Add argon2 password hash

backend/routes.py

@@ -1,19 +1,18 @@
 # Standard library
-from datetime import datetime, timedelta
+from datetime import timedelta
 from io import BytesIO
 import time
 
 # Third-party libraries
 import requests
 from flask import render_template, request, redirect, url_for, session, flash, jsonify, make_response
-from flask_login import login_user, logout_user, login_required, current_user
-from werkzeug.security import check_password_hash
+from flask_login import logout_user, login_required, current_user
+from flask import request, render_template, redirect, url_for, flash
+
 
 # Project imports
-from . import db
-from backend.models import User, LoginIP
 from backend.utils import format_size, calculate_age
-from backend.alldebrid import check_alldebrid_status, send_ntfy
+from backend.auth import authenticate_user
 
 MAX_ATTEMPTS = 5
 BLOCK_TIME = timedelta(minutes=15)
@@ -34,48 +33,15 @@ def init_app(app):
 
     @app.route('/login', methods=['GET', 'POST'])
     def login():
-        ip = request.remote_addr or "unknown"
-        ip_record = LoginIP.query.filter_by(ip=ip).first()
-        if not ip_record:
-            ip_record = LoginIP(ip=ip)
-            db.session.add(ip_record)
-            db.session.commit()
-
-        if ip_record.blocked_until and datetime.utcnow() < ip_record.blocked_until:
-            remaining = int((ip_record.blocked_until - datetime.utcnow()).total_seconds() // 60) + 1
-            flash(f"Trop de tentatives depuis votre IP. Réessayez dans {remaining} min.")
-            return render_template("login.html")
-
         if request.method == "POST":
             username = request.form.get("username")
             password = request.form.get("password")
-            user = User.query.filter_by(username=username).first()
+            ip = request.remote_addr or "unknown"
 
-            if user and check_password_hash(user.password, password):
-                ip_record.count = 0
-                ip_record.blocked_until = None
-                db.session.commit()
-                login_user(user)
-                session['user'] = user.username
-
-                # --- Vérification AllDebrid ---
-                print("Vérification en cours")
-                premium = check_alldebrid_status()
-                session['alldebrid_active'] = premium
-                if not premium:  # notifier seulement si le compte n’est plus premium
-                    print("Envoi notif")
-                    send_ntfy("AllDebrid non premium", "Tentative avortée sur ygg-service !")
-
-                return redirect(url_for("dashboard"))
+            user, msg = authenticate_user(username, password, ip)
+            if user:
+                return redirect(url_for('dashboard'))
             else:
-                ip_record.count += 1
-                ip_record.last_attempt = datetime.utcnow()
-                if ip_record.count >= MAX_ATTEMPTS:
-                    ip_record.blocked_until = datetime.utcnow() + BLOCK_TIME
-                    msg = f"Trop de tentatives. Blocage pour {BLOCK_TIME.seconds // 60} minutes."
-                else:
-                    msg = f"Identifiants invalides ({ip_record.count}/{MAX_ATTEMPTS})"
-                db.session.commit()
                 flash(msg)
 
         return render_template("login.html")