Update admin_api.py
This commit is contained in:
@@ -14,6 +14,31 @@ import ipaddress
|
|||||||
|
|
||||||
admin_api = Blueprint('admin_api', __name__)
|
admin_api = Blueprint('admin_api', __name__)
|
||||||
|
|
||||||
|
def token_required(f):
|
||||||
|
@wraps(f)
|
||||||
|
def decorated(*args, **kwargs):
|
||||||
|
token = None
|
||||||
|
if 'Authorization' in request.headers:
|
||||||
|
token = request.headers['Authorization'].split(" ")[1]
|
||||||
|
|
||||||
|
if not token:
|
||||||
|
return jsonify({'message': 'Token is missing!'}), 401
|
||||||
|
|
||||||
|
try:
|
||||||
|
data = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])
|
||||||
|
# Check if it's a management tool token
|
||||||
|
if data.get('is_management'):
|
||||||
|
return f(None, *args, **kwargs) # Pass None as current_user for management tool
|
||||||
|
|
||||||
|
current_user = User.query.get(data['user_id'])
|
||||||
|
if not current_user or not current_user.is_admin:
|
||||||
|
return jsonify({'message': 'Invalid token or insufficient permissions!'}), 401
|
||||||
|
except:
|
||||||
|
return jsonify({'message': 'Invalid token!'}), 401
|
||||||
|
|
||||||
|
return f(current_user, *args, **kwargs)
|
||||||
|
return decorated
|
||||||
|
|
||||||
def docker_network_required(f):
|
def docker_network_required(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
def decorated(*args, **kwargs):
|
def decorated(*args, **kwargs):
|
||||||
@@ -145,31 +170,6 @@ def revoke_management_api_key(current_user, key_id):
|
|||||||
db.session.commit()
|
db.session.commit()
|
||||||
return jsonify({'message': 'API key revoked successfully'})
|
return jsonify({'message': 'API key revoked successfully'})
|
||||||
|
|
||||||
def token_required(f):
|
|
||||||
@wraps(f)
|
|
||||||
def decorated(*args, **kwargs):
|
|
||||||
token = None
|
|
||||||
if 'Authorization' in request.headers:
|
|
||||||
token = request.headers['Authorization'].split(" ")[1]
|
|
||||||
|
|
||||||
if not token:
|
|
||||||
return jsonify({'message': 'Token is missing!'}), 401
|
|
||||||
|
|
||||||
try:
|
|
||||||
data = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=["HS256"])
|
|
||||||
# Check if it's a management tool token
|
|
||||||
if data.get('is_management'):
|
|
||||||
return f(None, *args, **kwargs) # Pass None as current_user for management tool
|
|
||||||
|
|
||||||
current_user = User.query.get(data['user_id'])
|
|
||||||
if not current_user or not current_user.is_admin:
|
|
||||||
return jsonify({'message': 'Invalid token or insufficient permissions!'}), 401
|
|
||||||
except:
|
|
||||||
return jsonify({'message': 'Invalid token!'}), 401
|
|
||||||
|
|
||||||
return f(current_user, *args, **kwargs)
|
|
||||||
return decorated
|
|
||||||
|
|
||||||
# Key-Value Settings CRUD
|
# Key-Value Settings CRUD
|
||||||
@admin_api.route('/key-value', methods=['GET'])
|
@admin_api.route('/key-value', methods=['GET'])
|
||||||
@token_required
|
@token_required
|
||||||
|
|||||||
Reference in New Issue
Block a user