パスワードをハッシュ化してデータベースに保存するように

認証用サーバーにつなぐように
認証用サーバーを追加
2024-06-08 19:19:07 +09:00 · 2024-06-08 19:18:50 +09:00 · 2024-06-08 19:18:35 +09:00 · 2024-06-08 19:18:16 +09:00
4 changed files with 88 additions and 25 deletions
--- a/.gitignore
+++ b/.gitignore
@ -162,3 +162,4 @@ cython_debug/

 config/
 db/
+test.py
--- a/dislocker.py
+++ b/dislocker.py
@ -38,6 +38,7 @@ class Bot(discord.Client):
                    if msg_split[1].isdigit() and msg_split[2].isdigit():
                        if int(msg_split[1]) <= 10 and int(msg_split[1]) >= 1:
                            password = self.password_generate(4)
+                            password_hash = self.hash_genarate(password)
                            cursor = self.db.cursor()
                            cursor.execute("SELECT * FROM club_member WHERE discord_userid = %s", (str(message.author.id),))
                            member_info = cursor.fetchall()
@ -48,7 +49,7 @@ class Bot(discord.Client):
                                self.db.commit()
                                cursor.execute("UPDATE pc_list SET using_user_id = %s WHERE pc_number = %s", (member_info[0][0], msg_split[1]))
                                self.db.commit()
-                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password, msg_split[1]))
+                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password_hash, msg_split[1]))
                                self.db.commit()
                                
                                await message.channel.send(f"使用が開始されました。\nパスワード | {password}\nPC番号 | {msg_split[1]}\nデバイス番号 | {msg_split[2]}\n")
@ -61,7 +62,7 @@ class Bot(discord.Client):
                                self.db.commit()
                                cursor.execute("UPDATE pc_list SET using_user_id = %s WHERE pc_number = %s", (member_info[0][0], msg_split[1]))
                                self.db.commit()
-                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password, msg_split[1]))
+                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password_hash, msg_split[1]))
                                self.db.commit()
                                
                                await message.channel.send(f"使用が開始されました。\nパスワード | {password}\nPC番号 | {msg_split[1]}\nデバイス番号 | {msg_split[2]}\n")
@ -75,6 +76,7 @@ class Bot(discord.Client):
                    if msg_split[1].isdigit() and msg_split[2].isdigit():
                        if int(msg_split[1]) <= 10 and int(msg_split[1]) >= 1:
                            password = self.password_generate(4)
+                            password_hash = self.hash_genarate(password)
                            cursor = self.db.cursor()
                            cursor.execute("SELECT * FROM club_member WHERE discord_userid = %s", (str(message.author.id),))
                            member_info = cursor.fetchall()
@ -85,7 +87,7 @@ class Bot(discord.Client):
                                self.db.commit()
                                cursor.execute("UPDATE pc_list SET using_user_id = %s WHERE pc_number = %s", (member_info[0][0], msg_split[1]))
                                self.db.commit()
-                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password, msg_split[1]))
+                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password_hash, msg_split[1]))
                                self.db.commit()
                                
