Spaces:

SalexAI
/

funserver-2.0

Running

App Files Files Community

SalexAI commited on about 1 month ago

Commit

5d85607

verified ·

1 Parent(s): 1e19ce0

Update app.py

Browse files

Files changed (1) hide show

app.py +182 -1

app.py CHANGED Viewed

@@ -443,4 +443,185 @@ async def get_video_feed(div: Optional[int] = Query(None, description="School Di
     filtered_videos = []
     for v in videos:
         allowed = v.get("allowed_divs", [])
-        if not allowed or

     filtered_videos = []
     for v in videos:
         allowed = v.get("allowed_divs", [])
+        if not allowed or div in allowed:
+            filtered_videos.append(v)
+    return {"videos": filtered_videos}
+# ==================================================
+# ADMIN: LOGIN
+# ==================================================
+@app.get("/admin/login", response_class=HTMLResponse)
+async def admin_login_page():
+    if not admin_enabled():
+        return HTMLResponse("Admin disabled (ADMIN_KEY missing)", status_code=503)
+    return """
+    <html><body style="background:#111;color:#fff;display:flex;justify-content:center;align-items:center;height:100vh;font-family:sans-serif;">
+    <form method="post" style="padding:20px;border:1px solid #333;border-radius:10px;background:#1a1a1a;">
+    <h2>Admin</h2><input type="password" name="key" placeholder="Key" style="padding:10px;width:100%;margin-bottom:10px;">
+    <button style="padding:10px;width:100%;cursor:pointer;">Login</button>
+    </form></body></html>
+    """
+@app.post("/admin/login")
+async def admin_login(key: str = Form(...)):
+    if not admin_enabled() or not secure_equals(key.strip(), str(ADMIN_KEY).strip()):
+        return HTMLResponse("Unauthorized", status_code=401)
+    session = secrets.token_hex(16)
+    ADMIN_SESSIONS.add(session)
+    resp = RedirectResponse("/admin", status_code=302)
+    resp.set_cookie(ADMIN_COOKIE, session, httponly=True)
+    return resp
+@app.get("/admin/logout")
+async def admin_logout(req: Request):
+    if (s := req.cookies.get(ADMIN_COOKIE)) in ADMIN_SESSIONS: ADMIN_SESSIONS.remove(s)
+    return RedirectResponse("/admin/login")
+# ==================================================
+# ADMIN DASHBOARD
+# ==================================================
+def esc(v) -> str: return html_escape_lib.escape("" if v is None else str(v), quote=True)
+ADMIN_TEMPLATE = """
+<html>
+<head>
+<title>Admin</title>
+<style>
+body{font-family:sans-serif;background:#111;color:#ddd;padding:20px;}
+table{width:100%;border-collapse:collapse;margin-top:20px;}
+th,td{border-bottom:1px solid #333;padding:8px;text-align:left;}
+input{background:#222;border:1px solid #444;color:#fff;padding:5px;border-radius:4px;width:100%;}
+button{background:#444;color:#fff;border:none;padding:5px 10px;cursor:pointer;border-radius:4px;}
+.pill{padding:4px 8px;background:#004400;border-radius:10px;font-size:0.8em;}
+</style>
+</head>
+<body>
+<h1>Admin Panel <a href="/admin/logout" style="font-size:0.5em;color:#888;">Logout</a></h1>
+<h3>Albums</h3>
+<table>
+<tr><th>Token</th><th>Publisher</th><th>Category</th><th>Action</th></tr>
+__ALBUM_ROWS__
+<tr>
+<td><input id="n_t" placeholder="Token"></td>
+<td><input id="n_p" placeholder="Publisher"></td>
+<td><input id="n_c" placeholder="Category"></td>
+<td><button onclick="addAlbum()">Add</button></td>
+</tr>
+</table>
+<h3>Videos</h3>
+<p style="font-size:0.8em;color:#888;">Allowed Divs: Comma separated (e.g. <code>1,5,25</code>). Leave empty for ALL.</p>
+<table>
+<tr><th>ID</th><th>Name</th><th>Divs (1-25)</th><th>Category</th><th>Publisher</th><th>Action</th></tr>
+__VIDEO_ROWS__
+</table>
+<script>
+async function api(ep, data) {
+    await fetch(ep, {method:'POST', headers:{'Content-Type':'application/json'}, body:JSON.stringify(data)});
+    location.reload();
+}
+document.querySelectorAll('input[data-id]').forEach(i => {
