from flask import request, session, redirect, url_for, render_template, g, jsonify import bcrypt import secrets from db import get_db from models import Account, ActiveSession import logging logger = logging.getLogger(__name__) def login_required(f): def decorated_function(*args, **kwargs): if not check_login(session, logger): return redirect(url_for('login_route')) return f(*args, **kwargs) decorated_function.__name__ = f.__name__ return decorated_function def check_login(session, logger): if 'logged_in' not in session or not session['logged_in']: logger.info("セッションにログイン情報がありません") return False db = get_db() active_session_count = db.query(ActiveSession).filter_by(session_id=session['session_id']).count() if active_session_count != 1: logger.info(f"セッションID {session['session_id']} のアクティブセッション数: {active_session_count}") return False return True def login(): if request.method == 'POST': user_id = request.form['user_id'] password = request.form['password'].encode('utf-8') db = get_db() account = db.query(Account).filter_by(user_id=user_id).first() if account and bcrypt.checkpw(password, account.password.encode('utf-8')): active_sessions = db.query(ActiveSession).count() if active_sessions >= 1: return "他のユーザーが既にログインしています。", 403 session['logged_in'] = True new_session = ActiveSession(session_id=session['session_id']) db.add(new_session) db.commit() return redirect(url_for('index_route')) else: return "Invalid credentials", 403 return render_template('login.html') def logout(): db = get_db() db.query(ActiveSession).filter_by(session_id=session['session_id']).delete() db.commit() session.clear() return redirect(url_for('login_route')) def create_account(): user_id = secrets.token_hex(8) password = secrets.token_hex(16) hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) db = get_db() new_account = Account(user_id=user_id, password=hashed_password.decode('utf-8')) db.add(new_account) db.commit() return jsonify({'message': 'アカウントが作成されました', 'user_id': user_id, 'password': password})