Password-Fortress/auth.py at main · EvanLo62/Password-Fortress · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
from flask import Blueprint, render_template, request, redirect, session, url_for, flash
from flask_login import login_user, logout_user, login_required
from werkzeug.security import generate_password_hash, check_password_hash
from models import User, db
import os

# 建立藍圖
auth_bp = Blueprint('auth', __name__)

# 註冊功能
@auth_bp.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        username = request.form['username']
        email = request.form['email']
        password = request.form['password']

        # 檢查密碼與確認密碼是否一致
        if password != request.form['confirm_password']:
            flash('密碼與確認密碼不一致，請再試一次。', 'error')
            return redirect(url_for('auth.register'))

        # 檢查使用者名稱是否存在
        existing_user = User.query.filter_by(username=username).first()
        if existing_user:
            flash('使用者名稱已存在，請選擇其他名稱。', 'error')
            return redirect(url_for('auth.register'))

        # 檢查信箱是否已存在
        existing_email = User.query.filter_by(email=email).first()
        if existing_email:
            flash('該信箱已被使用，請選擇其他信箱。', 'error')
            return redirect(url_for('auth.register'))

        # 生成專屬鹽值
        salt = os.urandom(16).hex()
        print (username+" "+salt)
        # 創建新使用者
        new_user = User(username=username,
                        email=email,
                        password=generate_password_hash(password, method='pbkdf2:sha256')
                        ,salt=salt)
        db.session.add(new_user)
        db.session.commit()

        flash('註冊成功，請登入！', 'success')
        return redirect(url_for('auth.login'))

    return render_template('register.html')

# 登入功能
@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        email = request.form['email']
        password = request.form['password']
        user = User.query.filter_by(email=email).first()

        if user and check_password_hash(user.password, password):
            login_user(user)
            session.pop('is_2fa_verified', None)  # 登入時清除二步驟驗證
            # 將導向改為 dashboard
            return redirect(url_for('dashboard.dashboard'))
        else:
            flash('帳號不存在或密碼錯誤! 請再試一次', 'error')
            return redirect(url_for('auth.login'))

    return render_template('login.html')

# 登出功能
@auth_bp.route('/logout', methods=['GET', 'POST'])
@login_required
def logout():
    session.clear()
    logout_user()
    return redirect(url_for('auth.login'))