feat: implement password hashing for user authentication and storage
This commit is contained in:
parent
54061aac2c
commit
7047f7c7e8
@ -3,18 +3,18 @@ from flask_sqlalchemy import SQLAlchemy
|
|||||||
db = SQLAlchemy()
|
db = SQLAlchemy()
|
||||||
|
|
||||||
class Game(db.Model):
|
class Game(db.Model):
|
||||||
__tablename__ = 'games' # Ensure the table name is set to 'games'
|
__tablename__ = 'games'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
image = db.Column(db.String(255))
|
image = db.Column(db.String(255))
|
||||||
title = db.Column(db.String(100), nullable=False)
|
title = db.Column(db.String(100), nullable=False)
|
||||||
date = db.Column(db.String(10), nullable=False) # Ensure date is not nullable
|
date = db.Column(db.String(10), nullable=False)
|
||||||
buyer = db.Column(db.String(100))
|
buyer = db.Column(db.String(100))
|
||||||
owned = db.Column(db.Boolean, nullable=False)
|
owned = db.Column(db.Boolean, nullable=False)
|
||||||
|
|
||||||
class User(db.Model):
|
class User(db.Model):
|
||||||
__tablename__ = 'users' # Ensure the table name is set to 'users'
|
__tablename__ = 'users'
|
||||||
id = db.Column(db.Integer, primary_key=True)
|
id = db.Column(db.Integer, primary_key=True)
|
||||||
username = db.Column(db.String(100), nullable=False, unique=True)
|
username = db.Column(db.String(100), nullable=False, unique=True)
|
||||||
password = db.Column(db.String(100), nullable=False)
|
password = db.Column(db.String(128), nullable=False) # Increased length for hashed passwords
|
||||||
role = db.Column(db.String(10), nullable=False) # 'user' or 'admin'
|
role = db.Column(db.String(10), nullable=False)
|
||||||
last_login = db.Column(db.String(20), nullable=True) # Last login timestamp
|
last_login = db.Column(db.String(20), nullable=True)
|
||||||
|
@ -1,23 +1,22 @@
|
|||||||
from flask import Blueprint, request, jsonify, g
|
from flask import Blueprint, request, jsonify, g
|
||||||
from models import db, User
|
from models import db, User
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
from werkzeug.security import generate_password_hash, check_password_hash
|
||||||
|
|
||||||
user_bp = Blueprint('user', __name__)
|
user_bp = Blueprint('user', __name__)
|
||||||
|
|
||||||
def authenticate():
|
def authenticate():
|
||||||
# Hier wird die Authentifizierung überprüft (z.B. durch Token oder Session)
|
|
||||||
username = request.headers.get('X-Username')
|
username = request.headers.get('X-Username')
|
||||||
password = request.headers.get('X-Password')
|
password = request.headers.get('X-Password')
|
||||||
if username and password:
|
if username and password:
|
||||||
user = User.query.filter_by(username=username, password=password).first()
|
user = User.query.filter_by(username=username).first()
|
||||||
if user:
|
if user and check_password_hash(user.password, password):
|
||||||
g.user = user
|
g.user = user
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
@user_bp.before_request
|
@user_bp.before_request
|
||||||
def before_request():
|
def before_request():
|
||||||
# Überprüfen, ob der Benutzer angemeldet ist, außer bei Login
|
|
||||||
if request.endpoint not in ['user.login_user']:
|
if request.endpoint not in ['user.login_user']:
|
||||||
if not authenticate():
|
if not authenticate():
|
||||||
return jsonify({'message': 'Unauthorized access!'}), 401
|
return jsonify({'message': 'Unauthorized access!'}), 401
|
||||||
@ -25,10 +24,11 @@ def before_request():
|
|||||||
@user_bp.route('/users', methods=['POST'])
|
@user_bp.route('/users', methods=['POST'])
|
||||||
def create_user():
|
def create_user():
|
||||||
data = request.json
|
data = request.json
|
||||||
|
hashed_password = generate_password_hash(data['password'])
|
||||||
new_user = User(
|
new_user = User(
|
||||||
username=data['username'],
|
username=data['username'],
|
||||||
password=data['password'],
|
password=hashed_password,
|
||||||
role=data.get('role', 'user'), # Default role is 'user'
|
role=data.get('role', 'user'),
|
||||||
last_login=None
|
last_login=None
|
||||||
)
|
)
|
||||||
db.session.add(new_user)
|
db.session.add(new_user)
|
||||||
@ -38,8 +38,8 @@ def create_user():
|
|||||||
@user_bp.route('/users/login', methods=['POST'])
|
@user_bp.route('/users/login', methods=['POST'])
|
||||||
def login_user():
|
def login_user():
|
||||||
data = request.json
|
data = request.json
|
||||||
user = User.query.filter_by(username=data['username'], password=data['password']).first()
|
user = User.query.filter_by(username=data['username']).first()
|
||||||
if user:
|
if user and check_password_hash(user.password, data['password']):
|
||||||
user.last_login = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
|
user.last_login = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
return jsonify({'message': 'Login successful!', 'role': user.role}), 200
|
return jsonify({'message': 'Login successful!', 'role': user.role}), 200
|
||||||
|
Loading…
Reference in New Issue
Block a user