From 507f0d060da30a8f65bec8b2ac1f08837d536b4c Mon Sep 17 00:00:00 2001
From: cbdev <cb@cbcdn.com>
Date: Mon, 4 Jul 2022 19:21:34 +0200
Subject: Implement authentication modules for admin panel

---
 backend/LocalBasicAuth.py | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 backend/LocalBasicAuth.py

(limited to 'backend/LocalBasicAuth.py')

diff --git a/backend/LocalBasicAuth.py b/backend/LocalBasicAuth.py
new file mode 100644
index 0000000..967707c
--- /dev/null
+++ b/backend/LocalBasicAuth.py
@@ -0,0 +1,35 @@
+import config
+import utils
+import base64
+from passlib.apache import HtpasswdFile
+
+# This authentication provider reads a local Apache-style htpassword file
+# and performs HTTP Basic authentication.
+
+passwd_file = ".htpasswd"
+realm = "cargohold"
+
+def login(env, post):
+	auth = get(env)
+
+	if not auth:
+		return ["Please authenticate", [("WWW-Authenticate",'Basic realm="' + realm + '"')], "401 Authenticate"]
+
+	utils.ensure_user(auth["user"])
+	return utils.redirect("/admin")
+
+def get(env):
+	auth = env.get("HTTP_AUTHORIZATION", "")
+	if auth and auth.startswith("Basic "):
+		auth = str(base64.b64decode(auth[6:]), "utf-8").split(":")
+		try:
+			ht = HtpasswdFile(passwd_file)
+			if ht.check_password(auth[0], auth[1]):
+				return {"user": auth[0], "expire": None}
+		except IOError:
+			print("LocalBasicAuth: Failed to read credentials file at " + passwd_file)
+	return None
+
+def logout():
+	# TODO
+	return False
-- 
cgit v1.2.3