Add authentication
This commit is contained in:
hansi
93
app/auth.py
93
app/auth.py
@@ -0,0 +1,93 @@
|
||||
import sqlite3
|
||||
from contextlib import closing
|
||||
|
||||
import bcrypt
|
||||
import streamlit as st
|
||||
|
||||
from db import get_conn
|
||||
|
||||
def create_user(username: str, password: str, role: str = "user") -> bool:
|
||||
pw_hash = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
|
||||
try:
|
||||
with closing(get_conn()) as conn, conn:
|
||||
conn.execute(
|
||||
"INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)",
|
||||
(username, pw_hash, role),
|
||||
)
|
||||
return True
|
||||
except sqlite3.IntegrityError:
|
||||
return False
|
||||
|
||||
|
||||
def verify_user(username: str, password: str):
|
||||
with closing(get_conn()) as conn:
|
||||
row = conn.execute(
|
||||
"SELECT password_hash, role FROM users WHERE username = ?",
|
||||
(username,),
|
||||
).fetchone()
|
||||
if not row:
|
||||
return False, None
|
||||
stored_hash, role = row
|
||||
ok = bcrypt.checkpw(password.encode("utf-8"), stored_hash)
|
||||
return (ok, role) if ok else (False, None)
|
||||
|
||||
|
||||
# ---------- Session / Helper ----------
|
||||
def set_session_user(username: str, role: str):
|
||||
st.session_state["auth"] = True
|
||||
st.session_state["username"] = username
|
||||
st.session_state["role"] = role
|
||||
|
||||
|
||||
def clear_session_user():
|
||||
for k in ["auth", "username", "role"]:
|
||||
st.session_state.pop(k, None)
|
||||
|
||||
|
||||
def is_authenticated() -> bool:
|
||||
return bool(st.session_state.get("auth"))
|
||||
|
||||
|
||||
def current_user():
|
||||
"""(username, role) oder (None, None)"""
|
||||
return st.session_state.get("username"), st.session_state.get("role")
|
||||
|
||||
|
||||
def ensure_logged_in():
|
||||
"""
|
||||
Am Anfang jeder Page aufrufen.
|
||||
Wenn kein Login: Login-View anzeigen und Script stoppen.
|
||||
"""
|
||||
if not is_authenticated():
|
||||
login_view()
|
||||
st.stop()
|
||||
|
||||
|
||||
# ---------- UI ----------
|
||||
def login_view():
|
||||
st.title("Intranet Login")
|
||||
|
||||
with st.form("login"):
|
||||
u = st.text_input("Username")
|
||||
p = st.text_input("Passwort", type="password")
|
||||
submitted = st.form_submit_button("Anmelden")
|
||||
|
||||
if submitted:
|
||||
ok, role = verify_user(u.strip(), p)
|
||||
if ok:
|
||||
set_session_user(u.strip(), role)
|
||||
st.success("Erfolgreich angemeldet.")
|
||||
st.rerun()
|
||||
else:
|
||||
st.error("Login fehlgeschlagen.")
|
||||
|
||||
|
||||
def authed_header():
|
||||
username, role = current_user()
|
||||
if not username:
|
||||
return
|
||||
|
||||
st.sidebar.write(f"Angemeldet als **{username}** ({role})")
|
||||
if st.sidebar.button("Logout"):
|
||||
clear_session_user()
|
||||
st.rerun()
|
||||
10
app/db.py
10
app/db.py
@@ -0,0 +1,10 @@
|
||||
import sqlite3
|
||||
from pathlib import Path
|
||||
|
||||
BASE_DIR = Path(__file__).resolve().parent.parent
|
||||
DB_PATH = BASE_DIR / "data" / "app.db"
|
||||
|
||||
|
||||
def get_conn():
|
||||
# check_same_thread=False, damit Streamlit mehrere Threads nutzen kann
|
||||
return sqlite3.connect(DB_PATH, check_same_thread=False)
|
||||
|
||||
Reference in New Issue
Block a user