add login page

2023-04-13 11:52:51 +02:00 · 2023-04-13 11:52:51 +02:00 · f102a7f554
commit f102a7f554
parent 970115b947
4 changed files with 189 additions and 22 deletions
--- a/app.py
+++ b/app.py
@ -1,4 +1,4 @@
-from flask import Flask, send_file, jsonify, request
+from flask import Flask, flash, make_response, redirect, send_file, jsonify, request, render_template, url_for
 import db
 import os
 from werkzeug.utils import secure_filename
@ -15,6 +15,30 @@ def ssh_thread_function():
 ssh_thread = threading.Thread(target=ssh_thread_function)
 ssh_thread.start()
@app.route('/')
 def main():
    auth_token = request.cookies.get('auth_token')
    if auth_token != "" and auth_token is not None:
        if db.get_user_bytoken(auth_token) is None:
            return render_template('template/login.html')
    return render_template('template/index.html')
@app.route('/api/login', methods=['POST'])
 def login_post():
    username = request.form['username']
    password = request.form['password']
    auth_token = db.login()
    if auth_token is None:
        flash('Nieprawidłowa nazwa użytkownika lub hasło.', 'error')
        return redirect(url_for('login'))
    response = make_response(render_template('template/index.html'))
    response.set_cookie('auth_token', auth_token)
    return response
@app.route("/api/addimage", methods=['POST'])
 def add_image():
    db.Connect()
@ -51,19 +75,14 @@ def add_image():
        else:
            filename = "1"+filename
    file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
-    
+    db.add_conf_image(filename, token)
    db.AddVPNImage(filename, token)
    return jsonify(message="ok")
-@app.route("/api/getvpn")
+@app.route("/api/getconf")
 def get_image():
-    try:
+    filename = db.get_conf_image(request.headers['token'])
        filename = db.GetVPNImage(request.headers['token'])[0]
        print(filename)
    except:
        filename = "default.squashfs"
    if filename is None or filename == "":
        filename = "default.squashfs"
--- a/db.py
+++ b/db.py
@ -1,7 +1,8 @@
 import psycopg2
 import config
 import utils
-def Connect():
+def connect():
    global cur, conn
    try:
        conn = psycopg2.connect(database=config.database,
@ -21,31 +22,107 @@ def Connect():
                image_name VARCHAR(255) NOT NULL,
                token VARCHAR(255) NOT NULL,
                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-            )
+            );""")
-        """)
+        cur.execute("""
            CREATE TABLE IF NOT EXISTS users (
                id SERIAL PRIMARY KEY,
                username VARCHAR(50) UNIQUE NOT NULL,
                password VARCHAR(256) NOT NULL,
                created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
            );""")
        cur.execute("""
            CREATE TABLE auth_tokens (
                id SERIAL PRIMARY KEY,
                user_id INTEGER NOT NULL REFERENCES users(id),
                token VARCHAR(64) NOT NULL,
                created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP 
                expires_on TIMESTAMP NOT NULL
            );""")
        conn.commit()
-def GetCur():
+def get_cur():
    return conn.cursor()
-def GetConn():
+def get_conn():
    return conn
-def AddVPNImage(name, token):
+def add_conf_image(name, token):
-    Connect()
+    connect()
-    with GetCur() as cur:
+    with get_cur() as cur:
        cur.execute("""
            INSERT INTO vpn (image_name, token)
            VALUES (%s, %s)
        """,(name, token,))
        conn.commit()
-def GetVPNImage(token):
+def get_conf_image(token):
-    Connect()
+    connect()
-    with GetCur() as cur:
+    with get_cur() as cur:
        cur.execute("""
            SELECT image_name FROM vpn WHERE token = %s
        """,(token,))
-        return cur.fetchone()
+        try:
            return cur.fetchone()[0]
        except:
            return None
 def add_user(username, password):
    connect()
    with get_cur() as cur:
        cur.execute("""
            INSERT INTO users (username, password)
            VALUES (%s, %s)
        """,(username, utils.hash_password(password),))
        conn.commit()
 def get_user(username, password):
    connect()
    with get_cur() as cur:
        cur.execute("""
            SELECT id FROM users WHERE username = %s AND password = %s
        """,(username, utils.hash_password(password),))
        try:
            return cur.fetchone()[0]
        except:
            return None
 def get_user_byid(id):
    connect()
    with get_cur() as cur:
        cur.execute("""
            SELECT id FROM users WHERE id = %s
        """,(id,))
        try:
            return cur.fetchone()[0]
        except:
            return None
 def get_user_bytoken(token):
    connect()
    with get_cur() as cur:
        cur.execute("""
            SELECT user_id FROM auth_tokens WHERE token = %s 
        """,(token,))
        try:
            return cur.fetchone()[0]
        except:
            return None
 def add_auth_token(user_id):
    token = utils.generate_auth_token()
    connect()
    with get_cur() as cur:
        cur.execute("""
            INSERT INTO auth_tokens (user_id, token)
            VALUES (%s, %s)
        """,(user_id,token,))
        conn.commit()
    return token
 def login(username, password):
    user_id = get_user(username, password)
    if user_id is not None:
        return add_auth_token(user_id)
    else:
        return None
--- a/template/login.html
+++ b/template/login.html
@ -0,0 +1,63 @@
 <!DOCTYPE html>
 <html>
  <head>
    <meta charset="UTF-8">
    <title>Strona logowania</title>
    <style>
      body {
        background-color: #F2F2F2;
        font-family: Arial, sans-serif;
      }
      #login-box {
        background-color: #FFFFFF;
        border-radius: 10px;
        padding: 20px;
        width: 400px;
        margin: 0 auto;
        margin-top: 100px;
        box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
      }
      h1 {
        text-align: center;
        font-size: 28px;
        margin-top: 0;
      }
      input[type=text], input[type=password] {
        width: 100%;
        padding: 10px;
        margin-bottom: 20px;
        border: none;
        border-radius: 5px;
        background-color: #F2F2F2;
        box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.1);
        font-size: 16px;
      }
      input[type=submit] {
        background-color: #4CAF50;
        color: white;
        border: none;
        border-radius: 5px;
        padding: 10px;
        font-size: 16px;
        cursor: pointer;
      }
      input[type=submit]:hover {
        background-color: #3e8e41;
      }
    </style>
  </head>
  <body>
    <div id="login-box">
      <h1>Logowanie</h1>
      <form>
        <label for="username">Nazwa użytkownika:</label>
        <input type="text" id="username" name="username" placeholder="Wprowadź nazwę użytkownika">
        <label for="password">Hasło:</label>
        <input type="password" id="password" name="password" placeholder="Wprowadź hasło">
        <input type="submit" value="Zaloguj się">
      </form>
    </div>
  </body>
 </html>
--- a/utils.py
+++ b/utils.py
@ -0,0 +1,8 @@
 import hashlib
 import secrets
 def hash_password(password):
    return hashlib.sha512(password.encode('utf-8')).hexdigest()
 def generate_auth_token():
    return secrets.token_urlsafe(32)