Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor

2026-05-10 21:07:50 +03:00
commit 8d9df56b0b
364 changed files with 73655 additions and 0 deletions
@@ -0,0 +1,76 @@
+from datetime import datetime
+from flask import Blueprint, render_template, redirect, url_for, flash, request, make_response, current_app
+from flask_login import login_user, logout_user, login_required, current_user
+from werkzeug.security import check_password_hash
+import jwt
+
+from app.extensions import db
+from app.models.user import PortalUser
+
+bp = Blueprint('auth', __name__)
+
+
+def _issue_portal_cookie(user, response):
+    """Sign and attach the platform-wide JWT cookie to a response."""
+    import time
+    expiry_hours = current_app.config['JWT_EXPIRY_HOURS']
+    now = int(time.time())
+    payload = {
+        'sub': user.username,
+        'user_id': user.id,
+        'email': user.email,
+        'role': 'admin' if user.is_admin else 'user',
+        'apps': user.get_accessible_apps(),
+        'iss': 'enterprise-digital-platform',
+        'iat': now,
+        'exp': now + expiry_hours * 3600,
+    }
+    token = jwt.encode(payload, current_app.config['PORTAL_JWT_SECRET'], algorithm='HS256')
+    response.set_cookie(
+        current_app.config['PORTAL_COOKIE_NAME'],
+        token,
+        httponly=True,
+        samesite='Lax',
+        max_age=expiry_hours * 3600,
+        path='/',
+    )
+    return response
+
+
+@bp.route('/login', methods=['GET', 'POST'])
+def login():
+    if current_user.is_authenticated:
+        return redirect(url_for('dashboard.index'))
+
+    if request.method == 'POST':
+        username = request.form.get('username', '').strip()
+        password = request.form.get('password', '')
+
+        if not username or not password:
+            flash('Please enter username and password.', 'danger')
+            return render_template('auth/login.html')
+
+        user = PortalUser.query.filter_by(username=username, is_active=True).first()
+        if user and check_password_hash(user.password_hash, password):
+            user.last_login = datetime.utcnow()
+            db.session.commit()
+            login_user(user, remember=False)
+
+            next_page = request.args.get('next') or url_for('dashboard.index')
+            resp = make_response(redirect(next_page))
+            _issue_portal_cookie(user, resp)
+            return resp
+
+        flash('Invalid username or password.', 'danger')
+
+    return render_template('auth/login.html')
+
+
+@bp.route('/logout')
+@login_required
+def logout():
+    logout_user()
+    resp = make_response(redirect(url_for('auth.login')))
+    resp.delete_cookie(current_app.config['PORTAL_COOKIE_NAME'], path='/')
+    flash('You have been signed out.', 'info')
+    return resp