From 83bde4b2182273c5d1ed5c25aed0a96ba9e63134 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Fri, 25 Aug 2023 16:29:25 +1000 Subject: [PATCH] main: Added admin page --- README.md | 2 +- master/main.py | 34 ++++++++++++++++++++++++++++++++-- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6957d02..def6909 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ General commands (as anyone) Docker is the easiest way to install the master server. ```sh -docker run -d -p 5000:5000 -e LICENCE-API=your-api-key -e WORKER_KEY=your-api-key --name hnshosting-master git.woodburn.au/nathanwoodburn/hnshosting-master:latest -v ./data:/data +docker run -d -p 5000:5000 -e LICENCE_KEY=your-api-key -e WORKER_KEY=your-api-key -e ADMIN_KEY=admin-key --name hnshosting-master git.woodburn.au/nathanwoodburn/hnshosting-master:latest -v ./data:/data ``` You can also mount a docker volume to /data to store the files instead of mounting a host directory. diff --git a/master/main.py b/master/main.py index db60ed4..4755bf0 100644 --- a/master/main.py +++ b/master/main.py @@ -1,4 +1,4 @@ -from flask import Flask, request, jsonify +from flask import Flask, make_response, redirect, request, jsonify import dotenv import os import requests @@ -10,12 +10,14 @@ dotenv.load_dotenv() app = Flask(__name__) +loggins = [] + # API add license key (requires API key in header) @app.route('/add-licence', methods=['POST']) def add_license(): # Get API header api_key = request.headers.get('key') - if api_key != os.getenv('LICENCE-API'): + if api_key != os.getenv('LICENCE_KEY'): return jsonify({'error': 'Invalid API key', 'success': 'false'}) # Generate licence key @@ -441,7 +443,35 @@ def home(): html += "

Licences

" html += "

Number of licences: " + str(len(licences)) + "

" + html += "

API

" return html + +# Admin page +@app.route('/admin',) +def admin(): + # Check if logged in + loggin_key = request.cookies.get('login_key') + + if request.method == 'POST': + # Handle login + password = request.form['password'] + if os.getenv(ADMIN_KEY) == password: + # Generate login key + login_key = os.urandom(32).hex() + loggins.append(login_key) + # Set cookie + resp = make_response(redirect('/admin')) + resp.set_cookie('login_key', login_key) + return resp + + + if loggin_key == None: + return "

Admin


" + if loggin_key not in loggins: + return "

Admin


" + + return "

Admin


Logged in" +