jackc/slop-farmer-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

basic password hashing and verification functions

Browse Source
This commit is contained in:
Jack Case
2025-10-20 12:57:20 +00:00
parent 96a91b6bc5
commit 0867fa9b9a
1 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
slopserver/server.py
View File

@@ -15,6 +15,8 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from sqlalchemy import create_engine from sqlalchemy import create_engine
from pwdlib import PasswordHash
from slopserver.models import Domain, Path, User from slopserver.models import Domain, Path, User
from slopserver.models import SlopReport from slopserver.models import SlopReport
from slopserver.db import select_slop, insert_slop, get_user from slopserver.db import select_slop, insert_slop, get_user
@@ -23,15 +25,36 @@ app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
temp_engine = create_engine("postgresql+psycopg://slop-farmer@192.168.1.163/slop-farmer") TEMP_ENGINE = create_engine("postgresql+psycopg://slop-farmer@192.168.1.163/slop-farmer")
TEMP_SECRET = "5bcc778a96b090c3ac1d587bb694a060eaf7bdb5832365f91d5078faf1fff210"
ALGO = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30
password_hash = PasswordHash.recommended()
def get_password_hash(password):
return password_hash.hash(password)
def verify_password(clear_password, hashed_password):
return password_hash.verify(clear_password, hashed_password)
def auth_user(email: str, password: str, db_engine):
# TODO Salt
user: User = get_user(email, db_engine)
if not user:
return False
if not verify_password(password, user.password_hash):
return False
return user
@app.post("/report") @app.post("/report")
async def report_slop(report: SlopReport): async def report_slop(report: SlopReport):
insert_slop(report.slop_urls, temp_engine) insert_slop(report.slop_urls, TEMP_ENGINE)
@app.post("/check") @app.post("/check")
async def check_slop(check: SlopReport): async def check_slop(check: SlopReport):
slop_results = select_slop(check.slop_urls, temp_engine) slop_results = select_slop(check.slop_urls, TEMP_ENGINE)
return slop_results return slop_results
async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]): async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
@@ -39,7 +62,7 @@ async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
@app.post("/token") @app.post("/token")
async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]): async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
user = get_user(form_data.username, temp_engine) user = get_user(form_data.username, TEMP_ENGINE)
if not user: if not user:
raise HTTPException(status_code=400, detail="Incorrect username or password") raise HTTPException(status_code=400, detail="Incorrect username or password")