A security-focused full-stack web application built with Flask for managing blood donations and blood requests.
The platform allows users to submit donation and request operations while administrators validate and manage the complete workflow through a dedicated admin dashboard.
- Secure authentication system
- Email verification
- Password reset via timed tokens
- Blood donation and request management
- Eligibility tracking system
- Optional email notifications
- Personal statistics dashboard
- Profile management
- Donation/request approval workflow
- User ban/reactivation system
- CSV export tools
- Database cleanup utilities
- Administrative analytics dashboard
- Users create blood donations or blood requests
- All operations start in a
Pendingstate - Administrators validate and complete operations
- Approved donations become searchable
- Automated notifications update users during the workflow
The application follows a service-layer architecture:
Routes β Services β Models β Database
Core backend logic is isolated inside dedicated service classes for maintainability and scalability.
The project was developed with a security-oriented mindset and includes protections against common web attacks.
Implemented protections include:
- Password hashing with bcrypt
- CSRF protection
- Rate limiting
- RBAC authorization
- Timed email tokens
- Secure session handling
- SQL injection prevention
- Input validation
- Business logic abuse prevention
See:
- SECURITY.md
- ROADMAP.md
pytest- Python 3.11+
- Mailpit
- pip
git clone <repository-url>
cd Blood-Connect
python -m venv .venv
# Windows
.\.venv\Scripts\Activate.ps1
# Linux/macOS
source .venv/bin/activate
pip install -r requirements.txtCreate a .env file:
SECRET_KEY=your_secret_key
PYTHONPATH=.python create_admin.py
python seed_data.pymailpitSMTP:
localhost:1025
Web UI:
http://localhost:8025
flask --app run.py runBlood-Connect/
β
βββ app/
β βββ admin/
β β βββ routes.py
β β
β βββ auth/
β β βββ routes.py
β β
β βββ blood_operations/
β β βββ routes.py
β β
β βββ config/
β β βββ rules.py
β β
β βββ main/
β β βββ routes.py
β β
β βββ services/
β β βββ admin_service.py
β β βββ auth_service.py
β β βββ blood_service.py
β β βββ email_service.py
β β βββ main_service.py
β β
β βββ static/
β β
β βββ templates/
β βββ __init__.py
β βββ extensions.py
β βββ forms.py
β βββ models.py
β βββ security.py
β βββ time_limit.py
β
βββ instance/
β βββ BloodConnect.db
β
βββ tests/
β βββ conftest.py
β βββ test_admin_service.py
β βββ test_auth_service.py
β βββ test_blood_service.py
β βββ test_main_service.py
β
βββ .env
βββ config.py
βββ create_admin.py
βββ create_db.py
βββ README.md
βββ requirements.txt
βββ run.py
βββ seed_data.py
- Flask
- SQLAlchemy
- Flask-Login
- Flask-WTF
- Flask-Mail
- Flask-Limiter
- HTML5
- Bootstrap 5
- Jinja2
- SQLite (Local Development)
- PostgreSQL (Production)
- Render - Cloud hosting platform for the web application
- Neon - Serverless PostgreSQL database for production data
- Brevo - Transactional email service (SMTP) for automated notifications
Portfolio project focused on:
- Secure Flask backend development
- Authentication systems
- RBAC authorization
- Web application architecture
- Security-oriented backend engineering
This project is licensed under the MIT License.