protected app

2026-02-06 02:42:39 +01:00 · 2026-02-06 02:42:39 +01:00 · 0313821f59
commit 0313821f59
parent 06bbaa1d82
4 changed files with 618 additions and 365 deletions
--- a/app.py
+++ b/app.py
@ -3,13 +3,15 @@ Belegscanner - KI-Dokumentenanalyse
 Python Flask Web App mit CORS-Unterstützung und Poweron Design
 """

-from flask import Flask, render_template, request, jsonify
+from flask import Flask, render_template, request, jsonify, session, redirect, url_for
 from flask_cors import CORS
+from functools import wraps
 import requests
 import base64
 import json
 import re
 import io
+import os

 # PDF Support
 try:
@ -21,7 +23,29 @@ except ImportError:
    print("Installieren mit: pip install pymupdf")

 app = Flask(__name__)
-CORS(app)  # CORS für alle Routen aktivieren
+app.secret_key = os.environ.get('SECRET_KEY', 'poweron-secret-key-change-in-production')
+CORS(app, supports_credentials=True)  # CORS für alle Routen aktivieren
+
+# ============================================================================
+# Authentication
+# ============================================================================
+
+# Einfache Credentials (für minimalen Schutz)
+AUTH_USERNAME = os.environ.get('AUTH_USERNAME', 'poweron')
+AUTH_PASSWORD = os.environ.get('AUTH_PASSWORD', 'poweron')
+
+
+def _loginRequired(f):
+    """Decorator für geschützte Routen"""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not session.get('logged_in'):
+            # Bei API-Calls JSON zurückgeben, sonst redirect
+            if request.path.startswith('/api/'):
+                return jsonify({'error': 'Nicht autorisiert', 'login_required': True}), 401
+            return redirect(url_for('_login'))
+        return f(*args, **kwargs)
+    return decorated_function


 # ============================================================================
@ -120,13 +144,40 @@ def _isVisionModel(modelName):
 # Routes
 # ============================================================================

+@app.route('/login', methods=['GET', 'POST'])
+def _login():
+    """Login-Seite"""
+    error = None
+    if request.method == 'POST':
+        username = request.form.get('username', '')
+        password = request.form.get('password', '')
+        
+        if username == AUTH_USERNAME and password == AUTH_PASSWORD:
+            session['logged_in'] = True
+            session['username'] = username
+            return redirect(url_for('_index'))
+        else:
+            error = 'Ungültige Anmeldedaten'
+    
+    return render_template('login.html', error=error)
+
+
+@app.route('/logout')
+def _logout():
+    """Logout"""
+    session.clear()
+    return redirect(url_for('_login'))
+
+
@app.route('/')
+@_loginRequired
 def _index():
    """Hauptseite mit dem Belegscanner UI"""
    return render_template('index.html')


@app.route('/api/analyze', methods=['POST'])
+@_loginRequired
 def _analyzeDocument():
    """
    Analysiert ein Dokument mit Ollama Vision API oder verarbeitet Text mit Non-Vision Modellen
@ -221,6 +272,7 @@ def _healthCheck():


@app.route('/api/pdf/extract', methods=['POST'])
+@_loginRequired
 def _extractPdfImages():
    """
    Extrahiert Bilder aus einem PDF.
@ -263,6 +315,7 @@ def _extractPdfImages():


@app.route('/api/ollama/status', methods=['GET'])
+@_loginRequired
 def _ollamaStatus():
    """Prüft ob Ollama erreichbar ist und listet verfügbare Modelle"""
    ollamaUrl = request.args.get('url', 'http://localhost:11434')
--- a/setupserver.md
+++ b/setupserver.md
--- a/templates/index.html
+++ b/templates/index.html
@ -630,7 +630,8 @@
 </head>
 <body>
    <header>
-        <div class="app-container">
+        <div class="app-container" style="display: flex; justify-content: space-between; align-items: center;">
+            <div>
                <div class="logo">
                    <div class="logo-icon">
                        <img src="{{ url_for('static', filename='poweron-logo.png') }}" alt="Poweron">
@ -639,6 +640,8 @@
                </div>
                <p class="subtitle">KI-gestützte Dokumentenanalyse</p>
            </div>
+            <a href="{{ url_for('_logout') }}" class="btn btn-secondary btn-small" style="text-decoration: none;">Abmelden</a>
+        </div>
    </header>

