add login page

This commit is contained in:
Mateusz779 2023-04-13 11:52:51 +02:00
parent 970115b947
commit f102a7f554
4 changed files with 189 additions and 22 deletions

37
app.py
View File

@ -1,4 +1,4 @@
from flask import Flask, send_file, jsonify, request from flask import Flask, flash, make_response, redirect, send_file, jsonify, request, render_template, url_for
import db import db
import os import os
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
@ -15,6 +15,30 @@ def ssh_thread_function():
ssh_thread = threading.Thread(target=ssh_thread_function) ssh_thread = threading.Thread(target=ssh_thread_function)
ssh_thread.start() ssh_thread.start()
@app.route('/')
def main():
auth_token = request.cookies.get('auth_token')
if auth_token != "" and auth_token is not None:
if db.get_user_bytoken(auth_token) is None:
return render_template('template/login.html')
return render_template('template/index.html')
@app.route('/api/login', methods=['POST'])
def login_post():
username = request.form['username']
password = request.form['password']
auth_token = db.login()
if auth_token is None:
flash('Nieprawidłowa nazwa użytkownika lub hasło.', 'error')
return redirect(url_for('login'))
response = make_response(render_template('template/index.html'))
response.set_cookie('auth_token', auth_token)
return response
@app.route("/api/addimage", methods=['POST']) @app.route("/api/addimage", methods=['POST'])
def add_image(): def add_image():
db.Connect() db.Connect()
@ -51,19 +75,14 @@ def add_image():
else: else:
filename = "1"+filename filename = "1"+filename
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
db.add_conf_image(filename, token)
db.AddVPNImage(filename, token)
return jsonify(message="ok") return jsonify(message="ok")
@app.route("/api/getvpn") @app.route("/api/getconf")
def get_image(): def get_image():
try: filename = db.get_conf_image(request.headers['token'])
filename = db.GetVPNImage(request.headers['token'])[0]
print(filename)
except:
filename = "default.squashfs"
if filename is None or filename == "": if filename is None or filename == "":
filename = "default.squashfs" filename = "default.squashfs"

101
db.py
View File

@ -1,7 +1,8 @@
import psycopg2 import psycopg2
import config import config
import utils
def Connect(): def connect():
global cur, conn global cur, conn
try: try:
conn = psycopg2.connect(database=config.database, conn = psycopg2.connect(database=config.database,
@ -21,31 +22,107 @@ def Connect():
image_name VARCHAR(255) NOT NULL, image_name VARCHAR(255) NOT NULL,
token VARCHAR(255) NOT NULL, token VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) );""")
""") cur.execute("""
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
username VARCHAR(50) UNIQUE NOT NULL,
password VARCHAR(256) NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
);""")
cur.execute("""
CREATE TABLE auth_tokens (
id SERIAL PRIMARY KEY,
user_id INTEGER NOT NULL REFERENCES users(id),
token VARCHAR(64) NOT NULL,
created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
expires_on TIMESTAMP NOT NULL
);""")
conn.commit() conn.commit()
def GetCur(): def get_cur():
return conn.cursor() return conn.cursor()
def GetConn(): def get_conn():
return conn return conn
def AddVPNImage(name, token): def add_conf_image(name, token):
Connect() connect()
with GetCur() as cur: with get_cur() as cur:
cur.execute(""" cur.execute("""
INSERT INTO vpn (image_name, token) INSERT INTO vpn (image_name, token)
VALUES (%s, %s) VALUES (%s, %s)
""",(name, token,)) """,(name, token,))
conn.commit() conn.commit()
def GetVPNImage(token): def get_conf_image(token):
Connect() connect()
with GetCur() as cur: with get_cur() as cur:
cur.execute(""" cur.execute("""
SELECT image_name FROM vpn WHERE token = %s SELECT image_name FROM vpn WHERE token = %s
""",(token,)) """,(token,))
return cur.fetchone() try:
return cur.fetchone()[0]
except:
return None
def add_user(username, password):
connect()
with get_cur() as cur:
cur.execute("""
INSERT INTO users (username, password)
VALUES (%s, %s)
""",(username, utils.hash_password(password),))
conn.commit()
def get_user(username, password):
connect()
with get_cur() as cur:
cur.execute("""
SELECT id FROM users WHERE username = %s AND password = %s
""",(username, utils.hash_password(password),))
try:
return cur.fetchone()[0]
except:
return None
def get_user_byid(id):
connect()
with get_cur() as cur:
cur.execute("""
SELECT id FROM users WHERE id = %s
""",(id,))
try:
return cur.fetchone()[0]
except:
return None
def get_user_bytoken(token):
connect()
with get_cur() as cur:
cur.execute("""
SELECT user_id FROM auth_tokens WHERE token = %s
""",(token,))
try:
return cur.fetchone()[0]
except:
return None
def add_auth_token(user_id):
token = utils.generate_auth_token()
connect()
with get_cur() as cur:
cur.execute("""
INSERT INTO auth_tokens (user_id, token)
VALUES (%s, %s)
""",(user_id,token,))
conn.commit()
return token
def login(username, password):
user_id = get_user(username, password)
if user_id is not None:
return add_auth_token(user_id)
else:
return None

63
template/login.html Normal file
View File

@ -0,0 +1,63 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Strona logowania</title>
<style>
body {
background-color: #F2F2F2;
font-family: Arial, sans-serif;
}
#login-box {
background-color: #FFFFFF;
border-radius: 10px;
padding: 20px;
width: 400px;
margin: 0 auto;
margin-top: 100px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);
}
h1 {
text-align: center;
font-size: 28px;
margin-top: 0;
}
input[type=text], input[type=password] {
width: 100%;
padding: 10px;
margin-bottom: 20px;
border: none;
border-radius: 5px;
background-color: #F2F2F2;
box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.1);
font-size: 16px;
}
input[type=submit] {
background-color: #4CAF50;
color: white;
border: none;
border-radius: 5px;
padding: 10px;
font-size: 16px;
cursor: pointer;
}
input[type=submit]:hover {
background-color: #3e8e41;
}
</style>
</head>
<body>
<div id="login-box">
<h1>Logowanie</h1>
<form>
<label for="username">Nazwa użytkownika:</label>
<input type="text" id="username" name="username" placeholder="Wprowadź nazwę użytkownika">
<label for="password">Hasło:</label>
<input type="password" id="password" name="password" placeholder="Wprowadź hasło">
<input type="submit" value="Zaloguj się">
</form>
</div>
</body>
</html>

8
utils.py Normal file
View File

@ -0,0 +1,8 @@
import hashlib
import secrets
def hash_password(password):
return hashlib.sha512(password.encode('utf-8')).hexdigest()
def generate_auth_token():
return secrets.token_urlsafe(32)