Add authentication system and admin dashboard

Security Features: - Added User model with bcrypt password hashing - Implemented Flask-Login for session management - Protected all API write operations with @login_required decorator - Added authentication routes (login/logout) Admin Dashboard: - Created comprehensive admin dashboard with statistics - Profile management interface - Skills management (add/edit/delete) - Projects management with full CRUD operations - Social links management - Modern responsive UI with Bootstrap 5 New Files: - models.py: Added User model with bcrypt - routes/auth.py: Login/logout functionality - routes/admin.py: Complete admin dashboard with CRUD operations - templates/auth/login.html: Login page - templates/admin/base.html: Admin base template - templates/admin/dashboard.html: Main dashboard - templates/admin/profile.html: Profile editor - templates/admin/skills.html: Skills manager - templates/admin/projects.html: Projects list - templates/admin/project_form.html: Project editor - templates/admin/social_links.html: Social links manager Modified Files: - app.py: Integrated Flask-Login and bcrypt, registered new blueprints - requirements.txt: Added Flask-Login, Flask-Bcrypt, bcrypt - init_db.py: Creates default admin user (admin/admin123) - routes/api.py: Protected all write operations with authentication Default Credentials: - Username: admin - Password: admin123 - ⚠️ MUST be changed after first login! Benefits: - Secure API access with session-based authentication - User-friendly admin interface for content management - No need to edit code or database directly - Bcrypt password hashing for security - Protected against unauthorized access
2025-11-13 13:49:36 +00:00
parent c6425235a2
commit aa2c704bfb
15 changed files with 1159 additions and 4 deletions
--- a/models.py
+++ b/models.py
@@ -3,9 +3,43 @@ Database models for Portfolio Application
 Uses SQLAlchemy ORM with MariaDB
 """
 from flask_sqlalchemy import SQLAlchemy
+from flask_login import UserMixin
+from flask_bcrypt import Bcrypt
 from datetime import datetime

 db = SQLAlchemy()
+bcrypt = Bcrypt()
+
+
+class User(UserMixin, db.Model):
+    """Store admin users for authentication"""
+    __tablename__ = 'users'
+
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(80), unique=True, nullable=False)
+    email = db.Column(db.String(120), unique=True, nullable=False)
+    password_hash = db.Column(db.String(255), nullable=False)
+    is_active = db.Column(db.Boolean, default=True)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    last_login = db.Column(db.DateTime)
+
+    def set_password(self, password):
+        """Hash password using bcrypt"""
+        self.password_hash = bcrypt.generate_password_hash(password).decode('utf-8')
+
+    def check_password(self, password):
+        """Verify password against hash"""
+        return bcrypt.check_password_hash(self.password_hash, password)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'username': self.username,
+            'email': self.email,
+            'is_active': self.is_active,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'last_login': self.last_login.isoformat() if self.last_login else None
+        }


 class Profile(db.Model):