updated authentication of instances

2025-06-09 15:07:29 +02:00
parent e43718894b
commit 176ab4a194
10 changed files with 240 additions and 2 deletions
--- a/routes/pycache/main.cpython-313.pyc
+++ b/routes/pycache/main.cpython-313.pyc
--- a/routes/admin_api.py
+++ b/routes/admin_api.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, jsonify, request, current_app
+from flask import Blueprint, jsonify, request, current_app, make_response
 from functools import wraps
 from models import (
    KeyValueSettings, User, Room, Conversation, RoomFile,
@@ -13,6 +13,25 @@ import secrets

 admin_api = Blueprint('admin_api', __name__)

+def add_cors_headers(response):
+    """Add CORS headers to the response"""
+    response.headers['Access-Control-Allow-Origin'] = '*'
+    response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
+    response.headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization, X-API-Key, X-CSRF-Token'
+    return response
+
+@admin_api.before_request
+def handle_preflight():
+    """Handle preflight requests"""
+    if request.method == 'OPTIONS':
+        response = make_response()
+        return add_cors_headers(response)
+
+@admin_api.after_request
+def after_request(response):
+    """Add CORS headers to all responses"""
+    return add_cors_headers(response)
+
 def token_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
--- a/routes/main.py
+++ b/routes/main.py
@@ -482,6 +482,27 @@ def init_routes(main_bp):
        
        return jsonify(status_info)

+    @main_bp.route('/instances/<int:instance_id>/save-token', methods=['POST'])
+    @login_required
+    @require_password_change
+    def save_instance_token(instance_id):
+        if not os.environ.get('MASTER', 'false').lower() == 'true':
+            return jsonify({'error': 'Unauthorized'}), 403
+
+        instance = Instance.query.get_or_404(instance_id)
+        data = request.get_json()
+        
+        if not data or 'token' not in data:
+            return jsonify({'error': 'Token is required'}), 400
+        
+        try:
+            instance.connection_token = data['token']
+            db.session.commit()
+            return jsonify({'message': 'Token saved successfully'})
+        except Exception as e:
+            db.session.rollback()
+            return jsonify({'error': str(e)}), 400
+
    UPLOAD_FOLDER = '/app/uploads/profile_pics'
    if not os.path.exists(UPLOAD_FOLDER):
        os.makedirs(UPLOAD_FOLDER)