From 233af1fce9e373926c77edfa294131603df48267 Mon Sep 17 00:00:00 2001
From: Cp0204 <Cp0204@qq.com>
Date: Wed, 28 Feb 2024 03:40:41 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=80=BB=E8=BE=91=EF=BC=9A?=
 =?UTF-8?q?=E4=BD=BF=E6=94=B9=E5=AF=86=E7=A0=81=E6=8E=89=E7=99=BB=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/run.py | 52 ++++++++++++++++++++++++++++++++++------------------
 1 file changed, 34 insertions(+), 18 deletions(-)

diff --git a/app/run.py b/app/run.py
index b29532a..8b4ed9f 100644
--- a/app/run.py
+++ b/app/run.py
@@ -10,6 +10,7 @@ from flask import (
 )
 from apscheduler.schedulers.background import BackgroundScheduler
 from apscheduler.triggers.cron import CronTrigger
+import hashlib
 import json
 import os
 
@@ -24,14 +25,10 @@ app.config["JSON_SORT_KEYS"] = False
 app.config['JSONIFY_PRETTYPRINT_REGULAR'] = False
 
 
-# 设置icon
-@app.route("/favicon.ico")
-def favicon():
-    return send_from_directory(
-        os.path.join(app.root_path, "static"),
-        "favicon.ico",
-        mimetype="image/vnd.microsoft.icon",
-    )
+def gen_md5(string):
+    md5 = hashlib.md5()
+    md5.update(string.encode("utf-8"))
+    return md5.hexdigest()
 
 
 # 读取 JSON 文件内容
@@ -47,19 +44,38 @@ def write_json(data):
         json.dump(data, f, indent=4, ensure_ascii=False, sort_keys=False)
 
 
+def is_login():
+    data = read_json()
+    username = data["webui"]["username"]
+    password = data["webui"]["password"]
+    if session.get("login") == gen_md5(username + password):
+        return True
+    else:
+        return False
+
+
+# 设置icon
+@app.route("/favicon.ico")
+def favicon():
+    return send_from_directory(
+        os.path.join(app.root_path, "static"),
+        "favicon.ico",
+        mimetype="image/vnd.microsoft.icon",
+    )
+
+
 # 登录页面
 @app.route("/login", methods=["GET", "POST"])
 def login():
     if request.method == "POST":
         data = read_json()
-        username = request.form.get("username")
-        password = request.form.get("password")
+        username = data["webui"]["username"]
+        password = data["webui"]["password"]
         # 验证用户名和密码
-        if (
-            username == data["webui"]["username"]
-            and password == data["webui"]["password"]
+        if (username == request.form.get("username")) and (
+            password == request.form.get("password")
         ):
-            session["username"] = username
+            session["login"] = gen_md5(username + password)
             return redirect(url_for("index"))
         else:
             return render_template("login.html", message="登录失败")
@@ -70,14 +86,14 @@ def login():
 # 退出登录
 @app.route("/logout")
 def logout():
-    session.pop("username", None)
+    session.pop("login", None)
     return redirect(url_for("login"))
 
 
 # 管理页面
 @app.route("/")
 def index():
-    if not session.get("username"):
+    if not is_login():
         return redirect(url_for("login"))
     return render_template("index.html")
 
@@ -85,7 +101,7 @@ def index():
 # 获取配置数据
 @app.route("/data")
 def get_data():
-    if not session.get("username"):
+    if not is_login():
         return redirect(url_for("login"))
     data = read_json()
     del data["webui"]
@@ -95,7 +111,7 @@ def get_data():
 # 更新数据
 @app.route("/update", methods=["POST"])
 def update():
-    if not session.get("username"):
+    if not is_login():
         return "未登录"
     data = read_json()
     webui = data["webui"]