Update admin_api.py
This commit is contained in:
@@ -4,14 +4,13 @@ from models import (
|
||||
KeyValueSettings, User, Room, Conversation, RoomFile,
|
||||
SiteSettings, DocuPulseSettings, Event, Mail, ManagementAPIKey
|
||||
)
|
||||
from extensions import db
|
||||
from extensions import db, csrf
|
||||
from datetime import datetime, timedelta
|
||||
import os
|
||||
import jwt
|
||||
from werkzeug.security import generate_password_hash
|
||||
import secrets
|
||||
from flask_login import login_user
|
||||
from flask_wtf.csrf import csrf_exempt
|
||||
|
||||
admin_api = Blueprint('admin_api', __name__)
|
||||
|
||||
@@ -73,7 +72,7 @@ def validate_management_api_key(api_key):
|
||||
return False
|
||||
|
||||
@admin_api.route('/login', methods=['POST'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
def admin_login():
|
||||
try:
|
||||
# Check if this is an API request
|
||||
@@ -132,7 +131,7 @@ def admin_login():
|
||||
return redirect(url_for('auth.login'))
|
||||
|
||||
@admin_api.route('/management-token', methods=['POST'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
def get_management_token():
|
||||
"""Generate a JWT token for the management tool using API key authentication"""
|
||||
api_key = request.headers.get('X-API-Key')
|
||||
@@ -150,7 +149,7 @@ def get_management_token():
|
||||
})
|
||||
|
||||
@admin_api.route('/management-api-key', methods=['POST'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def create_management_api_key(current_user):
|
||||
"""Create a new API key for the management tool (only accessible by admin users)"""
|
||||
@@ -178,7 +177,7 @@ def create_management_api_key(current_user):
|
||||
}), 201
|
||||
|
||||
@admin_api.route('/management-api-keys', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def list_management_api_keys(current_user):
|
||||
"""List all management API keys (only accessible by admin users)"""
|
||||
@@ -196,7 +195,7 @@ def list_management_api_keys(current_user):
|
||||
} for key in keys])
|
||||
|
||||
@admin_api.route('/management-api-key/<int:key_id>', methods=['DELETE'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def revoke_management_api_key(current_user, key_id):
|
||||
"""Revoke a management API key (only accessible by admin users)"""
|
||||
@@ -213,7 +212,7 @@ def revoke_management_api_key(current_user, key_id):
|
||||
|
||||
# Key-Value Settings CRUD
|
||||
@admin_api.route('/key-value', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_key_values(current_user):
|
||||
settings = KeyValueSettings.query.all()
|
||||
@@ -228,7 +227,7 @@ def get_key_value(current_user, key):
|
||||
return jsonify({'key': setting.key, 'value': setting.value})
|
||||
|
||||
@admin_api.route('/key-value', methods=['POST'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def create_key_value(current_user):
|
||||
data = request.get_json()
|
||||
@@ -241,7 +240,7 @@ def create_key_value(current_user):
|
||||
return jsonify({'message': 'Key-value pair created successfully'}), 201
|
||||
|
||||
@admin_api.route('/key-value/<key>', methods=['PUT'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def update_key_value(current_user, key):
|
||||
setting = KeyValueSettings.query.filter_by(key=key).first()
|
||||
@@ -257,7 +256,7 @@ def update_key_value(current_user, key):
|
||||
return jsonify({'message': 'Key-value pair updated successfully'})
|
||||
|
||||
@admin_api.route('/key-value/<key>', methods=['DELETE'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def delete_key_value(current_user, key):
|
||||
setting = KeyValueSettings.query.filter_by(key=key).first()
|
||||
@@ -270,7 +269,7 @@ def delete_key_value(current_user, key):
|
||||
|
||||
# Contacts (Users) CRUD
|
||||
@admin_api.route('/contacts', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_contacts(current_user):
|
||||
users = User.query.all()
|
||||
@@ -287,7 +286,7 @@ def get_contacts(current_user):
|
||||
} for user in users])
|
||||
|
||||
@admin_api.route('/contacts/<int:user_id>', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_contact(current_user, user_id):
|
||||
user = User.query.get(user_id)
|
||||
@@ -306,7 +305,7 @@ def get_contact(current_user, user_id):
|
||||
})
|
||||
|
||||
@admin_api.route('/contacts', methods=['POST'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def create_contact(current_user):
|
||||
data = request.get_json()
|
||||
@@ -332,7 +331,7 @@ def create_contact(current_user):
|
||||
return jsonify({'message': 'Contact created successfully', 'id': user.id}), 201
|
||||
|
||||
@admin_api.route('/contacts/<int:user_id>', methods=['PUT'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def update_contact(current_user, user_id):
|
||||
user = User.query.get(user_id)
|
||||
@@ -359,7 +358,7 @@ def update_contact(current_user, user_id):
|
||||
return jsonify({'message': 'Contact updated successfully'})
|
||||
|
||||
@admin_api.route('/contacts/<int:user_id>', methods=['DELETE'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def delete_contact(current_user, user_id):
|
||||
user = User.query.get(user_id)
|
||||
@@ -372,7 +371,7 @@ def delete_contact(current_user, user_id):
|
||||
|
||||
# Statistics
|
||||
@admin_api.route('/statistics', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_statistics(current_user):
|
||||
room_count = Room.query.count()
|
||||
@@ -392,7 +391,7 @@ def get_statistics(current_user):
|
||||
|
||||
# Website Settings CRUD
|
||||
@admin_api.route('/settings', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_settings(current_user):
|
||||
settings = SiteSettings.get_settings()
|
||||
@@ -414,7 +413,7 @@ def get_settings(current_user):
|
||||
})
|
||||
|
||||
@admin_api.route('/settings', methods=['PUT'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def update_settings(current_user):
|
||||
settings = SiteSettings.get_settings()
|
||||
@@ -429,7 +428,7 @@ def update_settings(current_user):
|
||||
|
||||
# Website Logs
|
||||
@admin_api.route('/logs', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_logs(current_user):
|
||||
page = request.args.get('page', 1, type=int)
|
||||
@@ -456,7 +455,7 @@ def get_logs(current_user):
|
||||
|
||||
# Mail Logs
|
||||
@admin_api.route('/mail-logs', methods=['GET'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def get_mail_logs(current_user):
|
||||
page = request.args.get('page', 1, type=int)
|
||||
@@ -483,7 +482,7 @@ def get_mail_logs(current_user):
|
||||
|
||||
# Resend Setup Mail
|
||||
@admin_api.route('/resend-setup-mail/<int:user_id>', methods=['POST'])
|
||||
@csrf_exempt
|
||||
@csrf.exempt
|
||||
@token_required
|
||||
def resend_setup_mail(current_user, user_id):
|
||||
user = User.query.get(user_id)
|
||||
|
||||
Reference in New Issue
Block a user