login added

2024-10-01 16:09:46 -04:00
parent 8779643d5b
commit b3e876bd4c
3 changed files with 75 additions and 11 deletions
--- a/server/pycache/security.cpython-311.pyc
+++ b/server/pycache/security.cpython-311.pyc
--- a/server/app.py
+++ b/server/app.py
@@ -1,9 +1,11 @@
 # server/app.py
-from flask import Flask, request, jsonify, render_template, redirect, url_for, send_from_directory
+from flask import Flask, request, jsonify, render_template, redirect, url_for, session
 from flask_talisman import Talisman
 import os
+from security import validate_user, identify_uploader

 app = Flask(__name__, template_folder='../templates')
+app.secret_key = 'super_secret_key'  # Change this to a more secure key for production
 Talisman(app)

 RECEIVED_FILES_DIR = "../assets"
@@ -16,33 +18,58 @@ uploaded_images = []

@app.route('/')
 def index():
+    if 'username' not in session:
+        return redirect(url_for('login'))
    return render_template("index.html")

+@app.route('/login', methods=['GET', 'POST'])
+def login():
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        if validate_user(username, password):
+            session['username'] = username
+            return redirect(url_for('index'))
+        else:
+            return "Invalid credentials. Please try again.", 403
+    return render_template("login.html")
+
+@app.route('/logout')
+def logout():
+    session.pop('username', None)
+    return redirect(url_for('login'))
+
@app.route('/upload/link', methods=['POST'])
 def upload_link():
-    data = request.form
-    if 'link' not in data or 'uploader' not in data:
-        return jsonify({"error": "Link and uploader's name are required"}), 400
+    if 'username' not in session:
+        return redirect(url_for('login'))

-    link_info = {'link': data['link'], 'uploader': data['uploader']}
+    data = request.form
+    if 'link' not in data:
+        return jsonify({"error": "No link provided"}), 400
+    
+    uploader = identify_uploader()
+    link_info = {'link': data['link'], 'uploader': uploader}
    uploaded_links.append(link_info)
    
    with open(os.path.join(RECEIVED_FILES_DIR, "links.txt"), "a") as f:
-        f.write(f"{data['uploader']}: {data['link']}\n")
+        f.write(f"{uploader}: {data['link']}\n")

    return redirect(url_for('index'))

@app.route('/upload/image', methods=['POST'])
 def upload_image():
-    if 'file' not in request.files or 'uploader' not in request.form:
-        return jsonify({"error": "File and uploader's name are required"}), 400
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
+    if 'file' not in request.files:
+        return jsonify({"error": "No file provided"}), 400

    file = request.files['file']
-    uploader = request.form['uploader']
-    
    if file.filename == '':
        return jsonify({"error": "No selected file"}), 400

+    uploader = identify_uploader()
    save_path = os.path.join(RECEIVED_FILES_DIR, file.filename)
    file.save(save_path)
    
@@ -52,6 +79,9 @@ def upload_image():

@app.route('/uploads')
 def view_uploads():
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
    return render_template("uploads.html", links=uploaded_links, images=uploaded_images)

@app.route('/assets/<filename>')
@@ -60,11 +90,13 @@ def get_image(filename):

@app.route('/rename/<filename>', methods=['POST'])
 def rename_file(filename):
+    if 'username' not in session:
+        return redirect(url_for('login'))
+
    new_name = request.form.get('new_name')
    if new_name and os.path.exists(os.path.join(RECEIVED_FILES_DIR, filename)):
        os.rename(os.path.join(RECEIVED_FILES_DIR, filename), os.path.join(RECEIVED_FILES_DIR, new_name))
        
-        # Update internal records
        for image in uploaded_images:
            if image['filename'] == filename:
                image['filename'] = new_name
@@ -75,4 +107,3 @@ def rename_file(filename):

 if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000, ssl_context='adhoc')
-
--- a/server/security.py
+++ b/server/security.py
@@ -0,0 +1,33 @@
+# server/security.py
+from flask import request
+import platform
+import hashlib
+
+# Mock user database (username: password) - replace with a real database
+USER_DATABASE = {
+    "iphone_user": hashlib.sha256("iphone_password".encode()).hexdigest(),
+    "laptop_user": hashlib.sha256("laptop_password".encode()).hexdigest(),
+}
+
+# Function to validate user credentials
+def validate_user(username, password):
+    hashed_password = hashlib.sha256(password.encode()).hexdigest()
+    return USER_DATABASE.get(username) == hashed_password
+
+# Function to extract device information
+def get_device_info():
+    user_agent = request.headers.get('User-Agent', 'Unknown')
+    return {
+        "ip": request.remote_addr,
+        "user_agent": user_agent,
+        "isa": platform.machine(),  # Get system architecture
+        "os": platform.system(),    # Get OS
+    }
+
+# Function to identify the uploader based on device info
+def identify_uploader():
+    device_info = get_device_info()
+    if "iPhone" in device_info['user_agent']:
+        return f"Uploaded by iPhone (IP: {device_info['ip']})"
+    else:
+        return f"Uploaded by {device_info['isa']} {device_info['os']} (IP: {device_info['ip']})"