From ce36859cf0a17481fce4ee28e236be153f1236e6 Mon Sep 17 00:00:00 2001 From: Nirodan Date: Tue, 17 Jun 2025 11:01:33 +0200 Subject: [PATCH] Logger in login + token verify --- backend/app.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/backend/app.py b/backend/app.py index 82df706..b00729f 100644 --- a/backend/app.py +++ b/backend/app.py @@ -108,11 +108,12 @@ def login(): conn.close() if user and check_password_hash(user['password'], password): - # JWT generieren + logger.info(f"✅ Login erfolgreich: {username}") + payload = { "username": user['username'], "role": user['role'], - "exp": datetime.utcnow() + timedelta(minutes=60) # Token läuft nach 60 Min ab + "exp": datetime.utcnow() + timedelta(minutes=60) } token = jwt.encode(payload, SECRET_KEY, algorithm="HS256") @@ -121,13 +122,13 @@ def login(): "role": user['role'] }) + logger.warning(f"⛔ Login fehlgeschlagen: {username}") return jsonify({"message": "Login fehlgeschlagen"}), 401 except Exception as e: - print("[Login-Fehler]", e) + logger.error(f"[Login-Fehler] {e}") return jsonify({"message": "Serverfehler"}), 500 - @app.route('/api/logout', methods=['POST']) def logout(): # Aktuell macht das nichts, aber der Client bekommt Bestätigung @@ -136,19 +137,21 @@ def logout(): def verify_token(): auth_header = request.headers.get("Authorization", "") if not auth_header.startswith("Bearer "): + logger.warning("🔐 Kein gültiger Bearer-Header") return None token = auth_header.replace("Bearer ", "") try: decoded = decode(token, SECRET_KEY, algorithms=["HS256"]) - return decoded # enthält z. B. username, role, exp + return decoded except ExpiredSignatureError: - print("[JWT] Token abgelaufen") + logger.warning("🔐 Token abgelaufen") return None except InvalidTokenError: - print("[JWT] Ungültiger Token") + logger.warning("🔐 Ungültiger Token") return None + @app.route('/api/hash/md5', methods=['POST']) def hash_md5(): logger.info("🔁 /api/hash/md5 aufgerufen")