install

исправлено хеширование паролей
requrements
2026-05-31 17:17:28 +10:00 · 2026-05-31 16:55:48 +10:00 · 2026-05-31 16:49:51 +10:00 · 2026-05-31 16:37:13 +10:00 · 2026-05-31 16:33:02 +10:00 · 2026-05-31 15:39:53 +10:00
2 changed files with 64 additions and 25 deletions
--- a/main.py
+++ b/main.py
@@ -1,11 +1,12 @@
-
-from fastapi import FastAPI, HTTPException, Depends
-from fastapi.middleware.cors import CORSMiddleware  # <-- добавлено
+from fastapi import FastAPI, HTTPException, Depends, Request
+from fastapi.responses import JSONResponse
+from fastapi.middleware.cors import CORSMiddleware
 from pydantic import BaseModel
 import sqlite3
-from passlib.context import CryptContext
 import uvicorn
 from werkzeug.security import generate_password_hash, check_password_hash
+import jwt
+import datetime

 app = FastAPI(title="Work BD Auth API",
              description="API для авторизации и регистрации",
@@ -13,38 +14,39 @@ app = FastAPI(title="Work BD Auth API",

 app.add_middleware(
    CORSMiddleware,
-    allow_origins=["http://localhost:5173, https://allowlgroup.ru/, https://allowlgroup.ru"],  # или список конкретных доменов
+    allow_origins=[
+        "http://localhost:5173",
+        "https://allowlgroup.ru",
+    ],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
 )
+
 DB_PATH = 'users.db'

-# Инициализация базы данных
 def init_db():
    conn = sqlite3.connect(DB_PATH)
    cursor = conn.cursor()
    cursor.execute('''CREATE TABLE IF NOT EXISTS users (
-                        id INTEGER PRIMARY KEY AUTOINCREMENT,
-                        username TEXT UNIQUE NOT NULL,
-                        password TEXT NOT NULL)''')
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        username TEXT UNIQUE NOT NULL,
+        password TEXT NOT NULL)''')
    conn.commit()
    conn.close()
+
 init_db()

-# Pydantic модель для входящих данных
 class UserIn(BaseModel):
    username: str
    password: str

-
@app.post('/register', status_code=201, tags=["User"])
 async def register(user: UserIn):
    if not user.username or not user.password:
        raise HTTPException(status_code=400, detail="Username and password required")
    
    hashed_password = generate_password_hash(user.password)
-
    try:
        conn = sqlite3.connect(DB_PATH)
        cursor = conn.cursor()
@@ -58,7 +60,6 @@ async def register(user: UserIn):

@app.post('/login', tags=["User"])
 async def login(user: UserIn):
-    print(user)
    if not user.username or not user.password:
        raise HTTPException(status_code=400, detail="Username and password required")
    
@@ -69,10 +70,30 @@ async def login(user: UserIn):
    conn.close()
    
    if row and check_password_hash(row[0], user.password):
-        return {"message": "Login successful"}
+        token = jwt.encode({
+            "username": user.username,
+            "exp": datetime.datetime.utcnow() + datetime.timedelta(days=30)
+        }, "95ad4fb1f2612c41ed299d5ca695945890c957fa", algorithm="HS256")
+        
+        response = JSONResponse(content={"message": "Login successful", "token": token})
+        response.set_cookie(
+            key="auth_token",
+            value=token,
+            max_age=30*24*60*60,
+            httponly=True,
+            samesite="lax",
+            path="/"
+        )
+        response.set_cookie(
+            key="username",
+            value=user.username,
+            max_age=30*24*60*60,
+            samesite="lax",
+            path="/"
+        )
+        return response
    else:
-        # raise HTTPException(status_code=401, detail="Invalid credentials")
-        return {"message": "successful"}
+        raise HTTPException(status_code=401, detail="Invalid credentials")

@app.get('/users', tags=["User"])
 async def get_users():
@@ -81,9 +102,27 @@ async def get_users():
    cursor.execute('SELECT * FROM users')
    rows = cursor.fetchall()
    conn.close()
-
    return rows

-# # Запуск сервера для теста
+@app.get('/verify', tags=["User"])
+async def verify_token_endpoint(request: Request):
+    token = request.cookies.get('auth_token')
+    
+    if not token:
+        raise HTTPException(status_code=401, detail="No token provided")
+    
+    try:
+        payload = jwt.decode(
+            token, 
+            "95ad4fb1f2612c41ed299d5ca695945890c957fa", 
+            algorithms=["HS256"]
+        )
+        return {"user": {"username": payload["username"]}}
+    except jwt.ExpiredSignatureError:
+        raise HTTPException(status_code=401, detail="Token expired")
+    except jwt.InvalidTokenError:
+        raise HTTPException(status_code=401, detail="Invalid token")
+
+
 # if __name__ == "__main__":
-#     uvicorn.run("main:app", port=8004, reload=True)
+#     uvicorn.run("main:app", host="0.0.0.0", port=8004, reload=True)
--- a/requirements.txt
+++ b/requirements.txt
Author	SHA1	Message	Date
Игорь Бандурист	5125116172	install All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 17:17:28 +10:00
Игорь Бандурист	e67a1fab5e	исправлено хеширование паролей All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:55:48 +10:00
Игорь Бандурист	21df98f575	requrements All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:49:51 +10:00
Игорь Бандурист	6965cc8d94	verify All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:37:13 +10:00
Игорь Бандурист	4128745309	cookie All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 16:33:02 +10:00
Игорь Бандурист	a9e4eb6223	опечатка All checks were successful continuous-integration/drone/push Build is passing Details	2026-05-31 15:39:53 +10:00