Update admin_api.py

2025-06-09 22:43:57 +02:00
parent 326bd1bd72
commit f71b461e29
1 changed files with 47 additions and 23 deletions
--- a/routes/admin_api.py
+++ b/routes/admin_api.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, jsonify, request, current_app, make_response
+from flask import Blueprint, jsonify, request, current_app, make_response, flash, redirect, url_for
 from functools import wraps
 from models import (
    KeyValueSettings, User, Room, Conversation, RoomFile,
@@ -10,6 +10,7 @@ import os
 import jwt
 from werkzeug.security import generate_password_hash
 import secrets
+from flask_login import login_user

 admin_api = Blueprint('admin_api', __name__)

@@ -73,37 +74,60 @@ def validate_management_api_key(api_key):
@admin_api.route('/login', methods=['POST'])
 def admin_login():
    try:
-        data = request.get_json()
+        # Check if this is an API request
+        is_api_request = request.headers.get('Accept') == 'application/json' or \
+                        request.headers.get('Content-Type') == 'application/json'
+
+        if is_api_request:
+            data = request.get_json()
+        else:
+            data = request.form
+
        if not data or 'email' not in data or 'password' not in data:
-            return jsonify({
-                'message': 'Email and password are required',
-                'status': 'error'
-            }), 400
+            if is_api_request:
+                return jsonify({
+                    'message': 'Email and password are required',
+                    'status': 'error'
+                }), 400
+            flash('Email and password are required', 'error')
+            return redirect(url_for('auth.login'))

        user = User.query.filter_by(email=data['email']).first()
        if not user or not user.is_admin or not user.check_password(data['password']):
+            if is_api_request:
+                return jsonify({
+                    'message': 'Invalid credentials or not an admin',
+                    'status': 'error'
+                }), 401
+            flash('Invalid credentials or not an admin', 'error')
+            return redirect(url_for('auth.login'))
+
+        # For API requests, return JWT token
+        if is_api_request:
+            token = jwt.encode({
+                'user_id': user.id,
+                'is_admin': True,
+                'exp': datetime.utcnow() + timedelta(days=1)  # Token expires in 1 day
+            }, current_app.config['SECRET_KEY'], algorithm="HS256")
+
            return jsonify({
-                'message': 'Invalid credentials or not an admin',
-                'status': 'error'
-            }), 401
+                'token': token,
+                'status': 'success'
+            }), 200

-        token = jwt.encode({
-            'user_id': user.id,
-            'is_admin': True,
-            'exp': datetime.utcnow() + timedelta(days=1)  # Token expires in 1 day
-        }, current_app.config['SECRET_KEY'], algorithm="HS256")
-
-        return jsonify({
-            'token': token,
-            'status': 'success'
-        }), 200
+        # For web requests, use session-based auth
+        login_user(user)
+        return redirect(url_for('main.dashboard'))

    except Exception as e:
        current_app.logger.error(f"Login error: {str(e)}")
-        return jsonify({
-            'message': 'An error occurred during login',
-            'status': 'error'
-        }), 500
+        if is_api_request:
+            return jsonify({
+                'message': 'An error occurred during login',
+                'status': 'error'
+            }), 500
+        flash('An error occurred during login', 'error')
+        return redirect(url_for('auth.login'))

@admin_api.route('/management-token', methods=['POST'])
 def get_management_token():