Spaces:
Sleeping
Sleeping
File size: 9,198 Bytes
daa81fb |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
import os
import base64
import streamlit as st
from app.db import supabase
def auth_view():
"""Render Supabase authentication with Login, Register, and Forgot Password tabs."""
# Wrapper (centered) for all auth content
left, center, right = st.columns([1, 2, 1])
with center:
# Header: smaller PNP logo and centered title
# Path logo
logo_path = os.path.join("assets", "pnp-logo.png")
# Convert ke base64 biar bisa di-embed langsung
def get_base64_image(path):
with open(path, "rb") as f:
return base64.b64encode(f.read()).decode()
encoded_logo = get_base64_image(logo_path)
# Render dalam satu div center
st.markdown(
f"""
<div style="text-align:center;">
<img src="data:image/png;base64,{encoded_logo}" width="100">
<h1 style="margin-top:0.25rem;">PNP bot</h1>
</div>
""",
unsafe_allow_html=True
)
# --- Password recovery handler (Supabase redirect) ---
# 1) Move hash params to query params on first load, then reload once
if not st.session_state.get("_hash_migrated"):
st.markdown(
"""
<script>
(function(){
const hash = window.location.hash.startsWith('#') ? window.location.hash.substring(1) : window.location.hash;
if (hash && !window.__hashMigrated) {
const h = new URLSearchParams(hash);
const qp = new URLSearchParams(window.location.search);
for (const [k,v] of h.entries()) { qp.set(k, v); }
const newUrl = window.location.pathname + '?' + qp.toString();
window.history.replaceState(null, '', newUrl);
window.location.hash = '';
window.__hashMigrated = true;
window.location.reload();
}
})();
</script>
""",
unsafe_allow_html=True,
)
st.session_state["_hash_migrated"] = True
# 2) Read query params for recovery flow
try:
qp = st.query_params # Streamlit >= 1.30
get_q = lambda k: qp.get(k, None)
except Exception:
qp = st.experimental_get_query_params()
get_q = lambda k: (qp.get(k, [None])[0] if isinstance(qp.get(k, None), list) else qp.get(k, None))
q_type = get_q("type")
if q_type == "recovery":
st.info("Reset password: silakan masukkan password baru Anda.")
access_token = get_q("access_token")
refresh_token = get_q("refresh_token")
with st.form("reset_password_form"):
npw = st.text_input("Password Baru", type="password")
npw2 = st.text_input("Konfirmasi Password Baru", type="password")
submit_reset = st.form_submit_button("Set Password Baru")
if submit_reset:
if not npw or len(npw) < 6:
st.error("Password minimal 6 karakter.")
elif npw != npw2:
st.error("Konfirmasi password tidak sama.")
elif not access_token or not refresh_token:
st.error("Token pemulihan tidak ditemukan. Coba klik ulang tautan dari email.")
else:
try:
# Set current session using tokens from redirect
supabase.auth.set_session(access_token, refresh_token)
# Update user password
supabase.auth.update_user({"password": npw})
st.success("Password berhasil diubah. Silakan login kembali.")
# Optional: clear recovery query params
try:
# Best-effort to clear params
st.markdown(
"""
<script>
(function(){
const qp = new URLSearchParams(window.location.search);
["type","access_token","refresh_token","expires_in","expires_at","token_type"].forEach(k=>qp.delete(k));
const newUrl = window.location.pathname + (qp.toString()?('?'+qp.toString()):'');
window.history.replaceState(null, '', newUrl);
})();
</script>
""",
unsafe_allow_html=True,
)
except Exception:
pass
except Exception as e:
st.error(f"Gagal mengubah password: {e}")
# When in recovery mode, do not render login/register tabs
return
# Auth tabs inside wrapper
tab_login, tab_register, tab_forgot = st.tabs(["Login", "Register", "Forgot Password"])
with tab_login:
with st.form("login_form"):
email = st.text_input("Email")
password = st.text_input("Password", type="password")
submitted = st.form_submit_button("Login")
if submitted:
# Demo password fallback
shared_pw = os.getenv("APP_DEMO_PASSWORD")
if shared_pw and password == shared_pw:
st.session_state["user"] = {"id": "demo-user", "email": email or "[email protected]"}
st.success("Login demo berhasil")
st.rerun()
try:
auth_res = supabase.auth.sign_in_with_password({
"email": email,
"password": password,
})
user = getattr(auth_res, "user", None)
if user:
st.session_state["user"] = {"id": user.id, "email": getattr(user, "email", email)}
session_obj = getattr(auth_res, "session", None)
if session_obj:
st.session_state["sb_session"] = {
"access_token": getattr(session_obj, "access_token", None),
"refresh_token": getattr(session_obj, "refresh_token", None),
}
st.success("Login berhasil")
st.rerun()
else:
st.error("Email atau password salah.")
except Exception as e:
st.error(f"Gagal login: {e}")
with tab_register:
st.caption("Buat akun baru. Anda akan menerima email konfirmasi.")
with st.form("register_form"):
r_email = st.text_input("Email", key="reg_email")
r_password = st.text_input("Password", type="password", key="reg_password")
r_password2 = st.text_input("Konfirmasi Password", type="password", key="reg_password2")
submitted_r = st.form_submit_button("Register")
if submitted_r:
if r_password != r_password2:
st.error("Password tidak sama.")
else:
try:
# Prefer explicit env, then generic site URL, then localhost for dev
redirect_url = os.getenv(
"SUPABASE_EMAIL_REDIRECT",
os.getenv("NEXT_PUBLIC_SITE_URL", "http://localhost:8501"),
)
supabase.auth.sign_up({
"email": r_email,
"password": r_password,
"options": {"email_redirect_to": redirect_url}
})
st.success("Registrasi berhasil. Silakan cek email untuk konfirmasi.")
except Exception as e:
st.error(f"Gagal registrasi: {e}")
with tab_forgot:
st.caption("Kirim tautan reset password ke email Anda.")
with st.form("forgot_form"):
f_email = st.text_input("Email", key="forgot_email")
submitted_f = st.form_submit_button("Kirim Link Reset")
if submitted_f:
try:
# Prefer explicit env, then generic site URL, then localhost for dev
redirect_url = os.getenv(
"SUPABASE_EMAIL_REDIRECT",
os.getenv("NEXT_PUBLIC_SITE_URL", "http://localhost:8501"),
)
supabase.auth.reset_password_for_email(f_email, {"redirect_to": redirect_url})
st.success("Email reset password telah dikirim. Periksa kotak masuk Anda.")
except Exception as e:
st.error(f"Gagal mengirim email reset password: {e}")
|