Funktionstrennung 1.0

backend/auth/__init__.py

@@ -0,0 +1,9 @@
+from flask import Blueprint
+from auth.login import login_route
+from auth.logout import logout_route
+
+auth_bp = Blueprint('auth', __name__)
+
+# Endpunkte registrieren
+auth_bp.add_url_rule('/api/login', view_func=login_route, methods=['POST'])
+auth_bp.add_url_rule('/api/logout', view_func=logout_route, methods=['POST'])

backend/auth/login.py

@@ -0,0 +1,45 @@
+from flask import request, jsonify
+from mysql.connector import connect
+from werkzeug.security import check_password_hash
+from datetime import datetime, timedelta
+import jwt
+
+from util.logger import logger
+from util.db_config import load_db_config
+from auth.token import SECRET_KEY
+
+def login_route():
+    data = request.get_json()
+    username = data.get('username')
+    password = data.get('password')
+
+    try:
+        config = load_db_config()
+        conn = connect(**config)
+        cursor = conn.cursor(dictionary=True)
+        cursor.execute("SELECT * FROM users WHERE username = %s", (username,))
+        user = cursor.fetchone()
+        cursor.close()
+        conn.close()
+
+        if user and check_password_hash(user['password'], password):
+            logger.info(f"✅ Login successful: {username}")
+
+            payload = {
+                "username": user['username'],
+                "role": user['role'],
+                "exp": datetime.utcnow() + timedelta(minutes=60)
+            }
+            token = jwt.encode(payload, SECRET_KEY, algorithm="HS256")
+
+            return jsonify({
+                "token": token,
+                "role": user['role']
+            })
+
+        logger.warning(f"⛔ Login failed: {username}")
+        return jsonify({"message": "Login failed"}), 401
+
+    except Exception as e:
+        logger.error(f"[Login Error] {e}")
+        return jsonify({"message": "Server error"}), 500

backend/auth/logout.py

@@ -0,0 +1,6 @@
+from flask import jsonify
+from util.logger import logger
+
+def logout_route():
+    logger.info("👋 Logout called")
+    return jsonify({"message": "Logout successful"})

backend/auth/token.py

@@ -0,0 +1,22 @@
+from flask import request
+from jwt import decode, ExpiredSignatureError, InvalidTokenError
+from util.logger import logger
+
+SECRET_KEY = "bitte_hier_dein_geheimes_passwort_setzen"  # später .env verwenden
+
+def verify_token():
+    auth_header = request.headers.get("Authorization", "")
+    if not auth_header.startswith("Bearer "):
+        logger.warning("🔐 Invalid Bearer header")
+        return None
+
+    token = auth_header.replace("Bearer ", "")
+    try:
+        decoded = decode(token, SECRET_KEY, algorithms=["HS256"])
+        return decoded
+    except ExpiredSignatureError:
+        logger.warning("🔐 Token expired")
+        return None
+    except InvalidTokenError:
+        logger.warning("🔐 Invalid token")
+        return None