main: Added admin page
All checks were successful
Build Docker / Build Bot (push) Successful in 21s
Build Docker / Build Master (push) Successful in 27s

This commit is contained in:
Nathan Woodburn 2023-08-25 16:29:25 +10:00
parent 52fca38af9
commit 83bde4b218
Signed by: nathanwoodburn
GPG Key ID: 203B000478AD0EF1
2 changed files with 33 additions and 3 deletions

View File

@ -47,7 +47,7 @@ General commands (as anyone)
Docker is the easiest way to install the master server.
```sh
docker run -d -p 5000:5000 -e LICENCE-API=your-api-key -e WORKER_KEY=your-api-key --name hnshosting-master git.woodburn.au/nathanwoodburn/hnshosting-master:latest -v ./data:/data
docker run -d -p 5000:5000 -e LICENCE_KEY=your-api-key -e WORKER_KEY=your-api-key -e ADMIN_KEY=admin-key --name hnshosting-master git.woodburn.au/nathanwoodburn/hnshosting-master:latest -v ./data:/data
```
You can also mount a docker volume to /data to store the files instead of mounting a host directory.

View File

@ -1,4 +1,4 @@
from flask import Flask, request, jsonify
from flask import Flask, make_response, redirect, request, jsonify
import dotenv
import os
import requests
@ -10,12 +10,14 @@ dotenv.load_dotenv()
app = Flask(__name__)
loggins = []
# API add license key (requires API key in header)
@app.route('/add-licence', methods=['POST'])
def add_license():
# Get API header
api_key = request.headers.get('key')
if api_key != os.getenv('LICENCE-API'):
if api_key != os.getenv('LICENCE_KEY'):
return jsonify({'error': 'Invalid API key', 'success': 'false'})
# Generate licence key
@ -441,7 +443,35 @@ def home():
html += "<h2>Licences</h2>"
html += "<p>Number of licences: " + str(len(licences)) + "</p>"
html += "<h2>API</h2>"
return html
# Admin page
@app.route('/admin',)
def admin():
# Check if logged in
loggin_key = request.cookies.get('login_key')
if request.method == 'POST':
# Handle login
password = request.form['password']
if os.getenv(ADMIN_KEY) == password:
# Generate login key
login_key = os.urandom(32).hex()
loggins.append(login_key)
# Set cookie
resp = make_response(redirect('/admin'))
resp.set_cookie('login_key', login_key)
return resp
if loggin_key == None:
return "<h1>Admin</h1><br><form action='/admin' method='POST'><input type='password' name='Master API'><input type='submit' value='Login'></form>"
if loggin_key not in loggins:
return "<h1>Admin</h1><br><form action='/admin' method='POST'><input type='password' name='Master API'><input type='submit' value='Login'></form>"
return "<h1>Admin</h1><br>Logged in"