Kobe/docupulse
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update admin_api.py

Browse Source
This commit is contained in:
Kobe
2025-06-09 22:43:57 +02:00
parent 326bd1bd72
commit f71b461e29
1 changed files with 47 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
routes/admin_api.py
View File

@@ -1,4 +1,4 @@
from flask import Blueprint, jsonify, request, current_app, make_response from flask import Blueprint, jsonify, request, current_app, make_response, flash, redirect, url_for
from functools import wraps from functools import wraps
from models import ( from models import (
KeyValueSettings, User, Room, Conversation, RoomFile, KeyValueSettings, User, Room, Conversation, RoomFile,
@@ -10,6 +10,7 @@ import os
import jwt import jwt
from werkzeug.security import generate_password_hash from werkzeug.security import generate_password_hash
import secrets import secrets
from flask_login import login_user
admin_api = Blueprint('admin_api', __name__) admin_api = Blueprint('admin_api', __name__)
@@ -73,20 +74,36 @@ def validate_management_api_key(api_key):
@admin_api.route('/login', methods=['POST']) @admin_api.route('/login', methods=['POST'])
def admin_login(): def admin_login():
try: try:
# Check if this is an API request
is_api_request = request.headers.get('Accept') == 'application/json' or \
request.headers.get('Content-Type') == 'application/json'
if is_api_request:
data = request.get_json() data = request.get_json()
else:
data = request.form
if not data or 'email' not in data or 'password' not in data: if not data or 'email' not in data or 'password' not in data:
if is_api_request:
return jsonify({ return jsonify({
'message': 'Email and password are required', 'message': 'Email and password are required',
'status': 'error' 'status': 'error'
}), 400 }), 400
flash('Email and password are required', 'error')
return redirect(url_for('auth.login'))
user = User.query.filter_by(email=data['email']).first() user = User.query.filter_by(email=data['email']).first()
if not user or not user.is_admin or not user.check_password(data['password']): if not user or not user.is_admin or not user.check_password(data['password']):
if is_api_request:
return jsonify({ return jsonify({
'message': 'Invalid credentials or not an admin', 'message': 'Invalid credentials or not an admin',
'status': 'error' 'status': 'error'
}), 401 }), 401
flash('Invalid credentials or not an admin', 'error')
return redirect(url_for('auth.login'))
# For API requests, return JWT token
if is_api_request:
token = jwt.encode({ token = jwt.encode({
'user_id': user.id, 'user_id': user.id,
'is_admin': True, 'is_admin': True,
@@ -98,12 +115,19 @@ def admin_login():
'status': 'success' 'status': 'success'
}), 200 }), 200
# For web requests, use session-based auth
login_user(user)
return redirect(url_for('main.dashboard'))
except Exception as e: except Exception as e:
current_app.logger.error(f"Login error: {str(e)}") current_app.logger.error(f"Login error: {str(e)}")
if is_api_request:
return jsonify({ return jsonify({
'message': 'An error occurred during login', 'message': 'An error occurred during login',
'status': 'error' 'status': 'error'
}), 500 }), 500
flash('An error occurred during login', 'error')
return redirect(url_for('auth.login'))
@admin_api.route('/management-token', methods=['POST']) @admin_api.route('/management-token', methods=['POST'])
def get_management_token(): def get_management_token():