Initial app

1 files changed, 122 insertions, 0 deletions

diff --git a/main.py b/main.py
index e69de29..8ead667 100644
--- a/main.py
+++ b/main.py
@@ -0,0 +1,122 @@
+from flask import Flask, request, render_template, redirect, make_response
+import mariadb
+import argon2
+import tomllib as toml
+import secrets
+from dataclasses import dataclass
+from threading import Timer
+from time import time
+
+
+@dataclass
+class User:
+    username: str
+    expire: int
+    timer: Timer
+
+
+def createUserSession(username: str) -> str:
+    session_id = secrets.token_urlsafe(16)
+    verifiedUsers.add(username)
+    verifiedSessions[session_id] = User(
+        username, time() + app.config["SESSION_TIMEOUT"], None
+    )
+    timer = Timer(app.config["SESSION_TIMEOUT"], expireSession, args=[session_id])
+    timer.start()
+    verifiedSessions[session_id].timer = timer
+    return session_id
+
+
+def expireSession(session_id: str):
+    if not verifiedSessions.get(session_id):
+        return
+    userSession: User = verifiedSessions[session_id]
+    userSession.timer.cancel()
+    verifiedUsers.remove(userSession.username)
+    del verifiedSessions[session_id]
+
+
+def configurationReader():
+    with open("config.toml", "r") as config_file:
+        config = toml.load(config_file)
+        app.config["DB_HOST"] = config["database"]["host"]
+        app.config["DB_USER"] = config["database"]["user"]
+        app.config["DB_PASSWORD"] = config["database"]["password"]
+        app.config["DB_NAME"] = config["database"]["name"]
+        app.config["DB_PORT"] = config["database"]["port"]
+        app.config["SESSION_TIMEOUT"] = config["session"]["timeout"]
+
+
+verifiedUsers = set()
+verifiedSessions = dict()
+app = Flask(__name__)
+
+configurationReader()
+
+
+@app.route("/")
+def index():
+    if request.cookies.get("lnsession"):
+        session_id = request.cookies.get("lnsession")
+        if verifiedSessions.get(session_id):
+            return render_template("index.html", logged_in=True)
+    return render_template("index.html", logged_in=False)
+
+
+@app.route("/login", methods=["POST"])
+def login():
+    page = request.args.get("page")
+    username = request.form.get("username")
+    password = request.form.get("password")
+    mariadb_connection = mariadb.connect(
+        user=app.config["DB_USER"],
+        password=app.config["DB_PASSWORD"],
+        host=app.config["DB_HOST"],
+        port=app.config["DB_PORT"],
+        database=app.config["DB_NAME"],
+    )
+    cur = mariadb_connection.cursor()
+    cur.execute("SELECT password FROM users WHERE username = ?", (username,))
+    result = cur.fetchone()
+    cur.close()
+    mariadb_connection.close()
+    if result is None:
+        return render_template("login.html", error="Invalid username or password"), 401
+
+    stored_password = result[0]
+    ph = argon2.PasswordHasher()
+    try:
+        ph.verify(stored_password, password)
+    except argon2.exceptions.VerifyMismatchError:
+        return render_template("login.html", error="Invalid username or password"), 401
+    if page is None:
+        page = "/"
+
+    token = createUserSession(username)
+    resp = make_response(redirect(page))
+    resp.set_cookie("lnsession", token, max_age=app.config["SESSION_TIMEOUT"])
+
+    return resp
+
+
+@app.route("/login", methods=["GET"])
+def login_get():
+    return render_template("login.html")
+
+
+@app.route("/logout")
+def logout():
+    session_id = request.cookies.get("lnsession")
+    if verifiedSessions.get(session_id):
+        expireSession(session_id)
+    resp = make_response(redirect("/"))
+    resp.set_cookie("lnsession", "", expires=0)
+    return resp
+
+
+@app.route("/api_logged_in")
+def api_logged_in():
+    session_id = request.cookies.get("lnsession")
+    if verifiedSessions.get(session_id):
+        return {"logged_in": True}
+    return {"logged_in": False}