Kobe/docupulse
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update admin_api.py

Browse Source
This commit is contained in:
Kobe
2025-06-10 07:45:27 +02:00
parent f2361b94ba
commit 5c3cce1556
1 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
routes/admin_api.py
View File

@@ -4,14 +4,13 @@ from models import (
KeyValueSettings, User, Room, Conversation, RoomFile, KeyValueSettings, User, Room, Conversation, RoomFile,
SiteSettings, DocuPulseSettings, Event, Mail, ManagementAPIKey SiteSettings, DocuPulseSettings, Event, Mail, ManagementAPIKey
) )
from extensions import db from extensions import db, csrf
from datetime import datetime, timedelta from datetime import datetime, timedelta
import os import os
import jwt import jwt
from werkzeug.security import generate_password_hash from werkzeug.security import generate_password_hash
import secrets import secrets
from flask_login import login_user from flask_login import login_user
from flask_wtf.csrf import csrf_exempt
admin_api = Blueprint('admin_api', __name__) admin_api = Blueprint('admin_api', __name__)
@@ -73,7 +72,7 @@ def validate_management_api_key(api_key):
return False return False
@admin_api.route('/login', methods=['POST']) @admin_api.route('/login', methods=['POST'])
@csrf_exempt @csrf.exempt
def admin_login(): def admin_login():
try: try:
# Check if this is an API request # Check if this is an API request
@@ -132,7 +131,7 @@ def admin_login():
return redirect(url_for('auth.login')) return redirect(url_for('auth.login'))
@admin_api.route('/management-token', methods=['POST']) @admin_api.route('/management-token', methods=['POST'])
@csrf_exempt @csrf.exempt
def get_management_token(): def get_management_token():
"""Generate a JWT token for the management tool using API key authentication""" """Generate a JWT token for the management tool using API key authentication"""
api_key = request.headers.get('X-API-Key') api_key = request.headers.get('X-API-Key')
@@ -150,7 +149,7 @@ def get_management_token():
}) })
@admin_api.route('/management-api-key', methods=['POST']) @admin_api.route('/management-api-key', methods=['POST'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def create_management_api_key(current_user): def create_management_api_key(current_user):
"""Create a new API key for the management tool (only accessible by admin users)""" """Create a new API key for the management tool (only accessible by admin users)"""
@@ -178,7 +177,7 @@ def create_management_api_key(current_user):
}), 201 }), 201
@admin_api.route('/management-api-keys', methods=['GET']) @admin_api.route('/management-api-keys', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def list_management_api_keys(current_user): def list_management_api_keys(current_user):
"""List all management API keys (only accessible by admin users)""" """List all management API keys (only accessible by admin users)"""
@@ -196,7 +195,7 @@ def list_management_api_keys(current_user):
} for key in keys]) } for key in keys])
@admin_api.route('/management-api-key/<int:key_id>', methods=['DELETE']) @admin_api.route('/management-api-key/<int:key_id>', methods=['DELETE'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def revoke_management_api_key(current_user, key_id): def revoke_management_api_key(current_user, key_id):
"""Revoke a management API key (only accessible by admin users)""" """Revoke a management API key (only accessible by admin users)"""
@@ -213,7 +212,7 @@ def revoke_management_api_key(current_user, key_id):
# Key-Value Settings CRUD # Key-Value Settings CRUD
@admin_api.route('/key-value', methods=['GET']) @admin_api.route('/key-value', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_key_values(current_user): def get_key_values(current_user):
settings = KeyValueSettings.query.all() settings = KeyValueSettings.query.all()
@@ -228,7 +227,7 @@ def get_key_value(current_user, key):
return jsonify({'key': setting.key, 'value': setting.value}) return jsonify({'key': setting.key, 'value': setting.value})
@admin_api.route('/key-value', methods=['POST']) @admin_api.route('/key-value', methods=['POST'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def create_key_value(current_user): def create_key_value(current_user):
data = request.get_json() data = request.get_json()
@@ -241,7 +240,7 @@ def create_key_value(current_user):
return jsonify({'message': 'Key-value pair created successfully'}), 201 return jsonify({'message': 'Key-value pair created successfully'}), 201
@admin_api.route('/key-value/<key>', methods=['PUT']) @admin_api.route('/key-value/<key>', methods=['PUT'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def update_key_value(current_user, key): def update_key_value(current_user, key):
setting = KeyValueSettings.query.filter_by(key=key).first() setting = KeyValueSettings.query.filter_by(key=key).first()
