diff options
Diffstat (limited to 'backend/main.py')
| -rw-r--r-- | backend/main.py | 55 |
1 files changed, 49 insertions, 6 deletions
diff --git a/backend/main.py b/backend/main.py index cf3edb5..e242389 100644 --- a/backend/main.py +++ b/backend/main.py @@ -135,7 +135,7 @@ class FinishRequestData(BaseModel): class OverrideMachineData(BaseModel): block: int machine_id: int - status: int # according to class Status + disabled: bool class Status(Enum): @@ -492,6 +492,13 @@ def delete_cookie_scheduler(cookie): pass +def authenticate_admin_check(cookie): + cursor.execute("SELECT * FROM admin_cookies WHERE cookie = ?", (cookie,)) + rows = cursor.fetchall() + + return len(rows) > 0 + + # --- admin login @app.post("/admin_login", response_class=PlainTextResponse) def admin_login(data: PlaintextPasswordData, response: fastapi.Response): @@ -505,7 +512,7 @@ def admin_login(data: PlaintextPasswordData, response: fastapi.Response): auth_cookie_str = secrets.token_hex(32) AUTH_MAX_AGE = 60 * 10 # 10 minutes - response.set_cookie(key="admin_auth", value=auth_cookie_str, secure=True, max_age=AUTH_MAX_AGE) + response.set_cookie(key="admin_auth", value=auth_cookie_str, secure=True, max_age=AUTH_MAX_AGE, domain="backend.laundryweb.altafcreator.com", samesite="none") cursor.execute("""INSERT INTO admin_cookies (cookie) VALUES (?);""", (auth_cookie_str,)) conn.commit() cursor.execute("SELECT * FROM admin_cookies") @@ -525,16 +532,15 @@ def admin_login(data: PlaintextPasswordData, response: fastapi.Response): @app.post("/admin_check", response_class=PlainTextResponse) def admin_check(response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): print("admin check request, ", admin_auth) - cursor.execute("SELECT * FROM admin_cookies WHERE cookie = ?", (admin_auth,)) - rows = cursor.fetchall() - if len(rows) > 0: + if authenticate_admin_check(admin_auth): response.status_code = fastapi.status.HTTP_202_ACCEPTED return "Authorised." else: response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED return "Get out." + # --- override each machine status @app.post("/override_status", response_class=PlainTextResponse) def override_status(data: OverrideMachineData, response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): @@ -542,6 +548,26 @@ def override_status(data: OverrideMachineData, response: fastapi.Response, admin response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED return "Unauthorised." + if authenticate_admin_check(admin_auth): + if (data.disabled): + machine_status[data.block - 1][data.machine_id - 1] = Status.OUTOFSERVICE.name + else: + cursor.execute("SELECT * FROM timers WHERE ((block = ?) AND (machine = ?))", (data.block, data.machine_id)) + rows = cursor.fetchall() + + if len(rows) > 0: + machine_status[data.block - 1][data.machine_id - 1] = Status.RUNNING.name + else: + machine_status[data.block - 1][data.machine_id - 1] = Status.EMPTY.name + + response.status_code = fastapi.status.HTTP_200_OK + return "Set!" + + print("set machine", data.machine_id, "of block", data.block, ".", machine_status) + else: + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return "Forbidden." + # --- change admin password @app.post("/admin_change_password", response_class=PlainTextResponse) @@ -550,4 +576,21 @@ def admin_change_password(data: PlaintextPasswordData, response: fastapi.Respons response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED return "Unauthorised." - pass + if authenticate_admin_check(admin_auth): + pass + else: + pass + + +# --- get all blocks machine status for admin +@app.post("/admin_machine_status") +def admin_machine_status(response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + if not admin_auth: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return """{"reply": "Unauthorised."}""" + + if authenticate_admin_check(admin_auth): + return machine_status + else: + response.status_code = fastapi.status.HTTP_403_FORBIDDEN + return """{"reply": "Forbidden."}""" |