cookie value

.env.example

@@ -12,4 +12,6 @@ DEFAULT_ADMIN_USERNAME=admin
 DEFAULT_ADMIN_PASSWORD=admin123
 
 # Katalog wgrywanych plików
-UPLOAD_FOLDER=uploads
+UPLOAD_FOLDER=uploads
+
+AUTHORIZED_COOKIE_VALUE=twoj_wlasny_hash

app.py

@@ -2,9 +2,8 @@ import os
 import secrets
 import time
 from datetime import datetime, timedelta
-from flask import Flask, render_template, redirect, url_for, request, flash, Blueprint, send_from_directory
+from flask import Flask, render_template, redirect, url_for, request, flash, Blueprint, send_from_directory, request
 from markupsafe import Markup
-
 from flask_sqlalchemy import SQLAlchemy
 from flask_login import LoginManager, UserMixin, login_user, login_required, logout_user, current_user
 from flask_socketio import SocketIO, emit, join_room
@@ -15,7 +14,6 @@ from werkzeug.utils import secure_filename
 from werkzeug.middleware.proxy_fix import ProxyFix
 from sqlalchemy import func
 
-
 app = Flask(__name__)
 app.config.from_object(Config)
 app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)
@@ -24,6 +22,7 @@ DEFAULT_ADMIN_USERNAME = app.config.get('DEFAULT_ADMIN_USERNAME', 'admin')
 DEFAULT_ADMIN_PASSWORD = app.config.get('DEFAULT_ADMIN_PASSWORD', 'admin123')
 UPLOAD_FOLDER = app.config.get('UPLOAD_FOLDER', 'uploads')
 ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif', 'webp'}
+AUTHORIZED_COOKIE_VALUE = app.config.get('AUTHORIZED_COOKIE_VALUE', '80d31cdfe63539c9')
 
 os.makedirs(UPLOAD_FOLDER, exist_ok=True)
 
@@ -95,6 +94,11 @@ def load_user(user_id):
 def inject_time():
     return dict(time=time)
 
+@app.context_processor
+def inject_has_authorized_cookie():
+    return {'has_authorized_cookie': 'authorized' in request.cookies}
+
+
 @app.before_request
 def require_system_password():
     if 'authorized' not in request.cookies \
@@ -150,7 +154,7 @@ def system_auth():
                 db.session.commit()
                 flash(f'Utworzono konto administratora: login={DEFAULT_ADMIN_USERNAME}, hasło={DEFAULT_ADMIN_PASSWORD}')
             resp = redirect(next_page)
-            resp.set_cookie('authorized', 'true')
+            resp.set_cookie('authorized', AUTHORIZED_COOKIE_VALUE)
             return resp
         flash('Nieprawidłowe hasło do systemu','danger')
     return render_template('system_auth.html')

config.py

@@ -8,3 +8,4 @@ class Config:
     DEFAULT_ADMIN_USERNAME = os.environ.get('DEFAULT_ADMIN_USERNAME', 'admin')
     DEFAULT_ADMIN_PASSWORD = os.environ.get('DEFAULT_ADMIN_PASSWORD', 'admin123')
     UPLOAD_FOLDER = os.environ.get('UPLOAD_FOLDER', 'uploads')
+    AUTHORIZED_COOKIE_VALUE = os.environ.get('AUTHORIZED_COOKIE_VALUE', 'cookievalue')

templates/base.html

@@ -20,12 +20,15 @@
       🛒 Live <span class="text-warning">Lista</span> Zakupów
     </a>
 
-    {% if current_user.is_authenticated %}
-      <span class="mx-auto text-white">Zalogowany jako: <strong>{{ current_user.username }}</strong></span>
-    {% else %}
-      <span class="mx-auto text-white">Przeglądasz jako <strong>gość</strong></span>
+    {% if has_authorized_cookie %}
+      {% if current_user.is_authenticated %}
+        <span class="mx-auto text-white">Zalogowany jako: <strong>{{ current_user.username }}</strong></span>
+      {% else %}
+        <span class="mx-auto text-white">Przeglądasz jako <strong>gość</strong></span>
+      {% endif %}
     {% endif %}
 
+
     <div class="d-flex align-items-center gap-2">
       {% if current_user.is_authenticated and current_user.is_admin %}
         <a href="{{ url_for('admin_panel') }}" class="btn btn-outline-warning btn-sm">⚙️ Panel admina</a>