@@ -257,7 +256,7 @@ def update_key_value(current_user, key):
return jsonify({'message': 'Key-value pair updated successfully'}) return jsonify({'message': 'Key-value pair updated successfully'})
@admin_api.route('/key-value/<key>', methods=['DELETE']) @admin_api.route('/key-value/<key>', methods=['DELETE'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def delete_key_value(current_user, key): def delete_key_value(current_user, key):
setting = KeyValueSettings.query.filter_by(key=key).first() setting = KeyValueSettings.query.filter_by(key=key).first()
@@ -270,7 +269,7 @@ def delete_key_value(current_user, key):
# Contacts (Users) CRUD # Contacts (Users) CRUD
@admin_api.route('/contacts', methods=['GET']) @admin_api.route('/contacts', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_contacts(current_user): def get_contacts(current_user):
users = User.query.all() users = User.query.all()
@@ -287,7 +286,7 @@ def get_contacts(current_user):
} for user in users]) } for user in users])
@admin_api.route('/contacts/<int:user_id>', methods=['GET']) @admin_api.route('/contacts/<int:user_id>', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_contact(current_user, user_id): def get_contact(current_user, user_id):
user = User.query.get(user_id) user = User.query.get(user_id)
@@ -306,7 +305,7 @@ def get_contact(current_user, user_id):
}) })
@admin_api.route('/contacts', methods=['POST']) @admin_api.route('/contacts', methods=['POST'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def create_contact(current_user): def create_contact(current_user):
data = request.get_json() data = request.get_json()
@@ -332,7 +331,7 @@ def create_contact(current_user):
return jsonify({'message': 'Contact created successfully', 'id': user.id}), 201 return jsonify({'message': 'Contact created successfully', 'id': user.id}), 201
@admin_api.route('/contacts/<int:user_id>', methods=['PUT']) @admin_api.route('/contacts/<int:user_id>', methods=['PUT'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def update_contact(current_user, user_id): def update_contact(current_user, user_id):
user = User.query.get(user_id) user = User.query.get(user_id)
@@ -359,7 +358,7 @@ def update_contact(current_user, user_id):
return jsonify({'message': 'Contact updated successfully'}) return jsonify({'message': 'Contact updated successfully'})
@admin_api.route('/contacts/<int:user_id>', methods=['DELETE']) @admin_api.route('/contacts/<int:user_id>', methods=['DELETE'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def delete_contact(current_user, user_id): def delete_contact(current_user, user_id):
user = User.query.get(user_id) user = User.query.get(user_id)
@@ -372,7 +371,7 @@ def delete_contact(current_user, user_id):
# Statistics # Statistics
@admin_api.route('/statistics', methods=['GET']) @admin_api.route('/statistics', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_statistics(current_user): def get_statistics(current_user):
room_count = Room.query.count() room_count = Room.query.count()
@@ -392,7 +391,7 @@ def get_statistics(current_user):
# Website Settings CRUD # Website Settings CRUD
@admin_api.route('/settings', methods=['GET']) @admin_api.route('/settings', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_settings(current_user): def get_settings(current_user):
settings = SiteSettings.get_settings() settings = SiteSettings.get_settings()
@@ -414,7 +413,7 @@ def get_settings(current_user):
}) })
@admin_api.route('/settings', methods=['PUT']) @admin_api.route('/settings', methods=['PUT'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def update_settings(current_user): def update_settings(current_user):
settings = SiteSettings.get_settings() settings = SiteSettings.get_settings()
@@ -429,7 +428,7 @@ def update_settings(current_user):
# Website Logs # Website Logs
@admin_api.route('/logs', methods=['GET']) @admin_api.route('/logs', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_logs(current_user): def get_logs(current_user):
page = request.args.get('page', 1, type=int) page = request.args.get('page', 1, type=int)
@@ -456,7 +455,7 @@ def get_logs(current_user):
# Mail Logs # Mail Logs
@admin_api.route('/mail-logs', methods=['GET']) @admin_api.route('/mail-logs', methods=['GET'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def get_mail_logs(current_user): def get_mail_logs(current_user):
page = request.args.get('page', 1, type=int) page = request.args.get('page', 1, type=int)
@@ -483,7 +482,7 @@ def get_mail_logs(current_user):
# Resend Setup Mail # Resend Setup Mail
@admin_api.route('/resend-setup-mail/<int:user_id>', methods=['POST']) @admin_api.route('/resend-setup-mail/<int:user_id>', methods=['POST'])
@csrf_exempt @csrf.exempt
@token_required @token_required
def resend_setup_mail(current_user, user_id): def resend_setup_mail(current_user, user_id):
user = User.query.get(user_id) user = User.query.get(user_id)