Spaces:

0vergeared
/

otp-space

Sleeping

App Files Files Community

0vergeared commited on Jul 29, 2025

Commit

8e8453e

verified ·

1 Parent(s): 1503298

Update server.py

Browse files

Files changed (1) hide show

server.py +114 -133

server.py CHANGED Viewed

@@ -1,58 +1,24 @@
 import os
 import sqlite3
-from flask import Flask, request, jsonify, render_template_string, redirect, url_for, session
 from flask_limiter import Limiter
 from flask_limiter.util import get_remote_address
-from datetime import datetime, timedelta
-import random
-import string
-import threading
-# Configs from secrets
-ADMIN_USER = os.environ.get("ADMIN_USER", "admin")
-ADMIN_PASS = os.environ.get("ADMIN_PASS", "Welcome123")
-API_KEY = os.environ.get("OTP_API_KEY", "IDONTKNOWWHATIMDOING")
-FLASK_SECRET_KEY = os.environ.get("FLASK_SECRET_KEY", "IDONTKNOWWHATISTHIS")
 app = Flask(__name__)
-app.secret_key = FLASK_SECRET_KEY
-limiter = Limiter(get_remote_address, app=app)
-import pathlib
-# Ensure the /data folder exists
-pathlib.Path("/data").mkdir(parents=True, exist_ok=True)
-DATABASE = "/data/database.db"
-# HTML template
-template = """
-<!DOCTYPE html>
-<html>
-<head>
-    <title>OTP Generator</title>
-</head>
-<body>
-    {% if not session.get("logged_in") %}
-    <h2>Login</h2>
-    <form method="POST">
-        <input name="username" placeholder="Username"><br>
-        <input name="password" placeholder="Password" type="password"><br>
-        <button type="submit">Login</button>
-    </form>
-    {% else %}
-    <h2>Generate OTP</h2>
-    <form method="POST">
-        <button type="submit">Generate OTP</button>
-    </form>
-    {% if otp %}
-        <p><strong>OTP:</strong> {{ otp }}</p>
-        <p>Expires At: {{ expires_at }}</p>
-    {% endif %}
-    <p><a href="{{ url_for('logout') }}">Logout</a></p>
-    {% endif %}
-</body>
-</html>
-"""
 # Initialize DB
 def init_db():
@@ -71,106 +37,121 @@ def init_db():
 init_db()
-# Helper
-def generate_otp(length=6):
-    return ''.join(random.choices(string.digits, k=length))
-# Web login
 @app.route("/login", methods=["GET", "POST"])
 def login():
     if request.method == "POST":
         if request.form["username"] == ADMIN_USER and request.form["password"] == ADMIN_PASS:
-            session["logged_in"] = True
-            return redirect(url_for("generate_page"))
-    return render_template_string(template)
-@app.route("/logout")
-def logout():
-    session.pop("logged_in", None)
-    return redirect(url_for("login"))
-# Web generate UI
 @app.route("/generate", methods=["GET", "POST"])
 def generate_page():
-    if not session.get("logged_in"):
-        return redirect(url_for("login"))
     otp = None
-    expires_at = None
     if request.method == "POST":
         otp = generate_otp()
         now = datetime.utcnow()
-        expires = now + timedelta(minutes=5)
-        expires_at = expires.isoformat()
-        conn = sqlite3.connect(DATABASE)
-        c = conn.cursor()
-        c.execute("INSERT INTO otps (otp, generated_at, expires_at, ip_address, status) VALUES (?, ?, ?, ?, ?)",
-                  (otp, now.isoformat(), expires_at, request.remote_addr, "generated"))
-        conn.commit()
-        conn.close()
-    return render_template_string(template, otp=otp, expires_at=expires_at)
-# API generate OTP
-@app.route("/generate-otp", methods=["POST"])
-@limiter.limit("5 per minute")
-def api_generate_otp():
-    if request.headers.get("X-API-Key") != API_KEY:
-        return jsonify({"error": "Unauthorized"}), 401
-    otp = generate_otp()
-    now = datetime.utcnow()
-    expires = now + timedelta(minutes=5)
-    conn = sqlite3.connect(DATABASE)
-    c = conn.cursor()
-    c.execute("INSERT INTO otps (otp, generated_at, expires_at, ip_address, status) VALUES (?, ?, ?, ?, ?)",
-              (otp, now.isoformat(), expires.isoformat(), request.remote_addr, "generated"))
-    conn.commit()
-    conn.close()
-    return jsonify({"otp": otp, "expires_at": expires.isoformat()})
-# API verify OTP
-@app.route("/verify-otp", methods=["POST"])
-@limiter.limit("10 per minute")
-def verify_otp():
-    data = request.get_json()
-    otp_input = data.get("otp", "")
-    now = datetime.utcnow()
-    conn = sqlite3.connect(DATABASE)
-    c = conn.cursor()
-    c.execute("SELECT id, expires_at, used_at FROM otps WHERE otp=? AND status='generated'", (otp_input,))
-    row = c.fetchone()
-    if not row:
-        return jsonify({"success": False, "message": "Invalid or already used OTP"}), 400
-    otp_id, expires_at, used_at = row
-    if datetime.fromisoformat(expires_at) < now:
-        c.execute("UPDATE otps SET status='expired' WHERE id=?", (otp_id,))
-        conn.commit()
-        conn.close()
-        return jsonify({"success": False, "message": "OTP expired"}), 400
-    c.execute("UPDATE otps SET used_at=?, status='used' WHERE id=?", (now.isoformat(), otp_id))
-    conn.commit()
-    conn.close()
-    return jsonify({"success": True, "message": "OTP valid"})
-# Audit log
-@app.route("/export-log")
-def export_log():
-    conn = sqlite3.connect(DATABASE)
-    c = conn.cursor()
-    c.execute("SELECT * FROM otps ORDER BY id DESC")
-    rows = c.fetchall()
-    conn.close()
-    return jsonify(rows)
-# Root
-@app.route("/")
-def home():
-    return "OTP API is running"
-# Run in HF Space
-def run():
-    app.run(host="0.0.0.0", port=7860)
-threading.Thread(target=run).start()
 @app.route("/debug")
 def debug():
     return f"Database exists: {os.path.exists(DATABASE)}"

