Add login required

app.py

@@ -1,17 +1,191 @@
-from fastapi import FastAPI, HTTPException, Request, Form
-from fastapi.responses import HTMLResponse, FileResponse
+from fastapi import FastAPI, HTTPException, Request, Form, Depends, status
+from fastapi.responses import HTMLResponse, FileResponse, RedirectResponse, JSONResponse
 from fastapi.templating import Jinja2Templates
+from fastapi.staticfiles import StaticFiles
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
 from datetime import datetime, timedelta
 import random
 import folium
 from folium.plugins import MarkerCluster
 import csv
 import os
+from pydantic import BaseModel
+from typing import List, Optional
 
 app = FastAPI()
 templates = Jinja2Templates(directory="templates")
 
+
 CSV_FILE = "wifi_signals.csv"
+USERS_FILE = "users.csv"
+security = HTTPBasic()
+
+class User(BaseModel):
+    username: str
+    email: str
+    password: str
+    is_admin: bool = False
+    last_login: Optional[datetime] = None
+    is_active: bool = True
+
+users = []
+
+def load_users():
+    global users
+    if os.path.exists(USERS_FILE):
+        with open(USERS_FILE, mode='r') as file:
+            reader = csv.reader(file)
+            next(reader)  # Skip header
+            users = []
+            for row in reader:
+                user = User(
+                    username=row[0],
+                    email=row[1],
+                    password=row[2],
+                    is_admin=row[3] == 'True',
+                    last_login=datetime.fromisoformat(row[4]) if row[4] else None,
+                    is_active=row[5] == 'True'
+                )
+                users.append(user)
+
+def save_users():
+    with open(USERS_FILE, mode='w', newline='') as file:
+        writer = csv.writer(file)
+        writer.writerow(['username', 'email', 'password', 'is_admin', 'last_login', 'is_active'])
+        for user in users:
+            writer.writerow([
+                user.username,
+                user.email,
+                user.password,
+                user.is_admin,
+                user.last_login.isoformat() if user.last_login else '',
+                user.is_active
+            ])
+
+load_users()
+
+def get_current_user(request: Request) -> Optional[User]:
+    username = request.cookies.get("username")
+    if username:
+        return next((u for u in users if u.username == username), None)
+    return None
+
+def login_required(request: Request):
+    username = request.cookies.get("username")
+    if not username:
+        return RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
+    user = next((u for u in users if u.username == username), None)
+    if not user:
+        return RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
+    return user
+
+@app.get("/login", response_class=HTMLResponse)
+async def login_page(request: Request):
+    return templates.TemplateResponse("login.html", {"request": request})
+
+@app.post("/login")
+async def login(request: Request, username: str = Form(...), password: str = Form(...)):
+    user = next((u for u in users if u.username == username and u.password == password), None)
+    if user and user.is_active:
+        user.last_login = datetime.now()
+        save_users()
+        response = RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)
+        response.set_cookie(key="username", value=username, httponly=True)
+        return response
+    return templates.TemplateResponse("login.html", {"request": request, "error": "Invalid credentials or inactive account"})
+
+@app.get("/logout")
+async def logout(response: JSONResponse):
+    response = RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
+    response.delete_cookie("username")
+    return response
+
+@app.get("/register", response_class=HTMLResponse)
+async def register_page(request: Request):
+    return templates.TemplateResponse("register.html", {"request": request})
+
+@app.post("/register")
+async def register(username: str = Form(...), email: str = Form(...), password: str = Form(...)):
+    if any(u.username == username for u in users):
+        return RedirectResponse(url="/register?error=1", status_code=status.HTTP_302_FOUND)
+    new_user = User(username=username, email=email, password=password)
+    users.append(new_user)
+    save_users()
+    return RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
+
+@app.get("/logout")
+async def logout(request: Request):
+    response = RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
+    response.delete_cookie("username")
+    return response
+
+@app.get("/admin", response_class=HTMLResponse)
+async def admin_page(request: Request):
+    current_user = login_required(request)
+    if isinstance(current_user, RedirectResponse):
+        return current_user
+    if not current_user.is_admin:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")
+    return templates.TemplateResponse("admin.html", {"request": request, "users": users})
+
+@app.post("/admin/delete/{username}")
+async def delete_user(request: Request, username: str):
+    current_user = login_required(request)
+    if isinstance(current_user, RedirectResponse):
+        return current_user
+    if not current_user.is_admin:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")
+    global users
+    users = [u for u in users if u.username != username]
+    save_users()
+    return RedirectResponse(url="/admin", status_code=status.HTTP_302_FOUND)
+
+@app.post("/admin/edit/{username}")
+async def edit_user(request: Request, username: str, new_username: str = Form(...), email: str = Form(...), is_admin: bool = Form(False), is_active: bool = Form(False)):
+    current_user = login_required(request)
+    if isinstance(current_user, RedirectResponse):
+        return current_user
+    if not current_user.is_admin:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")
+    user = next((u for u in users if u.username == username), None)
+    if user:
+        # Check if the new username already exists
+        if new_username != username and any(u.username == new_username for u in users):
+            raise HTTPException(status_code=400, detail="Username already exists")
+        user.username = new_username
+        user.email = email
+        user.is_admin = is_admin
+        user.is_active = is_active
+        save_users()
+    return RedirectResponse(url="/admin", status_code=status.HTTP_302_FOUND)
+
+@app.post("/admin/delete/{username}")
+async def delete_user(username: str, current_user: User = Depends(get_current_user)):
+    if not current_user.is_admin:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")
+    global users
+    users = [u for u in users if u.username != username]
+    save_users()
+    return RedirectResponse(url="/admin", status_code=status.HTTP_302_FOUND)
+
+@app.post("/admin/edit/{username}")
+async def edit_user(request: Request, username: str, new_username: str = Form(...), email: str = Form(...), is_admin: bool = Form(False), is_active: bool = Form(False)):
+    current_user = login_required(request)
+    if isinstance(current_user, RedirectResponse):
+        return current_user
+    if not current_user.is_admin:
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not authorized")
+    user = next((u for u in users if u.username == username), None)
+    if user:
+        # Check if the new username already exists
+        if new_username != username and any(u.username == new_username for u in users):
+            raise HTTPException(status_code=400, detail="Username already exists")
+        user.username = new_username
+        user.email = email
+        user.is_admin = is_admin
+        user.is_active = is_active
+        save_users()
+    return RedirectResponse(url="/admin", status_code=status.HTTP_302_FOUND)
 
