v2.1: Security - Captcha, Admin-Login, Auth-Decorator

app/login_routes.py

@@ -0,0 +1,35 @@
+"""Login und Captcha Routes"""
+from flask import Blueprint, request, jsonify, session
+from auth import generate_captcha, verify_captcha, check_admin_password
+
+auth_bp = Blueprint('auth', __name__)
+
+@auth_bp.route('/api/captcha', methods=['GET'])
+def get_captcha():
+    captcha = generate_captcha()
+    session['captcha_answer'] = captcha['answer']
+    return jsonify({"question": captcha['question'], "token": captcha['token']})
+
+@auth_bp.route('/api/admin/login', methods=['POST'])
+def admin_login():
+    data = request.get_json() or {}
+    password = data.get('password', '')
+    
+    if check_admin_password(password):
+        session['user_role'] = 'admin'
+        session['login_time'] = __import__('time').time()
+        return jsonify({"status": "ok", "role": "admin"})
+    return jsonify({"error": "Invalid credentials"}), 401
+
+@auth_bp.route('/api/admin/logout', methods=['POST'])
+def admin_logout():
+    session.pop('user_role', None)
+    session.pop('login_time', None)
+    return jsonify({"status": "ok"})
+
+@auth_bp.route('/api/session', methods=['GET'])
+def check_session():
+    role = session.get('user_role')
+    if role:
+        return jsonify({"role": role, "logged_in": True})
+    return jsonify({"role": None, "logged_in": False})