+    i.addEventListener('change', (e) => api('/admin/update', {
+        id: e.target.dataset.id,
+        field: e.target.dataset.field,
+        value: e.target.value
+    }));
+});
+function addAlbum(){
+    api('/admin/albums/add', {
+        token: document.getElementById('n_t').value,
+        publisher: document.getElementById('n_p').value,
+        category: document.getElementById('n_c').value
+    });
+}
+</script>
+</body>
+</html>
+"""
+@app.get("/admin", response_class=HTMLResponse)
+async def admin_dash(req: Request):
+    if not is_admin(req): return RedirectResponse("/admin/login")
+    async with DATA_LOCK:
+        videos = INDEX_CACHE.get("videos", [])
+    v_rows = ""
+    for v in videos:
+        divs = ",".join(map(str, v.get("allowed_divs", [])))
+        v_rows += f"""<tr>
+        <td>{esc(v['id'])[:8]}...</td>
+        <td><input data-id="{v['id']}" data-field="name" value="{esc(v.get('name'))}"></td>
+        <td><input data-id="{v['id']}" data-field="allowed_divs" value="{esc(divs)}" placeholder="All"></td>
+        <td><input data-id="{v['id']}" data-field="category" value="{esc(v.get('category'))}"></td>
+        <td><input data-id="{v['id']}" data-field="publisher" value="{esc(v.get('publisher'))}"></td>
+        <td><button onclick="api('/admin/videos/delete', {{id:'{v['id']}'}})" style="background:#500;">Del</button></td>
+        </tr>"""
+    a_rows = ""
+    for t, p in ALBUM_PUBLISHERS.items():
+        c = ALBUM_CATEGORIES.get(t, "")
+        a_rows += f"<tr><td>{t}</td><td>{p}</td><td>{c}</td><td>-</td></tr>"
+    return ADMIN_TEMPLATE.replace("__VIDEO_ROWS__", v_rows).replace("__ALBUM_ROWS__", a_rows)
+# ==================================================
+# ADMIN ACTIONS
+# ==================================================
+@app.post("/admin/update")
+async def admin_update(req: Request, payload: dict):
+    if not is_admin(req): return JSONResponse({}, 403)
+    vid_id = payload.get("id")
+    field = payload.get("field")
+    value = payload.get("value")
+    async with DATA_LOCK:
+        for v in INDEX_CACHE["videos"]:
+            if v["id"] == vid_id:
+                if field == "allowed_divs":
+                    try:
+                        if not value.strip():
+                            v[field] = []
+                        else:
+                            nums = [int(x.strip()) for x in value.split(",") if x.strip().isdigit()]
+                            v[field] = [n for n in nums if n in VALID_DIVISIONS]
+                    except:
+                        pass
+                else:
+                    v[field] = value
+                await save_index()
+                return {"ok": True}
+    return {"error": "not found"}
+@app.post("/admin/videos/delete")
+async def admin_delete(req: Request, payload: dict):
+    if not is_admin(req): return JSONResponse({}, 403)
+    vid_id = payload.get("id")
+    async with DATA_LOCK:
+        original_len = len(INDEX_CACHE["videos"])
+        INDEX_CACHE["videos"] = [v for v in INDEX_CACHE["videos"] if v["id"] != vid_id]
+        if len(INDEX_CACHE["videos"]) < original_len:
+            await save_index()
+    return {"ok": True}
+@app.post("/admin/albums/add")
+async def admin_album_add(req: Request, payload: dict):
+    if not is_admin(req): return JSONResponse({}, 403)
+    t = payload.get("token")
+    if t:
+        async with DATA_LOCK:
+            CONFIG_CACHE["album_publishers"][t] = payload.get("publisher", "Unknown")
+            CONFIG_CACHE["album_categories"][t] = payload.get("category", "Uncategorized")
+            global ALBUM_PUBLISHERS, ALBUM_CATEGORIES
+            ALBUM_PUBLISHERS = CONFIG_CACHE["album_publishers"]
+            ALBUM_CATEGORIES = CONFIG_CACHE["album_categories"]
+            await save_config()
+    return {"ok": True}