 @app.post("/api/generate-data")
 def generate_data():
@@ -81,6 +255,10 @@ async def upload_data(
 
 @app.get("/", response_class=HTMLResponse)
 def show_map(request: Request, start_date: str = None, end_date: str = None):
+    current_user = login_required(request)
+    if isinstance(current_user, RedirectResponse):
+        return current_user
+    
     signal_data = []
 
     if os.path.exists(CSV_FILE):
@@ -122,8 +300,19 @@ def show_map(request: Request, start_date: str = None, end_date: str = None):
         ).add_to(marker_cluster)
     
     map_html = m._repr_html_()
-    return templates.TemplateResponse("map.html", {"request": request, "map_html": map_html, "start_date": start_date, "end_date": end_date})
+    return templates.TemplateResponse("map.html", {
+        "request": request,
+        "map_html": map_html,
+        "start_date": start_date,
+        "end_date": end_date,
+        "current_user": current_user
+    })
 
+@app.exception_handler(HTTPException)
+async def http_exception_handler(request: Request, exc: HTTPException):
+    if exc.status_code == status.HTTP_401_UNAUTHORIZED:
+        return RedirectResponse(url="/login", status_code=status.HTTP_302_FOUND)
+    return templates.TemplateResponse("error.html", {"request": request, "detail": exc.detail}, status_code=exc.status_code)
 
 @app.get("/download-csv")
 async def download_csv():

