Spectral/SpectralVPN
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Логин + SQL инъекции

Browse source
This commit is contained in:
Lev 2025-11-27 21:02:26 +03:00
parent e01363d916
commit 47cb2fb2c7
2 changed files with 39 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

10
API/main.py
View file

@ -5,9 +5,17 @@ app = FastAPI()
db = utils.DataBase("") db = utils.DataBase("")
@app.post("/registration") @app.post("/registration")
def reg(email: str, password: str) : def registration(email: str, password: str) :
answer = db.registration(email, password) answer = db.registration(email, password)
if answer["code"] == 1 : if answer["code"] == 1 :
HTTPException(400, "Email is busy.") HTTPException(400, "Email is busy.")
else :
return answer["data"]
@app.post("/login")
def login(email: str, password: str) :
answer = db.login(email, password)
if answer["code"] == 1 :
HTTPException(400, "Incorrect email or password.")
else : else :
return answer["data"] return answer["data"]

41
API/utils.py
View file

@ -2,6 +2,7 @@ import sqlite3
import pandas import pandas
import datetime import datetime
import hashlib import hashlib
import json
class DataBase : class DataBase :
def __init__(self, path: str) : def __init__(self, path: str) :
@ -14,14 +15,20 @@ class DataBase :
email TEXT NOT NULL UNIQUE, email TEXT NOT NULL UNIQUE,
pass_hash TEXT NOT NULL, pass_hash TEXT NOT NULL,
register TEXT NOT NULL, register TEXT NOT NULL,
urls TEXT DEFAULT "" urls TEXT DEFAULT "",
payment TEXT DEFAULT ""
) )
""") """)
self.con.commit() self.con.commit()
def read_table(self, sql_command: str) -> dict : def read_table(self, sql_command: str, params=None) -> dict :
return pandas.read_sql(sql_command, self.con).to_json() if params == None :
params = ()
return json.loads(pandas.read_sql(sql_command, self.con, params=params).to_json())
def get_hash(text: str) :
return hashlib.sha256(text.encode()).hexdigest()
def registration(self, email: str, passwd: str) : def registration(self, email: str, passwd: str) :
""" """
@ -30,17 +37,29 @@ class DataBase :
""" """
date = datetime.datetime.now() date = datetime.datetime.now()
try : try :
self.cur.execute(f""" self.cur.execute("""
INSERT INTO users (email, pass_hash, register) INSERT INTO users (email, pass_hash, register)
VALUES ({email} {hashlib.sha256(passwd.encode()).hexdigest()} {date.day}-{date.month}-{date.year}_{date.hour}:{date.minute}:{date.second}) VALUES (?, ?, ?)
""") """, (email, self.get_hash(passwd), f"{date.day}-{date.month}-{date.year} {date.hour}:{date.minute}:{date.second}"))
self.con.commit()
except : except :
return {"code": 1} return {"code": 1}
self.con.commit() data = self.read_table("""
data = self.read_table(f"""
SELECT id FROM users SELECT id FROM users
WHERE email = {email} WHERE email = ?
""") """, (email))
return {"code": 0, "data": {"id": data["id"]["0"], "email": email}} return {"code": 0, "data": {"id": data["id"]["0"], "email": email}}
def login(self, email: str, passwd: str) :
"""
0 - Success
1 - Incorrect email or password
"""
data = self.read_table("""
SELECT id, urls, payment FROM users
WHERE email = ? AND pass_hash = ?
""", (email, self.get_hash(passwd)))
if data["id"] == {} :
return {"code": 1}
else :
return {"code": 0, "data": {"id": data["id"]["0"], "email": email, "urls": data["urls"]["0"], "payment": data["payment"]["0"]}}