More login shenanigens

config.ini.example

@@ -7,6 +7,8 @@ captchachars: ABCDEFGHIJKLMNOPQRSTUVWXYZ
 port: 8050
 
 [Login]
+# Secret Key, please change to something custom
+secretkey: secret_key_here
 # The port the server should run on
 port: 8040
 # The location of the maddy database

login/login.py

@@ -1,4 +1,4 @@
-from flask import Flask, render_template, request
+from flask import Flask, render_template, request, redirect, url_for, make_response
 import bcrypt
 import sqlite3
 import configparser
@@ -8,15 +8,18 @@ from waitress import serve
 
 config = configparser.ConfigParser()
 config.read("../config.ini")
+secretkey = config.get("Login", "secretkey")
 database = config.get("Login", "database")
 runport = config.get("Login", "port")
 
 # Status report
 
 print("HectaMail Login Service is starting up...")
+print("Your secret key is:", secretkey)
 print("Your database is located at:", database)
 
 app = Flask(__name__)
+app.secret_key = secretkey
 
 def fetch_hash_from_database(key):
     conn = sqlite3.connect(database)
@@ -42,16 +45,25 @@ def login():
     key_to_fetch = request.form['email']
     password_to_check = request.form['password']
 
-    go_script_hash = fetch_hash_from_database(key_to_fetch)
+    passwordhash = fetch_hash_from_database(key_to_fetch)
 
-    if go_script_hash:
-        is_password_valid = verify_bcrypt(password_to_check, go_script_hash)
+    if passwordhash:
+        is_password_valid = verify_bcrypt(password_to_check, passwordhash)
         if is_password_valid:
-            return "Logged in successfully"
+            response = make_response("Logged in!")
+            response.set_cookie('passwordhash', passwordhash)
+            return response
         else:
             return "Incorrect email or password"
     else:
         return "Email not found in the database"
 
+@app.route('/dashboard')
+def dashboard():
+    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
+        return render_template('dashboard.html')
+    else:
+        return redirect(url_for('index'))
+
 if __name__ == '__main__':
     serve(app, host='0.0.0.0', port=runport)

login/static/css/main.css

@@ -0,0 +1,81 @@
+@import url('https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@100&display=swap');
+
+body {
+    color: white;
+    text-align: center;
+    font-family: Roboto Mono;
+    background-color: rgb(20, 10, 30);
+}
+
+input {
+    padding: 10px;
+    background-color: rgb(67, 0, 166);
+    color: white;
+    border-style: none;
+    border-radius: 5px;
+    margin-top: 5px;
+}
+
+button {
+    padding: 10px;
+    background-color: rgb(67, 0, 166);
+    color: white;
+    border-style: none;
+    border-radius: 5px;
+    margin-top: 5px;
+}
+
+.pswdbox {
+    margin-top: 5px;
+}
+
+.spacer {
+    margin-top: 5px;
+}
+
+.spacer2 {
+    margin-top: 30px;
+}
+
+input[type="password"],
+input[type="text"] {
+    background-color: rgb(91, 91, 91);
+}
+
+.headerbar {
+    position: fixed;
+    top: 0px;
+    left: 0px;
+    right: 0px;
+    background-color: #23064f;
+    height: 60px;
+    align-items: center;
+    display: flex;
+}
+
+.content {
+    position: fixed;
+    left: 0px;
+    right: 0px;
+    top: 60px;
+}
+
+.main {
+    font-size: 20px;
+    padding: 20px;
+    color: white;
+    text-decoration: none;
+    font-weight: bold;
+    background-color: #140a1e
+}
+
+a {
+    padding: 20px;
+    font-size: 18px;
+    text-decoration: none;
+    color: white;
+}
+
+a:hover {
+    background-color: #140a1e
+}

login/templates/dashboard.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html><head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+    <title>HectaMail</title>
+    <link rel="stylesheet" href="/static/css/main.css" media="">
+</head>
+<body>
+    <div class="headerbar">
+        <a href="https://mail.hectabit.org/">HectaMail</a>
+        <a href="https://mail.hectabit.org/register">Sign up</a>
+        <a class="main" href="https://mail.hectabit.org/login">Account</a>
+    </div>
+    <div class="content">
+        <h1>Account management</h1>
+        <button onclick="location.href = '/login/changepass';">Change Password</button>
+        <button onclick="location.href = '/login/deleteacct';">Delete Account</button>
+</div>
+<style type="text/css"></style>
+</body></html>

login/templates/index.html

@@ -8,12 +8,12 @@
     <div class="headerbar">
         <a href="/">HectaMail</a>
         <a href="/register">Sign up</a>
-        <a class="main" href="/login/api">Login</a>
+        <a class="main" href="/login">Login</a>
     </div>
     <div class="content">
         <h1>Login to your Email Account</h1>
 	<p1>Warning! This is only a proof of concept and has no actual use!</p1>
-        <form method="POST" action="/login">
+        <form method="POST" action="/login/api">
             <label for="username">Email</label>
 	    <div class="spacer">
                 <input type="text" name="email" required="">