templates/admin.html

@@ -0,0 +1,97 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Panel - Signal Tracker</title>
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <h1>Admin Panel</h1>
+        <table class="table">
+            <thead>
+                <tr>
+                    <th>Username</th>
+                    <th>Email</th>
+                    <th>Is Admin</th>
+                    <th>Last Login</th>
+                    <th>Is Active</th>
+                    <th>Actions</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for user in users %}
+                <tr>
+                    <td>{{ user.username }}</td>
+                    <td>{{ user.email }}</td>
+                    <td>{{ user.is_admin }}</td>
+                    <td>{{ user.last_login.strftime('%Y-%m-%d %H:%M:%S') if user.last_login else 'Never' }}</td>
+                    <td>{{ user.is_active }}</td>
+                    <td>
+                        <button class="btn btn-sm btn-primary" onclick="editUser('{{ user.username }}', '{{ user.email }}', {{ user.is_admin | tojson }}, {{ user.is_active | tojson }})">Edit</button>
+                        <form method="post" action="/admin/delete/{{ user.username }}" style="display: inline;">
+                            <button type="submit" class="btn btn-sm btn-danger">Delete</button>
+                        </form>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
+        <a href="/" class="btn btn-secondary">Back to Map</a>
+    </div>
+
+    <!-- Edit User Modal -->
+    <div class="modal fade" id="editUserModal" tabindex="-1" aria-hidden="true">
+        <div class="modal-dialog">
+            <div class="modal-content">
+                <div class="modal-header">
+                    <h5 class="modal-title">Edit User</h5>
+                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <form id="editUserForm" method="post">
+                    <div class="modal-body">
+                        <div class="mb-3">
+                            <label for="editUsername" class="form-label">Username</label>
+                            <input type="text" class="form-control" id="editUsername" name="new_username" required>
+                        </div>
+                        <div class="mb-3">
+                            <label for="editEmail" class="form-label">Email</label>
+                            <input type="email" class="form-control" id="editEmail" name="email" required>
+                        </div>
+                        <div class="mb-3 form-check">
+                            <input type="hidden" name="is_admin" value="false">
+                            <input type="checkbox" class="form-check-input" id="editIsAdmin" name="is_admin" value="true">
+                            <label class="form-check-label" for="editIsAdmin">Is Admin</label>
+                        </div>
+                        <div class="mb-3 form-check">
+                            <input type="hidden" name="is_active" value="false">
+                            <input type="checkbox" class="form-check-input" id="editIsActive" name="is_active" value="true">
+                            <label class="form-check-label" for="editIsActive">Is Active</label>
+                        </div>
+                    </div>
+                    <div class="modal-footer">
+                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button>
+                        <button type="submit" class="btn btn-primary">Save changes</button>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"></script>
+    <script>
+        function editUser(username, email, isAdmin, isActive) {
+            document.getElementById('editUserForm').action = `/admin/edit/${username}`;
+            document.getElementById('editUsername').value = username;
+            document.getElementById('editEmail').value = email;
+            document.getElementById('editIsAdmin').checked = isAdmin;
+            document.getElementById('editIsActive').checked = isActive;
+            var editUserModal = new bootstrap.Modal(document.getElementById('editUserModal'));
+            editUserModal.show();
+        }
+    </script>
+</body>
+</html>
+
+

templates/login.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login - Signal Tracker</title>
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <h1>Login</h1>
+        {% if request.query_params.get("error") %}
+        <div class="alert alert-danger">Invalid credentials</div>
+        {% endif %}
+        <form method="post" action="/login">
+            <div class="mb-3">
+                <label for="username" class="form-label">Username</label>
+                <input type="text" class="form-control" id="username" name="username" required>
+            </div>
+            <div class="mb-3">
+                <label for="password" class="form-label">Password</label>
+                <input type="password" class="form-control" id="password" name="password" required>
+            </div>
+            <button type="submit" class="btn btn-primary">Login</button>
+        </form>
+        <p class="mt-3">Don't have an account? <a href="/register">Register here</a></p>
+    </div>
+</body>
+</html>

templates/map.html

@@ -59,10 +59,26 @@
         .btn-download:hover {
             background-color: #0056b3;
         }
+        .user-info {
+            position: absolute;
+            top: 10px;
+            right: 10px;
+            background-color: white;
+            padding: 5px 10px;
+            border-radius: 5px;
+            box-shadow: 0 2px 5px rgba(0,0,0,0.1);
+        }
     </style>
 </head>
 <body>
     <div class="container">
+        <div class="user-info">
+            {% if current_user %}
+                Welcome, {{ current_user.username }} | <a href="/logout">Logout</a>
+            {% else %}
+                <a href="/login">Login</a>
+            {% endif %}
+        </div>
         <h1 class="title">Signal Tracker Map</h1>
         <form class="filter-form" id="date-form" method="GET" action="/">
             <div class="row g-3 align-items-center">

templates/register.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Register - Signal Tracker</title>
+    <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+    <div class="container mt-5">
+        <h1>Register</h1>
+        {% if request.query_params.get("error") %}
+        <div class="alert alert-danger">Username already exists</div>
+        {% endif %}
+        <form method="post" action="/register">
+            <div class="mb-3">
+                <label for="username" class="form-label">Username</label>
+                <input type="text" class="form-control" id="username" name="username" required>
+            </div>
+            <div class="mb-3">
+                <label for="email" class="form-label">Email</label>
+                <input type="email" class="form-control" id="email" name="email" required>
+            </div>
+            <div class="mb-3">
+                <label for="password" class="form-label">Password</label>
+                <input type="password" class="form-control" id="password" name="password" required>
+            </div>
+            <button type="submit" class="btn btn-primary">Register</button>
+        </form>
+        <p class="mt-3">Already have an account? <a href="/login">Login here</a></p>
+    </div>
+</body>
+</html>

users.csv

@@ -0,0 +1,3 @@
+username,email,password,is_admin,last_login,is_active
+admin,[email protected],admin,True,2024-08-30T17:44:00.209768,True
+vumichien,[email protected],123456,True,2024-08-30T17:43:53.120071,True