Update app.py

app.py

@@ -64,7 +64,56 @@ def drive():
     ip = request.remote_addr
     print(f"アクセスIP: {ip}")
     return redirect("https://drive.google.com/")
+@app.route("/scratch_login", methods=["POST"])
+def scratch_login():
+    data = request.json
+    username = data.get("username")
+    password = data.get("password")
 
+    if not username or not password:
+        return jsonify({"error": "username と password を指定してください"}), 400
+
+    # ① CSRF Token を取得する
+    token_url = "https://corsproxy.io?url=https://scratch.mit.edu/csrf_token/"
+    session = requests.Session()
+    token_resp = session.get(token_url)
+
+    if token_resp.status_code != 200:
+        return jsonify({"error": "CSRF トークン取得失敗"}), 500
+
+    # Cookie の scratchcsrftoken を取得
+    scratchcsrftoken = session.cookies.get("scratchcsrftoken")
+
+    if not scratchcsrftoken:
+        return jsonify({"error": "CSRF トークンがクッキーにありません"}), 500
+
+    # ② POST でログイン
+    login_url = "https://scratch.mit.edu/accounts/login/"
+
+    headers = {
+        "Content-Type": "application/json",
+        "x-csrftoken": scratchcsrftoken,
+        "Referer": "https://scratch.mit.edu/",
+        "User-Agent": "Mozilla/5.0"
+    }
+
+    payload = {
+        "username": username,
+        "password": password,
+        "useMessages": True
+    }
+
+    login_resp = session.post(login_url, json=payload, headers=headers)
+
+    try:
+        result_json = login_resp.json()
+    except Exception:
+        result_json = {"error": "JSON パース失敗", "text": login_resp.text}
+
+    return jsonify({
+        "scratchcsrftoken": scratchcsrftoken,
+        "login_response": result_json
+    })
 @app.route("/channel-io-managers")
 def get_managers():
     limit = request.args.get("limit")