diff options
| author | altaf-creator <dev@altafcreator.com> | 2026-01-21 18:44:43 +0800 |
|---|---|---|
| committer | altaf-creator <dev@altafcreator.com> | 2026-01-21 18:44:43 +0800 |
| commit | ba5110a61319b8a1cda213f8341b7443faf8eaab (patch) | |
| tree | 1cbbbb822a4d3099ccb1fe1b20590a5483ce08db /backend/main.py | |
| parent | 1ea49d7ed8a59a9a0b995eca9ea5d8574b0e0d95 (diff) | |
password auth done
Diffstat (limited to 'backend/main.py')
| -rw-r--r-- | backend/main.py | 47 |
1 files changed, 44 insertions, 3 deletions
diff --git a/backend/main.py b/backend/main.py index 77c84b0..cf3edb5 100644 --- a/backend/main.py +++ b/backend/main.py @@ -31,6 +31,7 @@ scheduler.start() origins = [ "http://localhost", + "http://localhost:8081", "http://localhost:998", "http://localhost:5173", "http://127.0.0.1", @@ -60,6 +61,13 @@ CREATE TABLE IF NOT EXISTS timers ( subscription_id TEXT NOT NULL );""") # block is either 1 or 2, machine (1-4), odd is dryer, even is machine. +cursor.execute(""" +CREATE TABLE IF NOT EXISTS admin_cookies ( + cookie VARCHAR(64) PRIMARY KEY +); +""") + +cursor.execute("DELETE FROM admin_cookies;") class RowIndices(IntEnum): TIMER_ID = 0, @@ -477,6 +485,12 @@ def notif_subscribe(data: notif.PushSubscriptionData, response: fastapi.Response # #### ADMIN PANEL API END POINTS #### +# ## ADMIN PANEL SCHEDULER METHODS ## + + +def delete_cookie_scheduler(cookie): + pass + # --- admin login @app.post("/admin_login", response_class=PlainTextResponse) @@ -484,15 +498,42 @@ def admin_login(data: PlaintextPasswordData, response: fastapi.Response): print(data.password) pwd = data.password.encode('utf-8') - stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH") + stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH").encode('utf-8') if bcrypt.checkpw(pwd, stored_hash_pwd): response.status_code = fastapi.status.HTTP_202_ACCEPTED - return "Authenticated!!!11" + + auth_cookie_str = secrets.token_hex(32) + AUTH_MAX_AGE = 60 * 10 # 10 minutes + response.set_cookie(key="admin_auth", value=auth_cookie_str, secure=True, max_age=AUTH_MAX_AGE) + cursor.execute("""INSERT INTO admin_cookies (cookie) VALUES (?);""", (auth_cookie_str,)) + conn.commit() + cursor.execute("SELECT * FROM admin_cookies") + print(cursor.fetchall()) + + now = datetime.datetime.now(ZoneInfo(TZ)) + end_date = now + datetime.timedelta(seconds=(AUTH_MAX_AGE)) + scheduler.add_job(delete_cookie_scheduler, 'date', run_date=end_date, args=[auth_cookie_str]) + + return "hi admin you are Authenticated!!!11" response.status_code = fastapi.status.HTTP_403_FORBIDDEN - return data.password + return "Forbidden." + +# --- admin auth check +@app.post("/admin_check", response_class=PlainTextResponse) +def admin_check(response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + print("admin check request, ", admin_auth) + cursor.execute("SELECT * FROM admin_cookies WHERE cookie = ?", (admin_auth,)) + rows = cursor.fetchall() + + if len(rows) > 0: + response.status_code = fastapi.status.HTTP_202_ACCEPTED + return "Authorised." + else: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "Get out." # --- override each machine status @app.post("/override_status", response_class=PlainTextResponse) |