OkunElya/PC-Seq-Exam-WebApp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vunerability added

Browse Source
This commit is contained in:
OkunElya
2025-12-15 23:05:11 +10:00
parent 641df7cfe8
commit 661fee131e
1 changed files with 115 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
src/app.py
View File

@@ -1,11 +1,13 @@
import sqlite3
from fastapi import FastAPI
from fastapi import Request, Form
from fastapi.responses import HTMLResponse, RedirectResponse
DB_PATH = "./data/database.db"
conn = sqlite3.connect(DB_PATH)
cursor = conn.cursor()
cursor.execute("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, login TEXT NOT NULL UNIQUE, password TEXT NOT NULL)")
cursor.execute("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTOINCREMENT, login TEXT NOT NULL UNIQUE, password TEXT NOT NULL)")
app = FastAPI(
docs_url=None, # Disable Swagger UI
@@ -14,6 +16,116 @@ app = FastAPI(
)
@app.get("/")
@app.get("/register", response_class=HTMLResponse)
async def register_form():
return """
<html>
<head><title>Регистрация</title></head>
<body>
<h2>Регистрация</h2>
<form action="/register" method="post">
<input name="login" placeholder="Login" required><br>
<input name="password" type="password" placeholder="Password" required><br>
<button type="submit">Register</button>
</form>
<p>Уже есть аккаунт? <a href="/login">Войти</a></p>
</body>
</html>
"""
@app.post("/register")
async def register(login: str = Form(...), password: str = Form(...)):
try:
cursor.execute("INSERT INTO users (login, password) VALUES (?, ?)", (login, password))
conn.commit()
response = RedirectResponse(url="/welcome", status_code=302)
response.set_cookie("login", login)
response.set_cookie("password", password)
return response
except sqlite3.IntegrityError:
return HTMLResponse("""
<html>
<head><title>Ошибка регистрации</title></head>
<body>
<h3>Login уже существует</h3>
<a href='/register'>Попробовать снова</a>
</body>
</html>
""", status_code=400)
@app.get("/login", response_class=HTMLResponse)
async def login_form():
return """
<html>
<head><title>Вход</title></head>
<body>
<h2>Вход</h2>
<form action="/login" method="post">
<input name="login" placeholder="Login" required><br>
<input name="password" type="password" placeholder="Password" required><br>
<button type="submit">Login</button>
</form>
<p>Нет аккаунта? <a href="/register">Зарегистрироваться</a></p>
</body>
</html>
"""
@app.post("/login")
async def login(login: str = Form(...), password: str = Form(...)):
cursor.execute("SELECT * FROM users WHERE login=? AND password=?", (login, password))
user = cursor.fetchone()
if user:
response = RedirectResponse(url="/welcome", status_code=302)
response.set_cookie("login", login)
response.set_cookie("password", password)
return response
else:
return HTMLResponse("""
<html>
<head><title>Ошибка входа</title></head>
<body>
<h3>Неверные учетные данные</h3>
<a href='/login'>Попробовать снова</a>
</body>
</html>
""", status_code=401)
@app.get("/welcome", response_class=HTMLResponse)
async def welcome(request: Request):
login = request.cookies.get("login")
password = request.cookies.get("password")
if not login or not password:
return RedirectResponse(url="/login")
cursor.execute("SELECT * FROM users WHERE login=? AND password=?", (login, password))
user = cursor.fetchone()
if user:
return f"""
<html>
<head><title>Добро пожаловать</title></head>
<body>
<h1>Привет, {login}</h1>
<form action="/logout" method="post" onsubmit="return logoutAlert();">
<button type="submit">Выйти</button>
</form>
<script>
function logoutAlert() {{
alert('Вы вышли из аккаунта');
return true;
}}
</script>
</body>
</html>
"""
else:
return RedirectResponse(url="/login")
@app.post("/logout")
async def logout():
response = RedirectResponse(url="/login", status_code=302)
response.delete_cookie("login")
response.delete_cookie("password")
return response
@app.get("/", include_in_schema=False)
async def root():
return {"message": "Hello World"}
return RedirectResponse(url="/login")