Done

2025-08-20 15:13:31 +08:00
commit 825aa2e60f
30 changed files with 2136 additions and 0 deletions
--- a/routes/auth.py
+++ b/routes/auth.py
@@ -0,0 +1,66 @@
+from flask import Blueprint, render_template, request, redirect, url_for, flash
+from flask_login import login_user, logout_user, login_required, current_user
+from werkzeug.security import check_password_hash
+from models import User, db
+from datetime import datetime
+from werkzeug.security import check_password_hash, generate_password_hash
+
+auth_bp = Blueprint('auth', __name__)
+
+@auth_bp.route('/login', methods=['GET', 'POST'])
+def login():
+    # 如果使用者已經登入，直接重新導向到總表，不顯示登入頁
+    if current_user.is_authenticated:
+        return redirect(url_for('temp_spec.spec_list'))
+
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        user = User.query.filter_by(username=username).first()
+
+        if user and check_password_hash(user.password_hash, password):
+            login_user(user)
+            user.last_login = datetime.now()
+            db.session.commit()
+            return redirect(url_for('temp_spec.spec_list'))
+        else:
+            flash('帳號或密碼錯誤，請重新輸入', 'danger')
+
+    return render_template('login.html')
+
+@auth_bp.route('/register', methods=['GET', 'POST'])
+def register():
+    if request.method == 'POST':
+        username = request.form['username']
+        password = request.form['password']
+        confirm_password = request.form['confirm_password']
+
+        # 檢查使用者名稱是否已存在
+        if User.query.filter_by(username=username).first():
+            flash('此使用者名稱已被註冊，請更換一個。', 'danger')
+            return redirect(url_for('auth.register'))
+        
+        # 檢查兩次密碼輸入是否一致
+        if password != confirm_password:
+            flash('兩次輸入的密碼不一致。', 'danger')
+            return redirect(url_for('auth.register'))
+
+        # 建立新使用者，預設角色為 'viewer'
+        new_user = User(
+            username=username,
+            password_hash=generate_password_hash(password),
+            role='viewer' 
+        )
+        db.session.add(new_user)
+        db.session.commit()
+        
+        flash('帳號建立成功！您現在可以登入了。', 'success')
+        return redirect(url_for('auth.login'))
+
+    return render_template('register.html')
+
+@auth_bp.route('/logout')
+@login_required
+def logout():
+    logout_user()
+    return redirect(url_for('auth.login'))