Added admin_auth for apps independent of admin_app

2025-05-16 19:52:01 +02:00 · 2025-05-16 19:52:01 +02:00 · f689dc5f63
commit f689dc5f63
parent 779605ee7c
4 changed files with 145 additions and 9 deletions
--- a/paramecio2/modules/admin/libraries/admin_auth.py
+++ b/paramecio2/modules/admin/libraries/admin_auth.py
@ -0,0 +1,48 @@
+from flask import g, request, redirect, session, url_for
+from paramecio2.libraries.db.webmodel import WebModel
+from settings import config
+
+def admin_prepare():
+
+    g.connection=WebModel.connection()
+    
+    if request.endpoint!='admin_app.login' and request.endpoint!='admin_app.signup' and request.endpoint!='admin_app.need_auth' and request.endpoint!='admin_app.auth_check':
+        
+        if 'login_admin' not in session:
+            
+            if 'remember_login_admin' in request.cookies:
+                
+                with g.connection.query('select count(id) as count_id from useradmin where token_login=%s', [request.cookies['remember_login_admin']]) as cursor:
+                    
+                    arr_count=cursor.fetchone()
+
+                    if arr_count['count_id']==0:
+                        
+                        url_redirect=config.domain_url+url_for('admin_app.login', _external=False)
+                        
+                        return redirect(url_redirect)   
+                    else:
+                        
+                        session['login_admin']=True
+            
+            else:
+                
+                url_redirect=config.domain_url+url_for('admin_app.login', _external=False)
+                
+                return redirect(url_redirect)   
+        else:
+            
+            #print(session['verify_auth'])
+            if request.endpoint!='admin_app.logout':
+            
+                if not session.get('verify_auth', True):
+                    
+                    url_redirect=config.domain_url+url_for('admin_app.need_auth', _external=False)
+                    
+                    return redirect(url_redirect)   
+
+def admin_finished(response):
+    
+    g.connection.close()
+    
+    return response
--- a/paramecio2/modules/admin/libraries/check_login_tries.py
+++ b/paramecio2/modules/admin/libraries/check_login_tries.py
@ -0,0 +1,74 @@
+from paramecio2.libraries.i18n import I18n, PGetText
+from paramecio2.libraries.mtemplates import env_theme, PTemplate
+from paramecio2.modules.admin.models.admin import UserAdmin, LoginTries
+from paramecio2.libraries.db.webmodel import WebModel
+from paramecio2.libraries.db import simplequery
+from settings import config
+from paramecio2.libraries.datetime import now, format_local_strtime, timestamp_to_datetime, obtain_timestamp
+from paramecio2.libraries.keyutils import create_key_encrypt, create_key
+from time import time
+#from paramecio2.wsgiapp import app
+#from paramecio2.modules.admin2 import admin_app
+#from bottle import request, redirect, Bottle, response
+from flask import request, redirect
+#from paramecio2.modules.admin.libraries.loginplugin import check_login
+#from paramecio2.libraries.sessionplugin import SessionPlugin
+#from paramecio2.libraries.httputils import GetPostFiles
+from paramecio2.libraries.formsutils import check_form, csrf_token
+from paramecio2.libraries.db.coreforms import PasswordForm
+from paramecio2.libraries.sendmail import SendMail
+#from paramecio2.modules.admin.libraries.config import modules_admin
+
+login_tries=5
+
+if hasattr(config, 'login_tries'):
+    login_tries=config.login_tries
+
+seconds_login=300
+
+if hasattr(config, 'seconds_login'):
+    seconds_login=config.seconds_login
+
+
+def check_login_tries(request, db):
+    
+    logintries=LoginTries(db)
+    
+    logintries.safe_query()
+    
+    #ip=request.environ.get('HTTP_X_FORWARDED_FOR') or request.environ.get('REMOTE_ADDR')
+    
+    
+    if 'x-real-ip' in request.headers:
+        ip=request.headers['x-real-ip']
+    elif 'x-forwarded-for' in request.headers:
+        ip=request.headers['x-forwarded-for']
+    else:
+        ip=request.client.host
+    
+    you_cannot_login=0
+    
+    now_str=now()
+    date_now=format_local_strtime('YYYY-MM-DD HH:mm:ss', now_str)
+    
+    date_check=format_local_strtime('YYYY-MM-DD HH:mm:ss', timestamp_to_datetime(obtain_timestamp(now_str)-seconds_login))
+    
+    logintries.query('delete from logintries where last_login<%s', [date_check])
+    
+    arr_try=logintries.set_conditions('WHERE ip=%s', [ip]).select_a_row_where()
+    
+    if arr_try:
+        
+        if arr_try['num_tries']<login_tries:
+        
+            logintries.query('update logintries set num_tries=num_tries+1, last_login=%s WHERE ip=%s', [date_now, ip])
+            
+        else:
+            
+            you_cannot_login=1
+            
+    else:
+        
+        logintries.query('insert into logintries (`ip`, `num_tries`, `last_login`) VALUES (%s, %s, %s)', [ip, 1, date_now])
+
+    return you_cannot_login