Microdot supports using sessions to have some kind of identification. We could use this to provide authentication to reach the control panel, securing it from potential malicious actors.
The biggest challenge to this at the moment (as I see it) is storing the password. MicroPython provides a limited number of hashing functions and none of them are salted.
As such, the best-effort way to store a password would be something like:
import hashlib, binascii
# [...]
password = 'admin' # We'd grab this from an input, probably on the settings page.
hash = hashlib.sha256(password.encode())
hash_for_storage = binascii.hexlify(hash.digest())
CONFIG['users']['username'] = hash_for_storage
Then authentication could be handled as:
import hashlib, binascii
from microdot.session import Session, with_session
# [...]
username = 'admin' # This would be an input from a sign-in page.
password = 'admin' # Ditto
hash = hashlib.sha256(password.encode())
hash_for_comparison = binascii.hexlify(hash.digest())
if hash_for_comparison == CONFIG['users'][username]:
session['username'] = username
session.save()
For this to be relevant, #1 should be handled first.
Microdot supports using sessions to have some kind of identification. We could use this to provide authentication to reach the control panel, securing it from potential malicious actors.
The biggest challenge to this at the moment (as I see it) is storing the password. MicroPython provides a limited number of hashing functions and none of them are salted.
As such, the best-effort way to store a password would be something like:
Then authentication could be handled as:
For this to be relevant, #1 should be handled first.
Further reading/examples: https://github.com/miguelgrinberg/microdot/blob/main/examples/sessions/login.py