Peter
51 lines
1.5 KiB
Python
51 lines
1.5 KiB
Python
import os
|
|
import hashlib
|
|
import random
|
|
import time
|
|
from functools import wraps
|
|
from flask import session, request, jsonify
|
|
|
|
# Config
|
|
ADMIN_PASSWORD_HASH = os.environ.get('ADMIN_PASSWORD', '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi')
|
|
SECRET_KEY = os.environ.get('SESSION_SECRET', 'dev-secret-change-in-production')
|
|
|
|
def generate_captcha():
|
|
a = random.randint(1, 15)
|
|
b = random.randint(1, 15)
|
|
op = random.choice(['+', '-'])
|
|
if op == '+':
|
|
answer = a + b
|
|
else:
|
|
answer = a - b
|
|
token = hashlib.sha256(f"{a}{op}{b}{int(time.time()/600)}captcha".encode()).hexdigest()[:16]
|
|
return {
|
|
"question": f"{a} {op} {b} = ?",
|
|
"token": token,
|
|
"answer": answer
|
|
}
|
|
|
|
def verify_captcha(token, answer):
|
|
if not token or not answer:
|
|
return False
|
|
stored = session.get('captcha_answer')
|
|
if stored and str(stored) == str(answer):
|
|
session.pop('captcha_answer', None)
|
|
return True
|
|
return False
|
|
|
|
def require_auth(role='admin'):
|
|
def decorator(f):
|
|
@wraps(f)
|
|
def decorated(*args, **kwargs):
|
|
if 'user_role' not in session:
|
|
return jsonify({"error": "Unauthorized"}), 401
|
|
if role == 'admin' and session['user_role'] != 'admin':
|
|
return jsonify({"error": "Admin required"}), 403
|
|
return f(*args, **kwargs)
|
|
return decorated
|
|
return decorator
|
|
|
|
def check_admin_password(password):
|
|
from werkzeug.security import check_password_hash
|
|
return check_password_hash(ADMIN_PASSWORD_HASH, password)
|