   β”œβ”€β”€ test_admin_service.py
β”‚   β”œβ”€β”€ test_auth_service.py
β”‚   β”œβ”€β”€ test_blood_service.py
β”‚   └── test_main_service.py
β”‚   
β”œβ”€β”€ .env
β”œβ”€β”€ config.py
β”œβ”€β”€ create_admin.py
β”œβ”€β”€ create_db.py
β”œβ”€β”€ README.md
β”œβ”€β”€ requirements.txt
β”œβ”€β”€ run.py
└── seed_data.py

🧠 Tech Stack

Backend

  • Flask
  • SQLAlchemy
  • Flask-Login
  • Flask-WTF
  • Flask-Mail
  • Flask-Limiter

Frontend

  • HTML5
  • Bootstrap 5
  • Jinja2

Database

  • SQLite (Local Development)
  • PostgreSQL (Production)

Infrastructure & Deployment

  • Render - Cloud hosting platform for the web application
  • Neon - Serverless PostgreSQL database for production data
  • Brevo - Transactional email service (SMTP) for automated notifications

πŸ‘¨β€πŸ’» Author

Portfolio project focused on:

  • Secure Flask backend development
  • Authentication systems
  • RBAC authorization
  • Web application architecture
  • Security-oriented backend engineering

βš–οΈ License

This project is licensed under the MIT License.

About

A security-first full-stack Flask application for managing blood donations and requests. Powered by Neon PostgreSQL and Brevo SMTP, featuring decoupled MVC service layers, robust RBAC, multi-tier rate limiting, and defensive OWASP Top 10 mitigations.

Topics

Resources

Security policy

Stars

0 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors