"""Simple session-based authentication.""" import os import secrets import time from fastapi import Request # Session storage: token -> expiry timestamp _sessions = {} SESSION_COOKIE = "session" SESSION_MAX_AGE = 86400 * 30 # 7 days def get_credentials(): username = os.environ.get("USERNAME", "") password = os.environ.get("PASSWORD", "") return username, password def verify_credentials(username: str, password: str) -> bool: correct_user, correct_pass = get_credentials() if not correct_user or not correct_pass: # No credentials configured: allow all return True return ( secrets.compare_digest(username, correct_user) and secrets.compare_digest(password, correct_pass) ) def auth_enabled() -> bool: u, p = get_credentials() return bool(u and p) def create_session() -> str: token = secrets.token_urlsafe(32) _sessions[token] = time.time() + SESSION_MAX_AGE # Cleanup old sessions now = time.time() expired = [k for k, v in _sessions.items() if v < now] for k in expired: del _sessions[k] return token def validate_session(token: str) -> bool: if not token: return False expiry = _sessions.get(token) if expiry is None: return False if time.time() > expiry: del _sessions[token] return False return True def is_authenticated(request: Request) -> bool: if not auth_enabled(): return True token = request.cookies.get(SESSION_COOKIE, "") return validate_session(token) def login_page_html(error: str = "") -> str: error_html = f'