v1

server/routes/auth.py

@@ -0,0 +1,31 @@
+"""Authentication routes for admin access."""
+from __future__ import annotations
+
+from flask import Blueprint, flash, redirect, render_template, request, session, url_for
+
+from .. import settings
+
+bp = Blueprint("auth", __name__, url_prefix="/auth")
+
+
+@bp.route("/login", methods=["GET", "POST"])
+def login():
+    """Handle user login."""
+    if request.method == "POST":
+        username = request.form.get("username")
+        password = request.form.get("password")
+
+        if username == settings.ADMIN_USERNAME and password == settings.ADMIN_PASSWORD:
+            session["logged_in"] = True
+            return redirect("/admin/")
+        else:
+            flash("Invalid credentials")
+
+    return render_template("login.html")
+
+
+@bp.route("/logout")
+def logout():
+    """Handle user logout."""
+    session.pop("logged_in", None)
+    return redirect("/auth/login")