real backend for auth
This commit is contained in:
parent
c232be79ee
commit
26dfc8fb6c
7
photoapp/common.py
Normal file
7
photoapp/common.py
Normal file
@ -0,0 +1,7 @@
|
||||
import hashlib
|
||||
|
||||
|
||||
def pwhash(password):
|
||||
h = hashlib.sha256()
|
||||
h.update(password.encode("UTF-8"))
|
||||
return h.hexdigest()
|
@ -3,10 +3,11 @@ import cherrypy
|
||||
import logging
|
||||
from datetime import datetime, timedelta
|
||||
from photoapp.library import PhotoLibrary
|
||||
from photoapp.types import Photo, PhotoSet, Tag, TagItem, PhotoStatus
|
||||
from photoapp.types import Photo, PhotoSet, Tag, TagItem, PhotoStatus, User
|
||||
from jinja2 import Environment, FileSystemLoader, select_autoescape
|
||||
from sqlalchemy import desc
|
||||
from sqlalchemy import func, and_, or_
|
||||
from photoapp.common import pwhash
|
||||
import math
|
||||
from urllib.parse import urlparse
|
||||
|
||||
@ -486,8 +487,10 @@ def main():
|
||||
'error_page.404': web.error}
|
||||
|
||||
def validate_password(realm, username, password):
|
||||
print("I JUST VALIDATED {}:{} ({})".format(username, password, realm))
|
||||
return True
|
||||
s = library.session()
|
||||
if s.query(User).filter(User.name == username, User.password == pwhash(password)).first():
|
||||
return True
|
||||
return False
|
||||
|
||||
cherrypy.tree.mount(web, '/', {'/': web_config,
|
||||
'/static': {"tools.staticdir.on": True,
|
||||
|
@ -87,3 +87,19 @@ class TagItem(Base):
|
||||
set = relationship("PhotoSet", back_populates="tags", foreign_keys=[set_id])
|
||||
|
||||
UniqueConstraint(tag_id, set_id)
|
||||
|
||||
|
||||
class UserStatus(enum.Enum):
|
||||
banned = -1
|
||||
guest = 0
|
||||
normal = 1
|
||||
admin = 2
|
||||
|
||||
|
||||
class User(Base):
|
||||
__tablename__ = 'users'
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
name = Column(String(length=64), unique=True)
|
||||
password = Column(String(length=64)) # sha256
|
||||
status = Column(Enum(UserStatus), default=UserStatus.normal)
|
||||
|
56
photoapp/users.py
Normal file
56
photoapp/users.py
Normal file
@ -0,0 +1,56 @@
|
||||
import argparse
|
||||
from photoapp.library import PhotoLibrary
|
||||
from photoapp.types import User
|
||||
from photoapp.common import pwhash
|
||||
|
||||
|
||||
def create_user(library, username, password):
|
||||
s = library.session()
|
||||
s.add(User(name=username, password=pwhash(password)))
|
||||
s.commit()
|
||||
|
||||
|
||||
def list_users(library):
|
||||
s = library.session()
|
||||
print("id\tname")
|
||||
for user in s.query(User).order_by(User.name).all():
|
||||
print("{}\t{}".format(user.id, user.name))
|
||||
|
||||
|
||||
def delete_user(library, username):
|
||||
s = library.session()
|
||||
u = s.query(User).filter(User.name == username).first()
|
||||
s.delete(u)
|
||||
s.commit()
|
||||
print("Deleted user {}".format(u.id))
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="User manipulation tool")
|
||||
p_mode = parser.add_subparsers(dest='action', help='action to take')
|
||||
|
||||
p_create = p_mode.add_parser('create', help='create user')
|
||||
p_create.add_argument("-u", "--username", help="username", required=True)
|
||||
p_create.add_argument("-p", "--password", help="password", required=True)
|
||||
|
||||
p_list = p_mode.add_parser('list', help='list users')
|
||||
|
||||
p_delete = p_mode.add_parser('delete', help='delete users')
|
||||
p_delete.add_argument("-u", "--username", help="username", required=True)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
library = PhotoLibrary("photos.db", "./library/", "./cache/")
|
||||
|
||||
if args.action == "create":
|
||||
create_user(library, args.username, args.password)
|
||||
elif args.action == "list":
|
||||
list_users(library)
|
||||
elif args.action == "delete":
|
||||
delete_user(library, args.username)
|
||||
else:
|
||||
parser.print_help()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue
Block a user