TEMP_spec_system_V2/routes/auth.py

from flask import Blueprint, render_template, request, redirect, url_for, flash
from flask_login import login_user, logout_user, login_required, current_user
from werkzeug.security import check_password_hash
from models import User, db
from datetime import datetime
from werkzeug.security import check_password_hash, generate_password_hash

auth_bp = Blueprint('auth', __name__)

@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    # 如果使用者已經登入，直接重新導向到總表，不顯示登入頁
    if current_user.is_authenticated:
        return redirect(url_for('temp_spec.spec_list'))

    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        user = User.query.filter_by(username=username).first()

        if user and check_password_hash(user.password_hash, password):
            login_user(user)
            user.last_login = datetime.now()
            db.session.commit()
            return redirect(url_for('temp_spec.spec_list'))
        else:
            flash('帳號或密碼錯誤，請重新輸入', 'danger')

    return render_template('login.html')

@auth_bp.route('/register', methods=['GET', 'POST'])
def register():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        confirm_password = request.form['confirm_password']

        # 檢查使用者名稱是否已存在
        if User.query.filter_by(username=username).first():
            flash('此使用者名稱已被註冊，請更換一個。', 'danger')
            return redirect(url_for('auth.register'))
        
        # 檢查兩次密碼輸入是否一致
        if password != confirm_password:
            flash('兩次輸入的密碼不一致。', 'danger')
            return redirect(url_for('auth.register'))

        # 建立新使用者，預設角色為 'viewer'
        new_user = User(
            username=username,
            password_hash=generate_password_hash(password),
            role='viewer' 
        )
        db.session.add(new_user)
        db.session.commit()
        
        flash('帳號建立成功！您現在可以登入了。', 'success')
        return redirect(url_for('auth.login'))

    return render_template('register.html')

@auth_bp.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('auth.login'))