From bfd1d704af7cf3fa7ee1a7a24d6cfd916c3f8222 Mon Sep 17 00:00:00 2001 From: iris1801 <44752281+iris1801@users.noreply.github.com> Date: Sun, 7 Sep 2025 22:25:57 +0200 Subject: [PATCH] Update app.py --- app.py | 46 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/app.py b/app.py index fab183a..a76361e 100644 --- a/app.py +++ b/app.py @@ -1,4 +1,4 @@ -from flask import Flask, render_template, request, redirect, url_for, flash, jsonify +from flask import Flask, render_template, request, redirect, url_for, flash, jsonify, session from flask_sqlalchemy import SQLAlchemy from datetime import datetime import os @@ -8,6 +8,9 @@ app.config['SECRET_KEY'] = 'your-secret-key-change-this-in-production' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///roadmap.db' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +# Password per l'admin (cambia questa!) +ADMIN_PASSWORD = 'admin123' + db = SQLAlchemy(app) # Modello Database @@ -43,16 +46,39 @@ def index(): current_milestone=settings.current_milestone_id, project_name=settings.project_name) -# Route admin +# Route per il login admin +@app.route('/admin/login', methods=['GET', 'POST']) +def admin_login(): + if request.method == 'POST': + password = request.form.get('password') + if password == ADMIN_PASSWORD: + session['admin_logged_in'] = True + return redirect(url_for('admin')) + else: + flash('Password non corretta!') + return render_template('admin_login.html', error=True) + + return render_template('admin_login.html') + +# Route per il logout admin +@app.route('/admin/logout') +def admin_logout(): + session.pop('admin_logged_in', None) + return redirect(url_for('index')) + +# Route admin protetta @app.route('/admin') def admin(): + if 'admin_logged_in' not in session: + return redirect(url_for('admin_login')) + milestones = Milestone.query.order_by(Milestone.order).all() settings = ProjectSettings.query.first() return render_template('admin.html', milestones=milestones, settings=settings) -# API per gestire milestone +# API per gestire milestone (protette) @app.route('/api/milestone/') def get_milestone(id): milestone = Milestone.query.get_or_404(id) @@ -67,6 +93,9 @@ def get_milestone(id): @app.route('/api/milestone', methods=['POST']) def create_milestone(): + if 'admin_logged_in' not in session: + return jsonify({'error': 'Unauthorized'}), 401 + data = request.json milestone = Milestone( title=data['title'], @@ -81,6 +110,9 @@ def create_milestone(): @app.route('/api/milestone/', methods=['PUT']) def update_milestone(id): + if 'admin_logged_in' not in session: + return jsonify({'error': 'Unauthorized'}), 401 + milestone = Milestone.query.get_or_404(id) data = request.json @@ -95,6 +127,9 @@ def update_milestone(id): @app.route('/api/milestone/', methods=['DELETE']) def delete_milestone(id): + if 'admin_logged_in' not in session: + return jsonify({'error': 'Unauthorized'}), 401 + milestone = Milestone.query.get_or_404(id) db.session.delete(milestone) db.session.commit() @@ -102,6 +137,9 @@ def delete_milestone(id): @app.route('/api/settings', methods=['POST']) def update_settings(): + if 'admin_logged_in' not in session: + return jsonify({'error': 'Unauthorized'}), 401 + settings = ProjectSettings.query.first() if not settings: settings = ProjectSettings() @@ -202,4 +240,4 @@ def init_db(): if __name__ == '__main__': init_db() - app.run(debug=True) + app.run(host='0.0.0.0', port=5000, debug=True) \ No newline at end of file