    <div class="app-container">
--- a/templates/login.html
+++ b/templates/login.html
@ -0,0 +1,224 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login – Belegscanner</title>
+    <link rel="icon" type="image/png" href="{{ url_for('static', filename='favicon.png') }}">
+    <style>
+        @import url('https://fonts.googleapis.com/css2?family=DM+Sans:ital,opsz,wght@0,9..40,400;0,9..40,500;0,9..40,700&family=JetBrains+Mono:wght@400;500&display=swap');
+
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        /* Poweron Design System - Light Theme */
+        :root {
+            --color-bg: #F8F9FA;
+            --color-surface: #ffffff;
+            --color-surface-elevated: #f5f5f5;
+            --color-text: #1a1a1a;
+            --color-text-secondary: #666666;
+            --color-text-muted: #888888;
+
+            --color-primary: #F25843;
+            --color-primary-hover: #D94A37;
+            --color-primary-disabled: #F5B0A4;
+            --color-primary-glow: rgba(242, 88, 67, 0.12);
+
+            --color-border: #e0e0e0;
+            --color-border-hover: #d0d0d0;
+
+            --color-error: #dc2626;
+
+            --font-family: "DM Sans", "Trebuchet MS", sans-serif;
+            --font-mono: 'JetBrains Mono', monospace;
+
+            --radius-large: 30px;
+            --radius-medium: 15px;
+            --radius-small: 8px;
+        }
+
+        body {
+            font-family: var(--font-family);
+            background: var(--color-bg);
+            color: var(--color-text);
+            min-height: 100vh;
+            line-height: 1.6;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+
+        .login-container {
+            width: 100%;
+            max-width: 400px;
+            padding: 2rem;
+        }
+
+        .login-card {
+            background: var(--color-surface);
+            border: 1px solid var(--color-border);
+            border-radius: var(--radius-medium);
+            padding: 2.5rem;
+            box-shadow: 0 4px 20px rgba(0, 0, 0, 0.08);
+        }
+
+        .logo {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            margin-bottom: 2rem;
+        }
+
+        .logo-icon {
+            width: 80px;
+            height: 80px;
+            margin-bottom: 1rem;
+        }
+
+        .logo-icon img {
+            width: 100%;
+            height: 100%;
+            object-fit: contain;
+        }
+
+        h1 {
+            font-size: 1.5rem;
+            font-weight: 700;
+            letter-spacing: -0.02em;
+            color: var(--color-text);
+            text-align: center;
+        }
+
+        .subtitle {
+            color: var(--color-text-secondary);
+            font-size: 0.9rem;
+            text-align: center;
+            margin-top: 0.25rem;
+        }
+
+        .form-group {
+            margin-bottom: 1.25rem;
+        }
+
+        .form-group label {
+            display: block;
+            font-size: 0.8rem;
+            font-weight: 500;
+            color: var(--color-text-secondary);
+            text-transform: uppercase;
+            letter-spacing: 0.03em;
+            margin-bottom: 0.5rem;
+        }
+
+        .form-group input {
+            width: 100%;
+            padding: 0.875rem 1rem;
+            background: var(--color-surface-elevated);
+            border: 1px solid var(--color-border);
+            border-radius: var(--radius-small);
+            color: var(--color-text);
+            font-family: inherit;
+            font-size: 1rem;
+            transition: border-color 0.2s, box-shadow 0.2s;
+        }
+
+        .form-group input:focus {
+            outline: none;
+            border-color: var(--color-primary);
+            box-shadow: 0 0 0 3px var(--color-primary-glow);
+        }
+
+        .error-message {
+            background: rgba(220, 38, 38, 0.1);
+            border: 1px solid rgba(220, 38, 38, 0.3);
+            border-radius: var(--radius-small);
+            padding: 0.875rem 1rem;
+            color: var(--color-error);
+            font-size: 0.9rem;
+            margin-bottom: 1.25rem;
+            text-align: center;
+        }
+
+        .btn {
+            display: inline-flex;
+            align-items: center;
+            justify-content: center;
+            width: 100%;
+            padding: 0.875rem 1.5rem;
+            border-radius: var(--radius-large);
+            font-family: inherit;
+            font-size: 1rem;
+            font-weight: 500;
+            cursor: pointer;
+            transition: all 0.2s ease;
+            border: none;
+        }
+
+        .btn-primary {
+            background: var(--color-primary);
+            color: white;
+        }
+
+        .btn-primary:hover {
+            background: var(--color-primary-hover);
+            transform: translateY(-1px);
+        }
+
+        .footer-brand {
+            margin-top: 2rem;
+            text-align: center;
+            color: var(--color-text-muted);
+            font-size: 0.75rem;
+        }
+
+        .footer-brand a {
+            color: var(--color-primary);
+            text-decoration: none;
+            font-weight: 500;
+        }
+
+        .footer-brand a:hover {
+            text-decoration: underline;
+        }
+    </style>
+</head>
+<body>
+    <div class="login-container">
+        <div class="login-card">
+            <div class="logo">
+                <div class="logo-icon">
+                    <img src="{{ url_for('static', filename='poweron-logo.png') }}" alt="Poweron">
+                </div>
+                <h1>Belegscanner</h1>
+                <p class="subtitle">Bitte melden Sie sich an</p>
+            </div>
+
+            {% if error %}
+            <div class="error-message">{{ error }}</div>
+            {% endif %}
+
+            <form method="POST" action="{{ url_for('_login') }}">
+                <div class="form-group">
+                    <label for="username">Benutzername</label>
+                    <input type="text" id="username" name="username" required autofocus>
+                </div>
+
+                <div class="form-group">
+                    <label for="password">Passwort</label>
+                    <input type="password" id="password" name="password" required>
+                </div>
+
+                <button type="submit" class="btn btn-primary">Anmelden</button>
+            </form>
+        </div>
+
+        <div class="footer-brand">
+            Powered by <a href="#">Poweron</a>
+        </div>
+    </div>
+</body>
+</html>