123 lines
3.9 KiB
Python
123 lines
3.9 KiB
Python
"""Authentication routes - Login, Logout"""
|
|
|
|
from flask import Blueprint, render_template, request, redirect, url_for, session, jsonify
|
|
from functools import wraps
|
|
from database import db
|
|
from database.models import User
|
|
import logging
|
|
|
|
auth_bp = Blueprint('auth', __name__)
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def login_required(f):
|
|
"""Decorator - require user to be logged in"""
|
|
@wraps(f)
|
|
def decorated_function(*args, **kwargs):
|
|
if 'user_id' not in session:
|
|
return redirect(url_for('auth.login'))
|
|
return f(*args, **kwargs)
|
|
return decorated_function
|
|
|
|
|
|
def admin_required(f):
|
|
"""Decorator - require admin role"""
|
|
@wraps(f)
|
|
def decorated_function(*args, **kwargs):
|
|
if 'user_id' not in session:
|
|
return redirect(url_for('auth.login'))
|
|
|
|
user = User.query.get(session['user_id'])
|
|
if not user or not user.is_admin:
|
|
return jsonify({'error': 'Admin access required', 'success': False}), 403
|
|
|
|
return f(*args, **kwargs)
|
|
return decorated_function
|
|
|
|
|
|
@auth_bp.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
"""Login page and authentication"""
|
|
if request.method == 'GET':
|
|
# Check if already logged in
|
|
if 'user_id' in session:
|
|
return redirect(url_for('main.index'))
|
|
|
|
return render_template('auth/login.html')
|
|
|
|
# POST - process login
|
|
username = request.form.get('username', '').strip()
|
|
password = request.form.get('password', '').strip()
|
|
|
|
if not username or not password:
|
|
return render_template('auth/login.html', error='Username and password required'), 400
|
|
|
|
try:
|
|
# Find user
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if not user:
|
|
logger.warning(f"[AUTH] Login failed - user '{username}' not found", flush=True)
|
|
return render_template('auth/login.html', error='Invalid credentials'), 401
|
|
|
|
# Check password
|
|
if not user.check_password(password):
|
|
logger.warning(f"[AUTH] Login failed - wrong password for '{username}'", flush=True)
|
|
return render_template('auth/login.html', error='Invalid credentials'), 401
|
|
|
|
session.clear()
|
|
session['user_id'] = user.id
|
|
session['username'] = user.username
|
|
session['is_admin'] = user.is_admin
|
|
session.permanent = True
|
|
|
|
# Zaloguj w basie danych
|
|
from datetime import datetime
|
|
user.last_login = datetime.utcnow()
|
|
db.session.commit()
|
|
|
|
logger.info(f"[AUTH] User '{username}' logged in successfully", flush=True)
|
|
|
|
# Redirect do dashboard
|
|
return redirect(url_for('main.index'))
|
|
|
|
except Exception as e:
|
|
logger.error(f"[AUTH] Login error: {e}", flush=True)
|
|
return render_template('auth/login.html', error='Login error'), 500
|
|
|
|
|
|
@auth_bp.route('/logout', methods=['GET', 'POST'])
|
|
def logout():
|
|
"""Logout"""
|
|
username = session.get('username', 'unknown')
|
|
session.clear()
|
|
logger.info(f"[AUTH] User '{username}' logged out", flush=True)
|
|
return redirect(url_for('auth.login'))
|
|
|
|
|
|
@auth_bp.route('/api/current-user', methods=['GET'])
|
|
def current_user():
|
|
"""Get current logged in user info"""
|
|
if 'user_id' not in session:
|
|
return jsonify({'error': 'Not authenticated', 'success': False}), 401
|
|
|
|
try:
|
|
user = User.query.get(session['user_id'])
|
|
|
|
if not user:
|
|
session.clear()
|
|
return jsonify({'error': 'User not found', 'success': False}), 401
|
|
|
|
return jsonify({
|
|
'success': True,
|
|
'user': {
|
|
'id': user.id,
|
|
'username': user.username,
|
|
'is_admin': user.is_admin
|
|
}
|
|
})
|
|
|
|
except Exception as e:
|
|
logger.error(f"[AUTH] Error getting current user: {e}", flush=True)
|
|
return jsonify({'error': str(e), 'success': False}), 500
|