65 lines
2.4 KiB
Python
65 lines
2.4 KiB
Python
from flask import request, session, redirect, url_for, render_template, g, jsonify
|
|
import bcrypt
|
|
import secrets
|
|
from db import get_db
|
|
from models import Account, ActiveSession
|
|
import logging
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
def login_required(f):
|
|
def decorated_function(*args, **kwargs):
|
|
if not check_login(session, logger):
|
|
return redirect(url_for('login_route'))
|
|
return f(*args, **kwargs)
|
|
decorated_function.__name__ = f.__name__
|
|
return decorated_function
|
|
|
|
def check_login(session, logger):
|
|
if 'logged_in' not in session or not session['logged_in']:
|
|
logger.info("セッションにログイン情報がありません")
|
|
return False
|
|
|
|
db = get_db()
|
|
active_session_count = db.query(ActiveSession).filter_by(session_id=session['session_id']).count()
|
|
if active_session_count != 1:
|
|
logger.info(f"セッションID {session['session_id']} のアクティブセッション数: {active_session_count}")
|
|
return False
|
|
return True
|
|
|
|
def login():
|
|
if request.method == 'POST':
|
|
user_id = request.form['user_id']
|
|
password = request.form['password'].encode('utf-8')
|
|
db = get_db()
|
|
account = db.query(Account).filter_by(user_id=user_id).first()
|
|
if account and bcrypt.checkpw(password, account.password.encode('utf-8')):
|
|
active_sessions = db.query(ActiveSession).count()
|
|
if active_sessions >= 1:
|
|
return "他のユーザーが既にログインしています。", 403
|
|
session['logged_in'] = True
|
|
new_session = ActiveSession(session_id=session['session_id'])
|
|
db.add(new_session)
|
|
db.commit()
|
|
return redirect(url_for('index_route'))
|
|
else:
|
|
return "Invalid credentials", 403
|
|
return render_template('login.html')
|
|
|
|
def logout():
|
|
db = get_db()
|
|
db.query(ActiveSession).filter_by(session_id=session['session_id']).delete()
|
|
db.commit()
|
|
session.clear()
|
|
return redirect(url_for('login_route'))
|
|
|
|
def create_account():
|
|
user_id = secrets.token_hex(8)
|
|
password = secrets.token_hex(16)
|
|
hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
|
|
db = get_db()
|
|
new_account = Account(user_id=user_id, password=hashed_password.decode('utf-8'))
|
|
db.add(new_account)
|
|
db.commit()
|
|
return jsonify({'message': 'アカウントが作成されました', 'user_id': user_id, 'password': password})
|