allowlgroup/auth_bd
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: allowlgroup:rollback-to-d3e62ce
Branches Tags
allowlgroup:main allowlgroup:rollback-to-d3e62ce
...
pull from: allowlgroup:main
Branches Tags
allowlgroup:main allowlgroup:rollback-to-d3e62ce

6 Commits
rollback-t ... main

Author SHA1 Message Date
Игорь Бандурист
5125116172 install
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-31 17:17:28 +10:00
Игорь Бандурист
e67a1fab5e исправлено хеширование паролей
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-31 16:55:48 +10:00
Игорь Бандурист
21df98f575 requrements
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-31 16:49:51 +10:00
Игорь Бандурист
6965cc8d94 verify
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-31 16:37:13 +10:00
Игорь Бандурист
4128745309 cookie
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-31 16:33:02 +10:00
Игорь Бандурист
a9e4eb6223 опечатка
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-31 15:39:53 +10:00
2 changed files with 64 additions and 25 deletions
Expand all files Collapse all files

71
main.py
View File

@@ -1,11 +1,12 @@
from fastapi import FastAPI, HTTPException, Depends, Request
from fastapi import FastAPI, HTTPException, Depends from fastapi.responses import JSONResponse
from fastapi.middleware.cors import CORSMiddleware # <-- добавлено from fastapi.middleware.cors import CORSMiddleware
from pydantic import BaseModel from pydantic import BaseModel
import sqlite3 import sqlite3
from passlib.context import CryptContext
import uvicorn import uvicorn
from werkzeug.security import generate_password_hash, check_password_hash from werkzeug.security import generate_password_hash, check_password_hash
import jwt
import datetime
app = FastAPI(title="Work BD Auth API", app = FastAPI(title="Work BD Auth API",
description="API для авторизации и регистрации", description="API для авторизации и регистрации",
@@ -13,14 +14,17 @@ app = FastAPI(title="Work BD Auth API",
app.add_middleware( app.add_middleware(
CORSMiddleware, CORSMiddleware,
allow_origins=["http://localhost:5173, https://allowlgroup.ru/, https://allowlgroup.ru"], # или список конкретных доменов allow_origins=[
"http://localhost:5173",
"https://allowlgroup.ru",
],
allow_credentials=True, allow_credentials=True,
allow_methods=["*"], allow_methods=["*"],
allow_headers=["*"], allow_headers=["*"],
) )
DB_PATH = 'users.db' DB_PATH = 'users.db'
# Инициализация базы данных
def init_db(): def init_db():
conn = sqlite3.connect(DB_PATH) conn = sqlite3.connect(DB_PATH)
cursor = conn.cursor() cursor = conn.cursor()
@@ -30,21 +34,19 @@ def init_db():
password TEXT NOT NULL)''') password TEXT NOT NULL)''')
conn.commit() conn.commit()
conn.close() conn.close()
init_db() init_db()
# Pydantic модель для входящих данных
class UserIn(BaseModel): class UserIn(BaseModel):
username: str username: str
password: str password: str
@app.post('/register', status_code=201, tags=["User"]) @app.post('/register', status_code=201, tags=["User"])
async def register(user: UserIn): async def register(user: UserIn):
if not user.username or not user.password: if not user.username or not user.password:
raise HTTPException(status_code=400, detail="Username and password required") raise HTTPException(status_code=400, detail="Username and password required")
hashed_password = generate_password_hash(user.password) hashed_password = generate_password_hash(user.password)
try: try:
conn = sqlite3.connect(DB_PATH) conn = sqlite3.connect(DB_PATH)
cursor = conn.cursor() cursor = conn.cursor()
@@ -58,7 +60,6 @@ async def register(user: UserIn):
@app.post('/login', tags=["User"]) @app.post('/login', tags=["User"])
async def login(user: UserIn): async def login(user: UserIn):
print(user)
if not user.username or not user.password: if not user.username or not user.password:
raise HTTPException(status_code=400, detail="Username and password required") raise HTTPException(status_code=400, detail="Username and password required")
@@ -69,10 +70,30 @@ async def login(user: UserIn):
conn.close() conn.close()
if row and check_password_hash(row[0], user.password): if row and check_password_hash(row[0], user.password):
return {"message": "Login successful"} token = jwt.encode({
"username": user.username,
"exp": datetime.datetime.utcnow() + datetime.timedelta(days=30)
}, "95ad4fb1f2612c41ed299d5ca695945890c957fa", algorithm="HS256")
response = JSONResponse(content={"message": "Login successful", "token": token})
response.set_cookie(
key="auth_token",
value=token,
max_age=30*24*60*60,
httponly=True,
samesite="lax",
path="/"
)
response.set_cookie(
key="username",
value=user.username,
max_age=30*24*60*60,
samesite="lax",
path="/"
)
return response
else: else:
# raise HTTPException(status_code=401, detail="Invalid credentials") raise HTTPException(status_code=401, detail="Invalid credentials")
return {"message": "successful"}
@app.get('/users', tags=["User"]) @app.get('/users', tags=["User"])
async def get_users(): async def get_users():
@@ -81,9 +102,27 @@ async def get_users():
cursor.execute('SELECT * FROM users') cursor.execute('SELECT * FROM users')
rows = cursor.fetchall() rows = cursor.fetchall()
conn.close() conn.close()
return rows return rows
# # Запуск сервера для теста @app.get('/verify', tags=["User"])
async def verify_token_endpoint(request: Request):
token = request.cookies.get('auth_token')
if not token:
raise HTTPException(status_code=401, detail="No token provided")
try:
payload = jwt.decode(
token,
"95ad4fb1f2612c41ed299d5ca695945890c957fa",
algorithms=["HS256"]
)
return {"user": {"username": payload["username"]}}
except jwt.ExpiredSignatureError:
raise HTTPException(status_code=401, detail="Token expired")
except jwt.InvalidTokenError:
raise HTTPException(status_code=401, detail="Invalid token")
# if __name__ == "__main__": # if __name__ == "__main__":
# uvicorn.run("main:app", port=8004, reload=True) # uvicorn.run("main:app", host="0.0.0.0", port=8004, reload=True)

BIN
requirements.txt
View File

Binary file not shown.