90 lines
3.1 KiB
Python
90 lines
3.1 KiB
Python
from django.http import JsonResponse
|
|
from django.shortcuts import render
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
from .models import PasswordEntry, MasterHash
|
|
from .utils import authenticate, derive_key, encrypt_password, decrypt_password
|
|
import json
|
|
|
|
def list_users(request):
|
|
users = PasswordEntry.objects.all()
|
|
return render(request, 'wallet_api/list_users.html', {'users': users})
|
|
|
|
@csrf_exempt
|
|
def add_password_api(request):
|
|
if request.method == 'POST':
|
|
data = json.loads(request.body)
|
|
master_password = data.get('master_password')
|
|
site = data.get('site')
|
|
username = data.get('username')
|
|
password = data.get('password')
|
|
client_id = data.get('client_id')
|
|
topic = data.get('topic')
|
|
|
|
if not authenticate(master_password):
|
|
return JsonResponse({"error": "Master password errata"}, status=403)
|
|
|
|
key = derive_key(master_password)
|
|
encrypted_password = encrypt_password(password, key)
|
|
|
|
PasswordEntry.objects.create(
|
|
site=site,
|
|
username=username,
|
|
password=encrypted_password,
|
|
client_id=client_id,
|
|
topic=topic
|
|
)
|
|
return JsonResponse({"message": "Password aggiunta con successo"})
|
|
|
|
@csrf_exempt
|
|
def get_password_api(request):
|
|
if request.method == 'POST':
|
|
data = json.loads(request.body)
|
|
master_password = data.get('master_password')
|
|
site = data.get('site')
|
|
|
|
if not authenticate(master_password):
|
|
return JsonResponse({"error": "Master password errata"}, status=403)
|
|
|
|
key = derive_key(master_password)
|
|
try:
|
|
entry = PasswordEntry.objects.get(site=site)
|
|
decrypted_password = decrypt_password(entry.password, key)
|
|
return JsonResponse({
|
|
"site": entry.site,
|
|
"username": entry.username,
|
|
"password": decrypted_password,
|
|
"client_id": entry.client_id,
|
|
"topic": entry.topic
|
|
})
|
|
except PasswordEntry.DoesNotExist:
|
|
return JsonResponse({"error": "Sito non trovato"}, status=404)
|
|
|
|
@csrf_exempt
|
|
def delete_password_api(request):
|
|
if request.method == 'POST':
|
|
data = json.loads(request.body)
|
|
master_password = data.get('master_password')
|
|
site = data.get('site')
|
|
|
|
if not authenticate(master_password):
|
|
return JsonResponse({"error": "Master password errata"}, status=403)
|
|
|
|
try:
|
|
entry = PasswordEntry.objects.get(site=site)
|
|
entry.delete()
|
|
return JsonResponse({"message": "Password cancellata con successo"})
|
|
except PasswordEntry.DoesNotExist:
|
|
return JsonResponse({"error": "Sito non trovato"}, status=404)
|
|
|
|
@csrf_exempt
|
|
def list_sites_api(request):
|
|
if request.method == 'POST':
|
|
data = json.loads(request.body)
|
|
master_password = data.get('master_password')
|
|
|
|
if not authenticate(master_password):
|
|
return JsonResponse({"error": "Master password errata"}, status=403)
|
|
|
|
sites = PasswordEntry.objects.values_list('site', flat=True)
|
|
return JsonResponse({"sites": list(sites)})
|