hectamail-website/login/login.py

70 lines
2.0 KiB
Python

from flask import Flask, render_template, request, redirect, url_for, make_response
import bcrypt
import sqlite3
import configparser
from waitress import serve
# Load from config.ini
config = configparser.ConfigParser()
config.read("../config.ini")
secretkey = config.get("Login", "secretkey")
database = config.get("Login", "database")
runport = config.get("Login", "port")
# Status report
print("HectaMail Login Service is starting up...")
print("Your secret key is:", secretkey)
print("Your database is located at:", database)
app = Flask(__name__)
app.secret_key = secretkey
def fetch_hash_from_database(key):
conn = sqlite3.connect(database)
cursor = conn.cursor()
cursor.execute("SELECT value FROM passwords WHERE key = ?", (key,))
result = cursor.fetchone()
conn.close()
if result:
return result[0][7:] # Remove the first 7 characters
else:
return None
def verify_bcrypt(passphrase, hashed_password):
return bcrypt.checkpw(passphrase.encode('utf-8'), hashed_password.encode('utf-8'))
@app.route('/')
def index():
return render_template('index.html')
@app.route('/api', methods=['POST'])
def login():
key_to_fetch = request.form['email']
password_to_check = request.form['password']
passwordhash = fetch_hash_from_database(key_to_fetch)
if passwordhash:
is_password_valid = verify_bcrypt(password_to_check, passwordhash)
if is_password_valid:
response = make_response("Logged in!")
response.set_cookie('passwordhash', passwordhash)
return response
else:
return "Incorrect email or password"
else:
return "Email not found in the database"
@app.route('/dashboard')
def dashboard():
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
return render_template('dashboard.html')
else:
return redirect(url_for('index'))
if __name__ == '__main__':
serve(app, host='0.0.0.0', port=runport)