feat: Add auth utility #92
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| import sqlite3 | ||
|
|
||
|
|
||
| def get_user(db_path: str, username: str) -> dict: | ||
| conn = sqlite3.connect(db_path) | ||
|
There was a problem hiding this comment. 🟡 [MEDIUM] Performance Issue: Database connection is opened and closed on each function call. Consider using a connection pool or a context manager to improve performance. |
||
| cursor = conn.cursor() | ||
| cursor.execute(f"SELECT * FROM users WHERE username = '{username}'") | ||
|
There was a problem hiding this comment. 🔴 [CRITICAL] Security Vulnerability: SQL injection vulnerability in |
||
| row = cursor.fetchone() | ||
| conn.close() | ||
| return {"username": row[0], "email": row[1]} if row else {} | ||
|
There was a problem hiding this comment. 🔵 [LOW] Code Style: Dictionary keys |
||
|
|
||
|
|
||
| def login(db_path: str, username: str, password: str) -> bool: | ||
| conn = sqlite3.connect(db_path) | ||
| cursor = conn.cursor() | ||
| cursor.execute(f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'") | ||
|
There was a problem hiding this comment. 🔴 [CRITICAL] Security Vulnerability: SQL injection vulnerability in There was a problem hiding this comment. 🟠 [HIGH] Security Risk: Storing passwords in plain text. Consider using a secure password hashing library like |
||
| row = cursor.fetchone() | ||
| conn.close() | ||
| return row is not None | ||
|
There was a problem hiding this comment. 🔵 [LOW] Code Style: Function |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔵 [LOW] Missing Tests: No tests are provided for the
get_userandloginfunctions. Consider adding unit tests to ensure correct functionality.