Add session-state and cookies

app/main_authenticator.py

@@ -0,0 +1,87 @@
+# app/main.py
+import streamlit as st
+import yaml
+from yaml.loader import SafeLoader
+import streamlit_authenticator as stauth
+
+from auth_core import (
+    init_auth_db,
+    load_credentials_from_db,
+    get_role_for_user,
+    create_user,
+)
+from version import __version__
+
+
+def content_for(username: str, role: str):
+    st.header("Dashboard")
+    st.info(f"Willkommen, {username}!")
+
+    if role == "admin":
+        st.subheader("Admin-Bereich")
+        st.write("Nur Admins sehen das hier.")
+
+        with st.expander("Neuen Nutzer anlegen"):
+            new_u = st.text_input("Neuer Username", key="new_u")
+            new_email = st.text_input("E-Mail", key="new_email")
+            new_p = st.text_input("Neues Passwort", type="password", key="new_p")
+            new_role = st.selectbox("Rolle", ["user", "admin"], key="new_role")
+
+            if st.button("Anlegen"):
+                if new_u and new_p:
+                    ok = create_user(new_u.strip(), new_p, new_role, new_email.strip() or None)
+                    st.success("Nutzer angelegt.") if ok else st.error("Username bereits vorhanden oder Fehler.")
+                else:
+                    st.warning("Bitte Username und Passwort eingeben.")
+
+    st.subheader("Dein Bereich")
+    st.write(f"Personalisierter Content für **{username}**.")
+
+
+def main():
+    st.set_page_config(
+        page_title=f"Intranet-Portal v{__version__}",
+        page_icon="🔒",
+        layout="centered",
+    )
+
+    # DB-Struktur sicherstellen
+    init_auth_db()
+
+    # --- Config laden (Cookie, etc.) ---
+    with open("config/auth.yaml", "r", encoding="utf-8") as f:
+        base_config = yaml.load(f, Loader=SafeLoader)
+
+    # --- Credentials dynamisch aus DB laden ---
+    db_creds = load_credentials_from_db()
+    base_config["credentials"] = db_creds
+
+    authenticator = stauth.Authenticate(
+        base_config["credentials"],
+        base_config["cookie"]["name"],
+        base_config["cookie"]["key"],
+        base_config["cookie"]["expiry_days"],
+        base_config.get("preauthorized", {}),
+    )
+
+    name, auth_status, username = authenticator.login("Login", "main")
+
+    if auth_status is False:
+        st.error("Login fehlgeschlagen.")
+        return
+
+    if auth_status is None:
+        st.warning("Bitte Benutzername und Passwort eingeben.")
+        return
+
+    # ---- Ab hier eingeloggt (persistenter Cookie) ----
+    role = get_role_for_user(username)
+
+    authenticator.logout("Logout", "sidebar")
+    st.sidebar.write(f"Angemeldet als **{name}** ({username}, Rolle: {role})")
+
+    content_for(username, role)
+
+
+if __name__ == "__main__":
+    main()