Update admin_api.py

2025-06-06 09:19:33 +02:00
parent 996f7dca16
commit 85b769f7dd
1 changed files with 25 additions and 25 deletions
--- a/routes/admin_api.py
+++ b/routes/admin_api.py
@@ -14,6 +14,31 @@ import ipaddress

 admin_api = Blueprint('admin_api', __name__)

+def token_required(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        token = None
+        if 'Authorization' in request.headers:
+            token = request.headers['Authorization'].split(" ")[1]
+        
+        if not token:
+            return jsonify({'message': 'Token is missing!'}), 401
+        
+        try:
+            data = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])
+            # Check if it's a management tool token
+            if data.get('is_management'):
+                return f(None, *args, **kwargs)  # Pass None as current_user for management tool
+            
+            current_user = User.query.get(data['user_id'])
+            if not current_user or not current_user.is_admin:
+                return jsonify({'message': 'Invalid token or insufficient permissions!'}), 401
+        except:
+            return jsonify({'message': 'Invalid token!'}), 401
+        
+        return f(current_user, *args, **kwargs)
+    return decorated
+
 def docker_network_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
@@ -145,31 +170,6 @@ def revoke_management_api_key(current_user, key_id):
    db.session.commit()
    return jsonify({'message': 'API key revoked successfully'})

-def token_required(f):
-    @wraps(f)
-    def decorated(*args, **kwargs):
-        token = None
-        if 'Authorization' in request.headers:
-            token = request.headers['Authorization'].split(" ")[1]
-        
-        if not token:
-            return jsonify({'message': 'Token is missing!'}), 401
-        
-        try:
-            data = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])
-            # Check if it's a management tool token
-            if data.get('is_management'):
-                return f(None, *args, **kwargs)  # Pass None as current_user for management tool
-            
-            current_user = User.query.get(data['user_id'])
-            if not current_user or not current_user.is_admin:
-                return jsonify({'message': 'Invalid token or insufficient permissions!'}), 401
-        except:
-            return jsonify({'message': 'Invalid token!'}), 401
-        
-        return f(current_user, *args, **kwargs)
-    return decorated
-
 # Key-Value Settings CRUD
@admin_api.route('/key-value', methods=['GET'])
@token_required