Passwort hashen

2025-06-16 10:24:54 +02:00
parent eb674efe9a
commit 492bc31393
3 changed files with 15 additions and 11 deletions
@@ -75,6 +75,8 @@ def serve_react(path):
@app.route('/api/login', methods=['POST'])
 def login():
    from mysql.connector import connect, Error
+    from werkzeug.security import check_password_hash
+
    data = request.get_json()
    username = data.get('username')
    password = data.get('password')
@@ -83,24 +85,25 @@ def login():
        config = lade_db_config()
        conn = connect(**config)
        cursor = conn.cursor(dictionary=True)
-        cursor.execute("SELECT * FROM users WHERE username = %s AND password = %s", (username, password))
+        cursor.execute("SELECT * FROM users WHERE username = %s", (username,))
        user = cursor.fetchone()
        cursor.close()
        conn.close()

-        if user:
+        if user and check_password_hash(user['password'], password):
            return jsonify({
-                "token": "mock-token",  # später JWT etc.
+                "token": "mock-token",
                "role": user['role']
            })
-        else:
-            return jsonify({"message": "Login fehlgeschlagen"}), 401
+
+        return jsonify({"message": "Login fehlgeschlagen"}), 401

    except Error as e:
        print("[Fehler bei /api/login]:", e)
        return jsonify({"message": "Serverfehler"}), 500


+
 if __name__ == '__main__':
    os.makedirs("config", exist_ok=True)
    app.run(host='127.0.0.1', port=5000)