1 files changed, 20 insertions, 0 deletions

diff --git a/backend/main.py b/backend/main.py
index ff6ec38..77c84b0 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -19,6 +19,7 @@ from dotenv import load_dotenv
 from os import getenv
 import yaml
 import notif  # import notif.py
+import bcrypt
 
 # ## API, db, and scheduler initialisation
 app = fastapi.FastAPI(title="Victoria Hall LaundryWeb", description="LaundryWeb Backend API", version="0.1")
@@ -481,6 +482,15 @@ def notif_subscribe(data: notif.PushSubscriptionData, response: fastapi.Response
 @app.post("/admin_login", response_class=PlainTextResponse)
 def admin_login(data: PlaintextPasswordData, response: fastapi.Response):
     print(data.password)
+
+    pwd = data.password.encode('utf-8')
+    stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH")
+
+    if bcrypt.checkpw(pwd, stored_hash_pwd):
+        response.status_code = fastapi.status.HTTP_202_ACCEPTED
+        return "Authenticated!!!11"
+
+    response.status_code = fastapi.status.HTTP_403_FORBIDDEN
     return data.password
 
 
@@ -490,3 +500,13 @@ def override_status(data: OverrideMachineData, response: fastapi.Response, admin
     if not admin_auth:
         response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
         return "Unauthorised."
+
+
+# --- change admin password
+@app.post("/admin_change_password", response_class=PlainTextResponse)
+def admin_change_password(data: PlaintextPasswordData, response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None):
+    if not admin_auth:
+        response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
+        return "Unauthorised."
+
+    pass