Spaces:
Running
Running
Update app.py
Browse files
app.py
CHANGED
|
@@ -865,22 +865,51 @@ async def admin_update_profile(user_id: str, request: Request, user=Depends(requ
|
|
| 865 |
|
| 866 |
@app.post("/admin/requests")
|
| 867 |
async def submit_admin_request(request: Request):
|
| 868 |
-
# No auth required β anyone can submit a request to become admin
|
| 869 |
data = await request.json()
|
| 870 |
db = get_db()
|
| 871 |
-
# Try to link to an existing account by name/uid, but not required
|
| 872 |
uid = data.get("uid","").strip().lower()
|
| 873 |
profile = db.execute("SELECT id FROM profiles WHERE uid=?", (uid,)).fetchone() if uid else None
|
| 874 |
-
user_id = profile["id"] if profile else str(uuid.uuid4())
|
| 875 |
-
|
| 876 |
-
|
| 877 |
-
|
| 878 |
-
|
| 879 |
-
)
|
| 880 |
-
|
| 881 |
-
|
| 882 |
-
|
| 883 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 884 |
|
| 885 |
# ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 886 |
# ββ AI IMAGE FEATURES βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
|
|
|
| 865 |
|
| 866 |
@app.post("/admin/requests")
|
| 867 |
async def submit_admin_request(request: Request):
|
|
|
|
| 868 |
data = await request.json()
|
| 869 |
db = get_db()
|
|
|
|
| 870 |
uid = data.get("uid","").strip().lower()
|
| 871 |
profile = db.execute("SELECT id FROM profiles WHERE uid=?", (uid,)).fetchone() if uid else None
|
| 872 |
+
user_id = profile["id"] if profile else str(uuid.uuid4())
|
| 873 |
+
|
| 874 |
+
# ββ Auto ID check ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 875 |
+
# If they uploaded an ID image, run SigLIP zero-shot check.
|
| 876 |
+
# If it looks like a student/staff ID β auto-approve immediately.
|
| 877 |
+
id_image_url = data.get("id_image_url")
|
| 878 |
+
auto_approved = False
|
| 879 |
+
|
| 880 |
+
if id_image_url and profile:
|
| 881 |
+
try:
|
| 882 |
+
img_path = os.path.join(IMG_DIR, os.path.basename(id_image_url))
|
| 883 |
+
if os.path.exists(img_path):
|
| 884 |
+
img_bytes = open(img_path, "rb").read()
|
| 885 |
+
id_result = _siglip_check_id(img_bytes)
|
| 886 |
+
if id_result.get("is_id") and id_result.get("confidence", 0) >= 0.45:
|
| 887 |
+
# Looks like an ID β grant admin automatically
|
| 888 |
+
db.execute("UPDATE profiles SET role='admin' WHERE id=?", (profile["id"],))
|
| 889 |
+
auto_approved = True
|
| 890 |
+
print(f"[admin-auto] approved uid={uid} confidence={id_result['confidence']:.2f}")
|
| 891 |
+
except Exception as e:
|
| 892 |
+
print(f"[admin-auto] check failed: {e}")
|
| 893 |
+
|
| 894 |
+
if auto_approved:
|
| 895 |
+
# Still log it but mark as auto-approved
|
| 896 |
+
db.execute(
|
| 897 |
+
"INSERT INTO admin_requests (id,user_id,email,name,role_title,reason,id_image_url,status) VALUES (?,?,?,?,?,?,?,?)",
|
| 898 |
+
(str(uuid.uuid4()), user_id, data.get("email",""), data.get("name",""),
|
| 899 |
+
data.get("role_title",""), data.get("reason",""), id_image_url, "approved")
|
| 900 |
+
)
|
| 901 |
+
db.commit(); db.close()
|
| 902 |
+
broker.publish("admin", {"type": "new_request"})
|
| 903 |
+
return {"ok": True, "auto_approved": True, "message": "ID verified β admin access granted!"}
|
| 904 |
+
else:
|
| 905 |
+
db.execute(
|
| 906 |
+
"INSERT INTO admin_requests (id,user_id,email,name,role_title,reason,id_image_url) VALUES (?,?,?,?,?,?,?)",
|
| 907 |
+
(str(uuid.uuid4()), user_id, data.get("email",""), data.get("name",""),
|
| 908 |
+
data.get("role_title",""), data.get("reason",""), id_image_url)
|
| 909 |
+
)
|
| 910 |
+
db.commit(); db.close()
|
| 911 |
+
broker.publish("admin", {"type": "new_request"})
|
| 912 |
+
return {"ok": True, "auto_approved": False, "message": "Request submitted β pending review"}
|
| 913 |
|
| 914 |
# ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|
| 915 |
# ββ AI IMAGE FEATURES βββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
|