Nirdoan/Tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Security, code quality and frontend improvements

Browse Source 
- Move SECRET_KEY out of docker-compose into .env (env_file), add .env.example
- Add flask-limiter with 10 req/min on login route; introduce util/limiter.py
- Replace direct mysql.connector.connect() calls with MySQLConnectionPool via util/db_pool.py
- Fix deprecated datetime.utcnow() -> datetime.now(timezone.utc) in auth/login.py
- Remove dead /api/scripts 410 route from admin.py
- Add MD5 security warning in Md5Tool.jsx
- Add ErrorBoundary component and wrap App.jsx
- Expand README with setup guide, screenshot and project structure

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Nirodan
2026-04-24 13:52:53 +02:00
parent 8e2c2d740e
commit 80ec5eca7b
12 changed files with 232 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/auth/login.py
+8 -7
View File
@@ -1,13 +1,15 @@
from flask import request, jsonify
from mysql.connector import connect
from werkzeug.security import check_password_hash
from datetime import datetime, timedelta
from datetime import datetime, timedelta, timezone
import jwt
from util.logger import logger
from util.db_config import load_config
from util.db_pool import get_connection
from util.limiter import limiter
from auth.token import SECRET_KEY
@limiter.limit("10 per minute")
def login_route():
data = request.get_json()
username = data.get('username')
@@ -18,8 +20,7 @@ def login_route():
return jsonify({"message": "Server misconfigured"}), 500
try:
config = load_config()
conn = connect(**config)
conn = get_connection()
cursor = conn.cursor(dictionary=True)
cursor.execute("SELECT * FROM users WHERE username = %s", (username,))
user = cursor.fetchone()
@@ -27,12 +28,12 @@ def login_route():
conn.close()
if user and check_password_hash(user['password'], password):
logger.info(f"Login successful: {username}")
logger.info(f"Login successful: {username}")
payload = {
"username": user['username'],
"role": user['role'],
"exp": datetime.utcnow() + timedelta(minutes=60)
"exp": datetime.now(timezone.utc) + timedelta(minutes=60)
}
token = jwt.encode(payload, SECRET_KEY, algorithm="HS256")