1 files changed, 44 insertions, 3 deletions

diff --git a/backend/main.py b/backend/main.py
index 77c84b0..cf3edb5 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -31,6 +31,7 @@ scheduler.start()
 
 origins = [
     "http://localhost",
+    "http://localhost:8081",
     "http://localhost:998",
     "http://localhost:5173",
     "http://127.0.0.1",
@@ -60,6 +61,13 @@ CREATE TABLE IF NOT EXISTS timers (
     subscription_id TEXT NOT NULL
 );""")  # block is either 1 or 2, machine (1-4), odd is dryer, even is machine.
 
+cursor.execute("""
+CREATE TABLE IF NOT EXISTS admin_cookies (
+    cookie VARCHAR(64) PRIMARY KEY
+);
+""")
+
+cursor.execute("DELETE FROM admin_cookies;")
 
 class RowIndices(IntEnum):
     TIMER_ID = 0,
@@ -477,6 +485,12 @@ def notif_subscribe(data: notif.PushSubscriptionData, response: fastapi.Response
 
 # #### ADMIN PANEL API END POINTS ####
 
+# ## ADMIN PANEL SCHEDULER METHODS ##
+
+
+def delete_cookie_scheduler(cookie):
+    pass
+
 
 # --- admin login
 @app.post("/admin_login", response_class=PlainTextResponse)
@@ -484,15 +498,42 @@ def admin_login(data: PlaintextPasswordData, response: fastapi.Response):
     print(data.password)
 
     pwd = data.password.encode('utf-8')
-    stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH")
+    stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH").encode('utf-8')
 
     if bcrypt.checkpw(pwd, stored_hash_pwd):
         response.status_code = fastapi.status.HTTP_202_ACCEPTED
-        return "Authenticated!!!11"
+
+        auth_cookie_str = secrets.token_hex(32)
+        AUTH_MAX_AGE = 60 * 10  # 10 minutes
+        response.set_cookie(key="admin_auth", value=auth_cookie_str, secure=True, max_age=AUTH_MAX_AGE)
+        cursor.execute("""INSERT INTO admin_cookies (cookie) VALUES (?);""", (auth_cookie_str,))
+        conn.commit()
+        cursor.execute("SELECT * FROM admin_cookies")
+        print(cursor.fetchall())
+
+        now = datetime.datetime.now(ZoneInfo(TZ))
+        end_date = now + datetime.timedelta(seconds=(AUTH_MAX_AGE))
+        scheduler.add_job(delete_cookie_scheduler, 'date', run_date=end_date, args=[auth_cookie_str])
+
+        return "hi admin you are Authenticated!!!11"
 
     response.status_code = fastapi.status.HTTP_403_FORBIDDEN
-    return data.password
+    return "Forbidden."
+
 
+# --- admin auth check
+@app.post("/admin_check", response_class=PlainTextResponse)
+def admin_check(response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None):
+    print("admin check request, ", admin_auth)
+    cursor.execute("SELECT * FROM admin_cookies WHERE cookie = ?", (admin_auth,))
+    rows = cursor.fetchall()
+
+    if len(rows) > 0:
+        response.status_code = fastapi.status.HTTP_202_ACCEPTED
+        return "Authorised."
+    else:
+        response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED
+        return "Get out."
 
 # --- override each machine status
 @app.post("/override_status", response_class=PlainTextResponse)