 import os
+import random
 import sqlite3
+from datetime import datetime, timedelta
+from flask import Flask, request, jsonify, redirect, session, render_template_string
 from flask_limiter import Limiter
 from flask_limiter.util import get_remote_address
+# Environment variables
+OTP_API_KEY = os.getenv("OTP_API_KEY", "default-api-key")
+ADMIN_USER = os.getenv("ADMIN_USER", "admin")
+ADMIN_PASS = os.getenv("ADMIN_PASS", "password")
+SECRET_KEY = os.getenv("FLASK_SECRET_KEY", "supersecretkey")
 app = Flask(__name__)
+app.secret_key = SECRET_KEY
+limiter = Limiter(app, key_func=get_remote_address)
+# Writable DB path
+DATABASE = "/tmp/database.db"
 # Initialize DB
 def init_db():
 init_db()
+def generate_otp():
+    return str(random.randint(100000, 999999))
+@app.route("/generate-otp", methods=["POST"])
+@limiter.limit("5/minute")
+def api_generate():
+    if request.headers.get("X-API-Key") != OTP_API_KEY:
+        return jsonify({"error": "Unauthorized"}), 401
+    otp = generate_otp()
+    now = datetime.utcnow()
+    expires_at = now + timedelta(minutes=10)
+    with sqlite3.connect(DATABASE) as conn:
+        c = conn.cursor()
+        c.execute("INSERT INTO otps (otp, generated_at, expires_at, ip_address, status) VALUES (?, ?, ?, ?, ?)",
+                  (otp, now.isoformat(), expires_at.isoformat(), request.remote_addr, "generated"))
+        conn.commit()
+    return jsonify({"otp": otp, "expires_at": expires_at.isoformat()})
+@app.route("/verify-otp", methods=["POST"])
+@limiter.limit("10/minute")
+def verify_otp():
+    data = request.get_json()
+    otp = data.get("otp")
+    with sqlite3.connect(DATABASE) as conn:
+        c = conn.cursor()
+        c.execute("SELECT id, expires_at, used_at, status FROM otps WHERE otp = ?", (otp,))
+        row = c.fetchone()
+        if not row:
+            return jsonify({"valid": False, "reason": "Invalid OTP"}), 400
+        otp_id, expires_at, used_at, status = row
+        now = datetime.utcnow()
+        if used_at:
+            return jsonify({"valid": False, "reason": "OTP already used"}), 400
+        if datetime.fromisoformat(expires_at) < now:
+            return jsonify({"valid": False, "reason": "OTP expired"}), 400
+        c.execute("UPDATE otps SET used_at = ?, status = ? WHERE id = ?",
+                  (now.isoformat(), "used", otp_id))
+        conn.commit()
+    return jsonify({"valid": True})
+# Admin login UI
+LOGIN_TEMPLATE = """
+<!DOCTYPE html><html><body>
+<h2>Admin Login</h2>
+<form method="post">
+  <input type="text" name="username" placeholder="Username" required><br>
+  <input type="password" name="password" placeholder="Password" required><br>
+  <button type="submit">Login</button>
+</form>
+</body></html>
+"""
 @app.route("/login", methods=["GET", "POST"])
 def login():
     if request.method == "POST":
         if request.form["username"] == ADMIN_USER and request.form["password"] == ADMIN_PASS:
+            session["admin"] = True
+            return redirect("/generate")
+        return "Invalid login", 403
+    return render_template_string(LOGIN_TEMPLATE)
+# Admin OTP generation UI
+GEN_TEMPLATE = """
+<!DOCTYPE html><html><body>
+<h2>Generate OTP</h2>
+<form method="post">
+  <button type="submit">Generate OTP</button>
+</form>
+{% if otp %}
+<p>OTP: <b>{{ otp }}</b> (expires at {{ expires }})</p>
+{% endif %}
+<a href="/logout">Logout</a>
+</body></html>
+"""
 @app.route("/generate", methods=["GET", "POST"])
 def generate_page():
+    if not session.get("admin"):
+        return redirect("/login")
     otp = None
+    expires = None
     if request.method == "POST":
         otp = generate_otp()
         now = datetime.utcnow()
+        expires_at = now + timedelta(minutes=10)
+        with sqlite3.connect(DATABASE) as conn:
+            c = conn.cursor()
+            c.execute("INSERT INTO otps (otp, generated_at, expires_at, ip_address, status) VALUES (?, ?, ?, ?, ?)",
+                      (otp, now.isoformat(), expires_at.isoformat(), request.remote_addr, "generated"))
+            conn.commit()
+        expires = expires_at.isoformat()
+    return render_template_string(GEN_TEMPLATE, otp=otp, expires=expires)
+@app.route("/logout")
+def logout():
+    session.clear()
+    return redirect("/login")
+# Optional debug route
 @app.route("/debug")
 def debug():
     return f"Database exists: {os.path.exists(DATABASE)}"
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=7860)