From 0add02928aa7c413a62fa96a7d3c01c62d264cdb Mon Sep 17 00:00:00 2001
From: Tracker-Friendly <jliwin98@danwin1210.de>
Date: Sun, 19 Nov 2023 21:54:36 +0000
Subject: [PATCH] More login shenanigens

---
 config.ini.example             |  2 +
 login/login.py                 | 22 ++++++---
 login/static/css/main.css      | 81 ++++++++++++++++++++++++++++++++++
 login/templates/dashboard.html | 19 ++++++++
 login/templates/index.html     |  4 +-
 5 files changed, 121 insertions(+), 7 deletions(-)
 create mode 100755 login/static/css/main.css
 create mode 100644 login/templates/dashboard.html

diff --git a/config.ini.example b/config.ini.example
index 5f4b067..a2f0144 100644
--- a/config.ini.example
+++ b/config.ini.example
@@ -7,6 +7,8 @@ captchachars: ABCDEFGHIJKLMNOPQRSTUVWXYZ
 port: 8050
 
 [Login]
+# Secret Key, please change to something custom
+secretkey: secret_key_here
 # The port the server should run on
 port: 8040
 # The location of the maddy database
diff --git a/login/login.py b/login/login.py
index d11cb0d..a33f2dc 100644
--- a/login/login.py
+++ b/login/login.py
@@ -1,4 +1,4 @@
-from flask import Flask, render_template, request
+from flask import Flask, render_template, request, redirect, url_for, make_response
 import bcrypt
 import sqlite3
 import configparser
@@ -8,15 +8,18 @@ from waitress import serve
 
 config = configparser.ConfigParser()
 config.read("../config.ini")
+secretkey = config.get("Login", "secretkey")
 database = config.get("Login", "database")
 runport = config.get("Login", "port")
 
 # Status report
 
 print("HectaMail Login Service is starting up...")
+print("Your secret key is:", secretkey)
 print("Your database is located at:", database)
 
 app = Flask(__name__)
+app.secret_key = secretkey
 
 def fetch_hash_from_database(key):
     conn = sqlite3.connect(database)
@@ -42,16 +45,25 @@ def login():
     key_to_fetch = request.form['email']
     password_to_check = request.form['password']
 
-    go_script_hash = fetch_hash_from_database(key_to_fetch)
+    passwordhash = fetch_hash_from_database(key_to_fetch)
 
-    if go_script_hash:
-        is_password_valid = verify_bcrypt(password_to_check, go_script_hash)
+    if passwordhash:
+        is_password_valid = verify_bcrypt(password_to_check, passwordhash)
         if is_password_valid:
-            return "Logged in successfully"
+            response = make_response("Logged in!")
+            response.set_cookie('passwordhash', passwordhash)
+            return response
         else:
             return "Incorrect email or password"
     else:
         return "Email not found in the database"
 
+@app.route('/dashboard')
+def dashboard():
+    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
+        return render_template('dashboard.html')
+    else:
+        return redirect(url_for('index'))
+
 if __name__ == '__main__':
     serve(app, host='0.0.0.0', port=runport)
diff --git a/login/static/css/main.css b/login/static/css/main.css
new file mode 100755
index 0000000..48459b1
--- /dev/null
+++ b/login/static/css/main.css
@@ -0,0 +1,81 @@
+@import url('https://fonts.googleapis.com/css2?family=Roboto+Mono:wght@100&display=swap');
+
+body {
+    color: white;
+    text-align: center;
+    font-family: Roboto Mono;
+    background-color: rgb(20, 10, 30);
+}
+
+input {
+    padding: 10px;
+    background-color: rgb(67, 0, 166);
+    color: white;
+    border-style: none;
+    border-radius: 5px;
+    margin-top: 5px;
+}
+
+button {
+    padding: 10px;
+    background-color: rgb(67, 0, 166);
+    color: white;
+    border-style: none;
+    border-radius: 5px;
+    margin-top: 5px;
+}
+
+.pswdbox {
+    margin-top: 5px;
+}
+
+.spacer {
+    margin-top: 5px;
+}
+
+.spacer2 {
+    margin-top: 30px;
+}
+
+input[type="password"],
+input[type="text"] {
+    background-color: rgb(91, 91, 91);
+}
+
+.headerbar {
+    position: fixed;
+    top: 0px;
+    left: 0px;
+    right: 0px;
+    background-color: #23064f;
+    height: 60px;
+    align-items: center;
+    display: flex;
+}
+
+.content {
+    position: fixed;
+    left: 0px;
+    right: 0px;
+    top: 60px;
+}
+
+.main {
+    font-size: 20px;
+    padding: 20px;
+    color: white;
+    text-decoration: none;
+    font-weight: bold;
+    background-color: #140a1e
+}
+
+a {
+    padding: 20px;
+    font-size: 18px;
+    text-decoration: none;
+    color: white;
+}
+
+a:hover {
+    background-color: #140a1e
+}
diff --git a/login/templates/dashboard.html b/login/templates/dashboard.html
new file mode 100644
index 0000000..086b5c9
--- /dev/null
+++ b/login/templates/dashboard.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html><head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+    <title>HectaMail</title>
+    <link rel="stylesheet" href="/static/css/main.css" media="">
+</head>
+<body>
+    <div class="headerbar">
+        <a href="https://mail.hectabit.org/">HectaMail</a>
+        <a href="https://mail.hectabit.org/register">Sign up</a>
+        <a class="main" href="https://mail.hectabit.org/login">Account</a>
+    </div>
+    <div class="content">
+        <h1>Account management</h1>
+        <button onclick="location.href = '/login/changepass';">Change Password</button>
+        <button onclick="location.href = '/login/deleteacct';">Delete Account</button>
+</div>
+<style type="text/css"></style>
+</body></html>
diff --git a/login/templates/index.html b/login/templates/index.html
index 4aa0e71..3f8821b 100644
--- a/login/templates/index.html
+++ b/login/templates/index.html
@@ -8,12 +8,12 @@
     <div class="headerbar">
         <a href="/">HectaMail</a>
         <a href="/register">Sign up</a>
-        <a class="main" href="/login/api">Login</a>
+        <a class="main" href="/login">Login</a>
     </div>
     <div class="content">
         <h1>Login to your Email Account</h1>
 	<p1>Warning! This is only a proof of concept and has no actual use!</p1>
-        <form method="POST" action="/login">
+        <form method="POST" action="/login/api">
             <label for="username">Email</label>
 	    <div class="spacer">
                 <input type="text" name="email" required="">