Basic admin page

app.py

@@ -1,4 +1,4 @@
-from flask import Flask, render_template, redirect, request, flash, abort, Response, send_from_directory
+from flask import Flask, render_template, redirect, request, flash, abort, Response, send_from_directory, session
 import os
 import json
 import time
@@ -192,6 +192,42 @@ def enqueue():
         return redirect("/submit")
 
 
+@app.route("/admin")
+def admin_login_form():
+    if "username" in session:
+        return redirect("/dashboard")
+    return render_template("admin.html", recaptcha=recaptcha)
+
+
+@app.route("/login", methods=["POST"])
+def admin_login():
+
+    if recaptcha.verify():
+
+        username = request.form.get("username")
+        password = request.form.get("password")
+
+        if db.check_login(username, password):
+            session["username"] = username
+            flash("Logged in", "success")
+            return redirect("/dashboard")
+
+        flash("Invalid username/password combo", "danger")
+        return redirect("/admin")
+
+    else:
+        flash("Invalid captcha", "danger")
+        return redirect("/admin")
+
+
+@app.route("/dashboard")
+def admin_dashboard():
+    if "username" in session:
+        return render_template("dashboard.html")
+    else:
+        return abort(403)
+
+
 if __name__ == '__main__':
     if config.USE_SSL:
         context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)

database.py

@@ -2,6 +2,7 @@ import sqlite3
 import datetime
 import json
 import os
+import bcrypt
 
 
 class InvalidQueryException(Exception):
@@ -367,3 +368,29 @@ class Database:
 
             cursor.execute("DELETE FROM Website WHERE id=?", (website_id, ))
             conn.commit()
+
+    def check_login(self, username, password) -> bool:
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.cursor()
+
+            cursor.execute("SELECT password FROM Admin WHERE username=?", (username, ))
+
+            db_user = cursor.fetchone()
+
+            if db_user:
+                return bcrypt.checkpw(password.encode(), db_user[0])
+            return False
+
+    def generate_login(self, username, password) -> None:
+
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.cursor()
+
+            hashed_pw = bcrypt.hashpw(password.encode(), bcrypt.gensalt(14))
+
+            cursor.execute("INSERT INTO Admin (username, password) VALUES (?,?)", (username, hashed_pw))
+            conn.commit()
+
+
+
+

init_script.sql

@@ -42,6 +42,11 @@ CREATE TABLE Queue (
   priority INTEGER
 );
 
+CREATE TABLE Admin (
+  username TEXT PRIMARY KEY NOT NULL,
+  password TEXT
+)
+
 -- Full Text Index
 
 CREATE VIRTUAL TABLE File_index USING fts5 (

requirements.txt

@@ -8,3 +8,4 @@ Flask-Caching
 praw
 humanfriendly
 apscheduler
+bcrypt

templates/admin.html

@@ -0,0 +1,26 @@
+{% extends "layout.html" %}
+{% set title = "Admin login - OD-Database" %}
+
+{% block body %}
+    <div class="container">
+        <div class="card">
+            <div class="card-header">Admin login</div>
+            <div class="card-body">
+                <form action="/login" method="post">
+
+                    <div class="form-group">
+                        <input class="form-control" name="username" placeholder="Username">
+                    </div>
+                    <div class="form-group">
+                        <input class="form-control" name="password" placeholder="Password" type="password">
+                    </div>
+
+                    {{ recaptcha.get_code()|safe }}
+
+                    <input type="submit" value="Login">
+
+                </form>
+            </div>
+        </div>
+    </div>
+{% endblock body %}

templates/dashboard.html

@@ -0,0 +1,13 @@
+{% extends "layout.html" %}
+{% set title = "Dashboard - OD-Database" %}
+
+{% block body %}
+    <div class="container">
+    <div class="card">
+        <div class="card-header">Dashboard</div>
+        <div class="card-body">
+            todo
+        </div>
+    </div>
+    </div>
+{% endblock body %}