Update admin_api.py

routes/admin_api.py

@@ -11,6 +11,7 @@ import jwt
 from werkzeug.security import generate_password_hash
 import secrets
 from flask_login import login_user
+from flask_wtf.csrf import csrf_exempt
 
 admin_api = Blueprint('admin_api', __name__)
 
@@ -72,6 +73,7 @@ def validate_management_api_key(api_key):
     return False
 
 @admin_api.route('/login', methods=['POST'])
+@csrf_exempt
 def admin_login():
     try:
         # Check if this is an API request
@@ -130,6 +132,7 @@ def admin_login():
         return redirect(url_for('auth.login'))
 
 @admin_api.route('/management-token', methods=['POST'])
+@csrf_exempt 
 def get_management_token():
     """Generate a JWT token for the management tool using API key authentication"""
     api_key = request.headers.get('X-API-Key')
@@ -147,6 +150,7 @@ def get_management_token():
     })
 
 @admin_api.route('/management-api-key', methods=['POST'])
+@csrf_exempt
 @token_required
 def create_management_api_key(current_user):
     """Create a new API key for the management tool (only accessible by admin users)"""
@@ -174,6 +178,7 @@ def create_management_api_key(current_user):
     }), 201
 
 @admin_api.route('/management-api-keys', methods=['GET'])
+@csrf_exempt
 @token_required
 def list_management_api_keys(current_user):
     """List all management API keys (only accessible by admin users)"""
@@ -191,6 +196,7 @@ def list_management_api_keys(current_user):
     } for key in keys])
 
 @admin_api.route('/management-api-key/<int:key_id>', methods=['DELETE'])
+@csrf_exempt
 @token_required
 def revoke_management_api_key(current_user, key_id):
     """Revoke a management API key (only accessible by admin users)"""
@@ -207,6 +213,7 @@ def revoke_management_api_key(current_user, key_id):
 
 # Key-Value Settings CRUD
 @admin_api.route('/key-value', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_key_values(current_user):
     settings = KeyValueSettings.query.all()
@@ -221,6 +228,7 @@ def get_key_value(current_user, key):
     return jsonify({'key': setting.key, 'value': setting.value})
 
 @admin_api.route('/key-value', methods=['POST'])
+@csrf_exempt
 @token_required
 def create_key_value(current_user):
     data = request.get_json()
@@ -233,6 +241,7 @@ def create_key_value(current_user):
     return jsonify({'message': 'Key-value pair created successfully'}), 201
 
 @admin_api.route('/key-value/<key>', methods=['PUT'])
+@csrf_exempt
 @token_required
 def update_key_value(current_user, key):
     setting = KeyValueSettings.query.filter_by(key=key).first()
@@ -248,6 +257,7 @@ def update_key_value(current_user, key):
     return jsonify({'message': 'Key-value pair updated successfully'})
 
 @admin_api.route('/key-value/<key>', methods=['DELETE'])
+@csrf_exempt
 @token_required
 def delete_key_value(current_user, key):
     setting = KeyValueSettings.query.filter_by(key=key).first()
@@ -260,6 +270,7 @@ def delete_key_value(current_user, key):
 
 # Contacts (Users) CRUD
 @admin_api.route('/contacts', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_contacts(current_user):
     users = User.query.all()
@@ -276,6 +287,7 @@ def get_contacts(current_user):
     } for user in users])
 
 @admin_api.route('/contacts/<int:user_id>', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_contact(current_user, user_id):
     user = User.query.get(user_id)
@@ -294,6 +306,7 @@ def get_contact(current_user, user_id):
     })
 
 @admin_api.route('/contacts', methods=['POST'])
+@csrf_exempt
 @token_required
 def create_contact(current_user):
     data = request.get_json()
@@ -319,6 +332,7 @@ def create_contact(current_user):
     return jsonify({'message': 'Contact created successfully', 'id': user.id}), 201
 
 @admin_api.route('/contacts/<int:user_id>', methods=['PUT'])
+@csrf_exempt
 @token_required
 def update_contact(current_user, user_id):
     user = User.query.get(user_id)
@@ -345,6 +359,7 @@ def update_contact(current_user, user_id):
     return jsonify({'message': 'Contact updated successfully'})
 
 @admin_api.route('/contacts/<int:user_id>', methods=['DELETE'])
+@csrf_exempt
 @token_required
 def delete_contact(current_user, user_id):
     user = User.query.get(user_id)
@@ -357,6 +372,7 @@ def delete_contact(current_user, user_id):
 
 # Statistics
 @admin_api.route('/statistics', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_statistics(current_user):
     room_count = Room.query.count()
@@ -376,6 +392,7 @@ def get_statistics(current_user):
 
 # Website Settings CRUD
 @admin_api.route('/settings', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_settings(current_user):
     settings = SiteSettings.get_settings()
@@ -397,6 +414,7 @@ def get_settings(current_user):
     })
 
 @admin_api.route('/settings', methods=['PUT'])
+@csrf_exempt
 @token_required
 def update_settings(current_user):
     settings = SiteSettings.get_settings()
@@ -411,6 +429,7 @@ def update_settings(current_user):
 
 # Website Logs
 @admin_api.route('/logs', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_logs(current_user):
     page = request.args.get('page', 1, type=int)
@@ -437,6 +456,7 @@ def get_logs(current_user):
 
 # Mail Logs
 @admin_api.route('/mail-logs', methods=['GET'])
+@csrf_exempt
 @token_required
 def get_mail_logs(current_user):
     page = request.args.get('page', 1, type=int)
@@ -463,6 +483,7 @@ def get_mail_logs(current_user):
 
 # Resend Setup Mail
 @admin_api.route('/resend-setup-mail/<int:user_id>', methods=['POST'])
+@csrf_exempt
 @token_required
 def resend_setup_mail(current_user, user_id):
     user = User.query.get(user_id)