From 1ea49d7ed8a59a9a0b995eca9ea5d8574b0e0d95 Mon Sep 17 00:00:00 2001 From: altaf-creator Date: Wed, 21 Jan 2026 16:09:33 +0800 Subject: password --- backend/__pycache__/main.cpython-314.pyc | Bin 22196 -> 28801 bytes backend/main.py | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+) (limited to 'backend') diff --git a/backend/__pycache__/main.cpython-314.pyc b/backend/__pycache__/main.cpython-314.pyc index 088aec4..723d683 100644 Binary files a/backend/__pycache__/main.cpython-314.pyc and b/backend/__pycache__/main.cpython-314.pyc differ diff --git a/backend/main.py b/backend/main.py index ff6ec38..77c84b0 100644 --- a/backend/main.py +++ b/backend/main.py @@ -19,6 +19,7 @@ from dotenv import load_dotenv from os import getenv import yaml import notif # import notif.py +import bcrypt # ## API, db, and scheduler initialisation app = fastapi.FastAPI(title="Victoria Hall LaundryWeb", description="LaundryWeb Backend API", version="0.1") @@ -481,6 +482,15 @@ def notif_subscribe(data: notif.PushSubscriptionData, response: fastapi.Response @app.post("/admin_login", response_class=PlainTextResponse) def admin_login(data: PlaintextPasswordData, response: fastapi.Response): print(data.password) + + pwd = data.password.encode('utf-8') + stored_hash_pwd = getenv("ADMIN_PASSWORD_HASH") + + if bcrypt.checkpw(pwd, stored_hash_pwd): + response.status_code = fastapi.status.HTTP_202_ACCEPTED + return "Authenticated!!!11" + + response.status_code = fastapi.status.HTTP_403_FORBIDDEN return data.password @@ -490,3 +500,13 @@ def override_status(data: OverrideMachineData, response: fastapi.Response, admin if not admin_auth: response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED return "Unauthorised." + + +# --- change admin password +@app.post("/admin_change_password", response_class=PlainTextResponse) +def admin_change_password(data: PlaintextPasswordData, response: fastapi.Response, admin_auth: Annotated[str | None, fastapi.Cookie()] = None): + if not admin_auth: + response.status_code = fastapi.status.HTTP_401_UNAUTHORIZED + return "Unauthorised." + + pass -- cgit v1.2.3