install

исправлено хеширование паролей
requrements
2026-05-31 17:17:28 +10:00 · 2026-05-31 16:55:48 +10:00 · 2026-05-31 16:49:51 +10:00 · 2026-05-31 16:37:13 +10:00 · 2026-05-31 16:33:02 +10:00 · 2026-05-31 15:39:53 +10:00
2 changed files with 64 additions and 25 deletions
--- a/main.py
+++ b/main.py
@@ -1,11 +1,12 @@
-
+from fastapi import FastAPI, HTTPException, Depends, Request
-from fastapi import FastAPI, HTTPException, Depends
+from fastapi.responses import JSONResponse
-from fastapi.middleware.cors import CORSMiddleware  # <-- добавлено
+from fastapi.middleware.cors import CORSMiddleware
 from pydantic import BaseModel
 import sqlite3
 from passlib.context import CryptContext
 import uvicorn
 from werkzeug.security import generate_password_hash, check_password_hash
 import jwt
 import datetime
 app = FastAPI(title="Work BD Auth API",
              description="API для авторизации и регистрации",
@@ -13,38 +14,39 @@ app = FastAPI(title="Work BD Auth API",
 app.add_middleware(
    CORSMiddleware,
-    allow_origins=["http://localhost:5173, https://allowlgroup.ru/, https://allowlgroup.ru"],  # или список конкретных доменов
+    allow_origins=[
        "http://localhost:5173",
        "https://allowlgroup.ru",
    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )
 DB_PATH = 'users.db'
 # Инициализация базы данных
 def init_db():
    conn = sqlite3.connect(DB_PATH)
    cursor = conn.cursor()
    cursor.execute('''CREATE TABLE IF NOT EXISTS users (
-                        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
-                        username TEXT UNIQUE NOT NULL,
+        username TEXT UNIQUE NOT NULL,
-                        password TEXT NOT NULL)''')
+        password TEXT NOT NULL)''')
    conn.commit()
    conn.close()
 init_db()
 # Pydantic модель для входящих данных
 class UserIn(BaseModel):
    username: str
    password: str
@app.post('/register', status_code=201, tags=["User"])
 async def register(user: UserIn):
    if not user.username or not user.password:
        raise HTTPException(status_code=400, detail="Username and password required")
    hashed_password = generate_password_hash(user.password)
    try:
        conn = sqlite3.connect(DB_PATH)
        cursor = conn.cursor()
@@ -58,7 +60,6 @@ async def register(user: UserIn):
@app.post('/login', tags=["User"])
 async def login(user: UserIn):
    print(user)
    if not user.username or not user.password:
        raise HTTPException(status_code=400, detail="Username and password required")
@@ -69,10 +70,30 @@ async def login(user: UserIn):
    conn.close()
    if row and check_password_hash(row[0], user.password):
-        return {"message": "Login successful"}
+        token = jwt.encode({
            "username": user.username,
            "exp": datetime.datetime.utcnow() + datetime.timedelta(days=30)
        }, "95ad4fb1f2612c41ed299d5ca695945890c957fa", algorithm="HS256")
        response = JSONResponse(content={"message": "Login successful", "token": token})
        response.set_cookie(
            key="auth_token",
            value=token,
            max_age=30*24*60*60,
            httponly=True,
            samesite="lax",
            path="/"
        )
        response.set_cookie(
            key="username",
            value=user.username,
            max_age=30*24*60*60,
            samesite="lax",
            path="/"
        )
        return response
    else:
-        # raise HTTPException(status_code=401, detail="Invalid credentials")
+        raise HTTPException(status_code=401, detail="Invalid credentials")
        return {"message": "successful"}
@app.get('/users', tags=["User"])
 async def get_users():
@@ -81,9 +102,27 @@ async def get_users():
    cursor.execute('SELECT * FROM users')
    rows = cursor.fetchall()
    conn.close()
    return rows
-# # Запуск сервера для теста
+@app.get('/verify', tags=["User"])
 async def verify_token_endpoint(request: Request):
    token = request.cookies.get('auth_token')
    if not token:
        raise HTTPException(status_code=401, detail="No token provided")
    try:
        payload = jwt.decode(
            token, 
            "95ad4fb1f2612c41ed299d5ca695945890c957fa", 
            algorithms=["HS256"]
        )
        return {"user": {"username": payload["username"]}}
    except jwt.ExpiredSignatureError:
        raise HTTPException(status_code=401, detail="Token expired")
    except jwt.InvalidTokenError:
        raise HTTPException(status_code=401, detail="Invalid token")
 # if __name__ == "__main__":
-#     uvicorn.run("main:app", port=8004, reload=True)
+#     uvicorn.run("main:app", host="0.0.0.0", port=8004, reload=True)
--- a/requirements.txt
+++ b/requirements.txt
Author	SHA1	Message	Date
Игорь Бандурист	5125116172	install All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 17:17:28 +10:00
Игорь Бандурист	e67a1fab5e	исправлено хеширование паролей All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:55:48 +10:00
Игорь Бандурист	21df98f575	requrements All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:49:51 +10:00
Игорь Бандурист	6965cc8d94	verify All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:37:13 +10:00
Игорь Бандурист	4128745309	cookie All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:33:02 +10:00
Игорь Бандурист	a9e4eb6223	опечатка All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 15:39:53 +10:00