gru/zbiorki_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

poprawka w logowaniu

Browse Source
This commit is contained in:
Mateusz Gruszczyński
2025-12-10 09:58:53 +01:00
parent 562d8117c3
commit 8ee34d931d
1 changed files with 40 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
app.py
View File

@@ -203,30 +203,41 @@ def get_real_ip():
return request.remote_addr return request.remote_addr
def is_allowed_ip(remote_ip, allowed_hosts_str): import os
if remote_ip in ("127.0.0.1", "::1"): import socket
return True import re
def is_allowed_ip(remote_ip, allowed_hosts_str):
# awaryjny dostęp
if os.path.exists("emergency_access.txt"): if os.path.exists("emergency_access.txt"):
return True return True
if not allowed_hosts_str or not allowed_hosts_str.strip():
return False
allowed_hosts = re.split(r"[\n,]+", allowed_hosts_str.strip()) allowed_hosts = re.split(r"[\n,]+", allowed_hosts_str.strip())
allowed_ips = set() allowed_ips = set()
for host in allowed_hosts: for host in allowed_hosts:
host = host.strip() host = host.strip()
if not host: if not host:
continue continue
if re.match(r"^\d{1,3}(\.\d{1,3}){3}$", host):
allowed_ips.add(host)
continue
try: try:
resolved_ip = socket.gethostbyname(host) resolved_ip = socket.gethostbyname(host)
allowed_ips.add(resolved_ip) allowed_ips.add(resolved_ip)
except Exception: except Exception:
continue pass
try: try:
hostname = socket.gethostbyaddr(remote_ip)[0] hostname = socket.gethostbyaddr(remote_ip)[0]
app.logger.info(f"Odwiedzający IP: {remote_ip}, host: {hostname}") app.logger.info(f"Odwiedzający IP: {remote_ip}, host: {hostname}")
except Exception as e: except Exception:
app.logger.warning(f"Reverse DNS nieudane dla {remote_ip}: {e}") pass
return remote_ip in allowed_ips return remote_ip in allowed_ips
@@ -340,23 +351,39 @@ def zbiorka(zbiorka_id):
@app.route("/zaloguj", methods=["GET", "POST"]) @app.route("/zaloguj", methods=["GET", "POST"])
def zaloguj(): def zaloguj():
settings = UstawieniaGlobalne.query.first() settings = UstawieniaGlobalne.query.first()
allowed_hosts_str = settings.dozwolone_hosty_logowania or "" if settings else "" allowed_hosts_str = (
settings.dozwolone_hosty_logowania
if settings and settings.dozwolone_hosty_logowania
else ""
)
client_ip = get_real_ip() client_ip = get_real_ip()
if not is_allowed_ip(client_ip, allowed_hosts_str): if not is_allowed_ip(client_ip, allowed_hosts_str):
flash("Dostęp do tego systemu jest zablokowany dla Twojego adresu IP", "danger") flash(
f"Dostęp do panelu logowania z adresu IP {client_ip} "
f"jest zablokowany Twój adres nie znajduje się na liście dozwolonych.",
"danger",
)
return redirect(url_for("index")) return redirect(url_for("index"))
if current_user.is_authenticated:
return redirect(url_for("admin_dashboard"))
if request.method == "POST": if request.method == "POST":
login = request.form["uzytkownik"] login = request.form.get("uzytkownik", "").strip()
password = request.form["haslo"] password = request.form.get("haslo", "")
user = Uzytkownik.query.filter_by(uzytkownik=login).first() user = Uzytkownik.query.filter_by(uzytkownik=login).first()
if user and user.check_password(password): if user and user.check_password(password):
login_user(user) login_user(user)
flash("Zalogowano pomyślnie", "success") flash("Zalogowano pomyślnie", "success")
next_page = request.args.get("next")
next_page = request.form.get("next") or request.args.get("next")
return redirect(next_page) if next_page else redirect(url_for("admin_dashboard")) return redirect(next_page) if next_page else redirect(url_for("admin_dashboard"))
else:
flash("Nieprawidłowe dane logowania", "danger") flash("Nieprawidłowe dane logowania", "danger")
return render_template("login.html") return render_template("login.html")