From 8fa20b113fb5912aebafd5f0059f7cd260efbeb7 Mon Sep 17 00:00:00 2001
From: Eric Phillips <eric@ewpt3ch.com>
Date: Tue, 12 Oct 2021 22:43:15 -0600
Subject: [PATCH] auth functions

---
 flaskfdx/auth.py | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/flaskfdx/auth.py b/flaskfdx/auth.py
index bb16997..87221c1 100644
--- a/flaskfdx/auth.py
+++ b/flaskfdx/auth.py
@@ -40,3 +40,54 @@ def register():
         flash(error)
 
     return render_template('auth/register.html')
+
+@bp.route('/login', methods=('GET', 'POST'))
+def login():
+    if request.method == 'POST':
+        userid = request.form['userid']
+        password = request.form['password']
+        db = get_db()
+        error = None
+        user = db.execute(
+                'SELECT * FROM users WHERE userid =?', (userid,)
+        ).fetchone()
+
+        if user is None:
+            error = 'Incorrect username.'
+        elif not check_password_hash(user['password'], password):
+            error = 'Incorrect password.'
+
+        if error is None:
+            session.clear()
+            session['user_id'] = user['id']
+            return redirect(url_for('index'))
+
+        flash(error)
+
+    return render_template('auth/login.html')
+
+@bp.before_app_request
+def load_logged_in_user():
+    user_id = session.get('user_id')
+    
+    if user_id is None:
+        g.user = None
+    else:
+        g.user = get_db().execute(
+            'SELECT * FROM users WHERE id = ?', (user_id,)
+        ).fetchone()
+
+@bp.route('.logout')
+def logout():
+    session.clear()
+    return redirect(url_for('index'))
+
+def login_required(view):
+    @functools.wraps(view)
+    def wrapped_view(**kwargs):
+        if g.user is None:
+            return redirect(url_for('auth.login'))
+
+        return view(**kwargs)
+
+    return wrapped_view