transient.chat/blueprints/auth.py
2026-05-12 18:50:49 -05:00

50 lines
1.5 KiB
Python

from flask import Blueprint, request, jsonify
from datetime import datetime, timezone
import os
import secrets
from models.state import user_sessions, user_ips, banned_ips, banned_usernames
auth_bp = Blueprint("auth", __name__)
def generate_user_key(length=16):
return secrets.token_urlsafe(16)
@auth_bp.route("/register", methods=["POST"])
def register():
data = request.get_json()
username = data.get("username")
user_ip = request.remote_addr
if not username:
return jsonify({"error": "No username provided"}), 400
if username in user_sessions:
return jsonify({"error": "Username taken"}), 409
if user_ip in banned_ips:
return jsonify({"error": "IP banned"}), 403
if username in banned_usernames:
return jsonify({"error": "Username banned"}), 403
user_key = generate_user_key()
user_sessions[username] = {
"key": user_key,
"last_active": datetime.now(timezone.utc).isoformat(),
}
user_ips[username] = user_ip
return jsonify({"username": username, "key": user_key})
@auth_bp.route("/validate", methods=["POST"])
def validate():
data = request.get_json()
username = data.get("username")
key = data.get("key")
session = user_sessions.get(username)
if session and session["key"] == key:
session["last_active"] = datetime.now(timezone.utc).isoformat()
return jsonify({"status": "valid"})
return jsonify({"error": "Invalid credentials"}), 403