Peter
ea90a3c9e3
Aenderungen: - E-Mail-Feld im Reservierungs-Formular hinzugefuegt (Pflichtfeld) - Math-Captcha durch Bild-Captcha (4 Zeichen) ersetzt - E-Mail-Validierung im Backend - Captcha-Validierung fuer Reservierungen - Pillow zu Dockerfile hinzugefuegt
36 lines
1.2 KiB
Python
36 lines
1.2 KiB
Python
"""Login und Captcha Routes"""
|
|
from flask import Blueprint, request, jsonify, session
|
|
from auth import generate_captcha, verify_captcha, check_admin_password
|
|
|
|
auth_bp = Blueprint('auth', __name__)
|
|
|
|
@auth_bp.route('/api/captcha', methods=['GET'])
|
|
def get_captcha():
|
|
captcha = generate_captcha()
|
|
# captcha enthaelt jetzt 'image' und 'token' (kein 'answer' mehr)
|
|
return jsonify({"image": captcha["image"], "token": captcha["token"]})
|
|
|
|
@auth_bp.route('/api/admin/login', methods=['POST'])
|
|
def admin_login():
|
|
data = request.get_json() or {}
|
|
password = data.get('password', '')
|
|
|
|
if check_admin_password(password):
|
|
session['user_role'] = 'admin'
|
|
session['login_time'] = __import__('time').time()
|
|
return jsonify({"status": "ok", "role": "admin"})
|
|
return jsonify({"error": "Invalid credentials"}), 401
|
|
|
|
@auth_bp.route('/api/admin/logout', methods=['POST'])
|
|
def admin_logout():
|
|
session.pop('user_role', None)
|
|
session.pop('login_time', None)
|
|
return jsonify({"status": "ok"})
|
|
|
|
@auth_bp.route('/api/session', methods=['GET'])
|
|
def check_session():
|
|
role = session.get('user_role')
|
|
if role:
|
|
return jsonify({"role": role, "logged_in": True})
|
|
return jsonify({"logged_in": False})
|