                                await message.channel.send(f"使用が開始されました。\nパスワード | {password}\nPC番号 | {msg_split[1]}\nデバイス番号 | {msg_split[2]}\n")
@ -97,7 +99,7 @@ class Bot(discord.Client):
                                self.db.commit()
                                cursor.execute("UPDATE pc_list SET using_user_id = %s WHERE pc_number = %s", (member_info[0][0], msg_split[1]))
                                self.db.commit()
-                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password, msg_split[1]))
+                                cursor.execute("UPDATE pc_list SET password_hash = %s WHERE pc_number = %s", (password_hash, msg_split[1]))
                                self.db.commit()
                                await message.channel.send(f"使用が開始されました。\nパスワード | {password}\nPC番号 | {msg_split[1]}\nデバイス番号 | {msg_split[2]}\n")
                                await self.get_channel(bot_config["log_channel_id"]).send(f'{member_info[0][2]}がPC{msg_split[1]}を使用しています')
--- a/dislocker_auth.py
+++ b/dislocker_auth.py
@ -0,0 +1,59 @@
+import psycopg2
+import os
+import json
+from flask import Flask, request, jsonify
+
+config_dir_path = "./config/"
+db_config_path = config_dir_path + "db.json"
+if not os.path.isfile(db_config_path):
+    if not os.path.isdir(config_dir_path):
+        os.mkdir(config_dir_path)
+
+    db_config = {
+        "host": "localhost",
+        "db": "dislocker",
+        "username": "user",
+        "password": "example_pass",
+        "port": "5432"
+    }
+    with open(db_config_path, "w") as w:
+        json.dump(db_config, w, indent=4)
+elif os.path.isfile(db_config_path):
+    with open(db_config_path, "r") as r:
+        db_config = json.load(r)
+
+class Auth():
+    def __init__(self, host, db, port, user, password):
+        self.db = psycopg2.connect(f"host={host} dbname={db} port={port} user={user} password={password}")
+    
+    def check(self, pc_number, password):
+        cursor = self.db.cursor()
+        cursor.execute("SELECT * FROM pc_list WHERE pc_number = %s AND password_hash = %s", (pc_number, password))
+        pc_info = cursor.fetchall()
+        if not pc_info:
+            return 1
+        else:
+            return 0
+        
+    def delete(self, pc_number):
+        cursor = self.db.cursor()
+        cursor.execute("UPDATE pc_list SET password_hash = NULL WHERE pc_number = %s", (pc_number,))
+        self.db.commit()
+
+
+app = Flask(__name__)
+auth = Auth(db_config["host"], db_config["db"], db_config["port"], db_config["username"], db_config["password"])
+
+@app.route('/verify', methods=['POST'])
+def verify():
+    pc_number = int(request.json.get('pc_number'))
+    password = request.json.get('password')
+
+    if auth.check(pc_number, password) == 0:
+        auth.delete(pc_number)
+        return jsonify({'message': 'ok'}), 200
+    else:
+        return jsonify({'message': 'damedesu'}), 401
+    
+if __name__ == '__main__':
+    app.run()
--- a/dislocker_client.py
+++ b/dislocker_client.py
@ -1,10 +1,11 @@
-import psycopg2
 import os
 import json
 import customtkinter
 from winotify import Notification, audio
 import keyboard
 import subprocess
+import requests
+import hashlib

 class App(customtkinter.CTk):
    def __init__(self):
@ -89,15 +90,18 @@ class Lock(customtkinter.CTkToplevel):
        self.signin_button = customtkinter.CTkButton(self.button_frame, text='サインイン', command=self.auth)
        self.signin_button.grid(row=0, column=0, padx=10, pady=10)

+    def hash_genarate(self, source):
+        hashed = hashlib.md5(source.encode())
+        return hashed.hexdigest()
+
    def auth(self):
-        self.db = psycopg2.connect(f"host={db_config["host"]} dbname={db_config["db"]} port={db_config["port"]} user={db_config["username"]} password={db_config["password"]}")
-        cursor = self.db.cursor()
-        cursor.execute("SELECT * FROM pc_list WHERE pc_number = %s", (10,))
-        pc_info = cursor.fetchall()
-        auth_password = str(self.password_entry.get())
-        if pc_info[0][2] == auth_password:
-            cursor.execute("UPDATE pc_list SET password_hash = NULL WHERE pc_number = %s", (10,))
-            self.db.commit()
+        auth_url = client_config["auth_host_url"] + "/verify"
+        auth_json = {
+            "pc_number": client_config["pc_number"],
+            "password": self.hash_genarate(self.password_entry.get())
+        }
+        responce = requests.post(auth_url, json=auth_json)
+        if responce.status_code == 200:
            self.destroy()
            app.exit()
        else:
@ -111,22 +115,19 @@ class Lock(customtkinter.CTkToplevel):


 config_dir_path = "./config/"
-db_config_path = config_dir_path + "db.json"
-if not os.path.isfile(db_config_path):
+client_config_path = config_dir_path + "client.json"
+if not os.path.isfile(client_config_path):
    if not os.path.isdir(config_dir_path):
        os.mkdir(config_dir_path)

-    db_config = {
-        "host": "localhost",
-        "db": "dislocker",
-        "username": "user",
-        "password": "example_pass",
-        "port": "5432"
+    client_config = {
+        "auth_host_url": "localhost",
+        "pc_number": ""
    }
-    with open(db_config_path, "w") as w:
-        json.dump(db_config, w, indent=4)
-elif os.path.isfile(db_config_path):
-    with open(db_config_path, "r") as r:
+    with open(client_config_path, "w") as w:
+        json.dump(client_config, w, indent=4)
+elif os.path.isfile(client_config_path):
+    with open(client_config_path, "r") as r:
        db_config = json.load(r)

 if __name__ == '__main__':
Author	SHA1	Message	Date
suti7yk5032	9dec6938dd	パスワードをハッシュ化してデータベースに保存するように	2024-06-08 19:19:07 +09:00
suti7yk5032	26902aa0b3	認証用サーバーにつなぐように	2024-06-08 19:18:50 +09:00
suti7yk5032	32a183244f	認証用サーバーを追加	2024-06-08 19:18:35 +09:00
suti7yk5032	bd12378f3c	test.pyを追跡外に	2024-06-08 19:18:16 +09:00