Add authentication system and admin dashboard

Security Features: - Added User model with bcrypt password hashing - Implemented Flask-Login for session management - Protected all API write operations with @login_required decorator - Added authentication routes (login/logout) Admin Dashboard: - Created comprehensive admin dashboard with statistics - Profile management interface - Skills management (add/edit/delete) - Projects management with full CRUD operations - Social links management - Modern responsive UI with Bootstrap 5 New Files: - models.py: Added User model with bcrypt - routes/auth.py: Login/logout functionality - routes/admin.py: Complete admin dashboard with CRUD operations - templates/auth/login.html: Login page - templates/admin/base.html: Admin base template - templates/admin/dashboard.html: Main dashboard - templates/admin/profile.html: Profile editor - templates/admin/skills.html: Skills manager - templates/admin/projects.html: Projects list - templates/admin/project_form.html: Project editor - templates/admin/social_links.html: Social links manager Modified Files: - app.py: Integrated Flask-Login and bcrypt, registered new blueprints - requirements.txt: Added Flask-Login, Flask-Bcrypt, bcrypt - init_db.py: Creates default admin user (admin/admin123) - routes/api.py: Protected all write operations with authentication Default Credentials: - Username: admin - Password: admin123 - ⚠️ MUST be changed after first login! Benefits: - Secure API access with session-based authentication - User-friendly admin interface for content management - No need to edit code or database directly - Bcrypt password hashing for security - Protected against unauthorized access
2025-11-13 13:49:36 +00:00
parent c6425235a2
commit aa2c704bfb
15 changed files with 1159 additions and 4 deletions
--- a/app.py
+++ b/app.py
@@ -4,10 +4,13 @@
 # Copyright Hersel Giannella

 from flask import Flask, send_from_directory
+from flask_login import LoginManager
 from config import config
-from models import db
+from models import db, bcrypt, User
 from routes.home import route_home
 from routes.api import route_api
+from routes.auth import route_auth
+from routes.admin import route_admin

 app = Flask(
    __name__,
@@ -21,8 +24,21 @@ app.config['SQLALCHEMY_DATABASE_URI'] = config.SQLALCHEMY_DATABASE_URI
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = config.SQLALCHEMY_TRACK_MODIFICATIONS
 app.config['SQLALCHEMY_ECHO'] = config.SQLALCHEMY_ECHO

-# Initialize database
+# Initialize extensions
 db.init_app(app)
+bcrypt.init_app(app)
+
+# Initialize Flask-Login
+login_manager = LoginManager()
+login_manager.init_app(app)
+login_manager.login_view = 'auth.login'
+login_manager.login_message = 'Per accedere a questa pagina devi effettuare il login.'
+login_manager.login_message_category = 'warning'
+
+@login_manager.user_loader
+def load_user(user_id):
+    """Load user for Flask-Login"""
+    return User.query.get(int(user_id))

 # favicon.ico, sitemap.xml and robots.txt
@app.route('/favicon.ico')
@@ -40,6 +56,8 @@ def robots():
 # BluePrint Routes
 app.register_blueprint(route_home)
 app.register_blueprint(route_api)
+app.register_blueprint(route_auth)
+app.register_blueprint(route_admin)

 if __name__ == '__main__':
    app.run(debug=config.DEBUG, host=config.APP_HOST, port=config.APP_PORT)