Spaces:
Running
Running
Zhu Jiajun (jz28583) Claude Opus 4.7 (1M context) commited on
Commit ·
209df55
1
Parent(s): 26a61c7
Add POST /admin/insert for direct leaderboard writes
Browse filesUse case: backends like Kaggle that can't always be proxied server-side.
The maintainer runs the submit + poll locally with their own creds, then
POSTs the resulting score here. Same bypass-key gate as /admin/delete.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- server/api.py +46 -0
server/api.py
CHANGED
|
@@ -431,6 +431,52 @@ def admin_delete():
|
|
| 431 |
})
|
| 432 |
|
| 433 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 434 |
@app.get("/healthz")
|
| 435 |
def healthz():
|
| 436 |
manifest = _manifest()
|
|
|
|
| 431 |
})
|
| 432 |
|
| 433 |
|
| 434 |
+
@app.post("/admin/insert")
|
| 435 |
+
def admin_insert():
|
| 436 |
+
"""Insert a leaderboard row directly. Bypass-key gated.
|
| 437 |
+
|
| 438 |
+
Use for backends we can't proxy server-side (e.g. when Kaggle creds are
|
| 439 |
+
only available on the maintainer's machine — they run the submit + poll
|
| 440 |
+
locally and POST the resulting score here).
|
| 441 |
+
|
| 442 |
+
Body: JSON {"task": "...", "agent": "...", "primary": float,
|
| 443 |
+
"secondary": {...}, "n_rows": int|null, "sha256": str|null}
|
| 444 |
+
"""
|
| 445 |
+
import datetime as dt
|
| 446 |
+
import json as _json
|
| 447 |
+
import uuid as _uuid
|
| 448 |
+
|
| 449 |
+
sent_key = request.headers.get("X-Bypass-Key", "").strip()
|
| 450 |
+
if not (BYPASS_KEY and sent_key
|
| 451 |
+
and __import__("hmac").compare_digest(sent_key, BYPASS_KEY)):
|
| 452 |
+
return jsonify({"error": "bypass key required"}), 403
|
| 453 |
+
payload = request.get_json(silent=True) or {}
|
| 454 |
+
task = payload.get("task")
|
| 455 |
+
agent = payload.get("agent")
|
| 456 |
+
primary = payload.get("primary")
|
| 457 |
+
if not (task and agent and isinstance(primary, (int, float))):
|
| 458 |
+
return jsonify({"error": "task, agent, primary required"}), 400
|
| 459 |
+
secondary = payload.get("secondary") or {}
|
| 460 |
+
n_rows = int(payload.get("n_rows") or -1)
|
| 461 |
+
sha = payload.get("sha256") or "manual_insert"
|
| 462 |
+
run_id = _uuid.uuid4().hex[:12]
|
| 463 |
+
now = dt.datetime.now(dt.timezone.utc).isoformat()
|
| 464 |
+
conn = _db()
|
| 465 |
+
conn.execute(
|
| 466 |
+
"INSERT INTO submissions VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
|
| 467 |
+
(run_id, task, agent, float(primary), _json.dumps(secondary),
|
| 468 |
+
sha, n_rows, "admin", now),
|
| 469 |
+
)
|
| 470 |
+
conn.commit()
|
| 471 |
+
return jsonify({
|
| 472 |
+
"run_id": run_id,
|
| 473 |
+
"task": task,
|
| 474 |
+
"agent": agent,
|
| 475 |
+
"primary": primary,
|
| 476 |
+
"secondary": secondary,
|
| 477 |
+
})
|
| 478 |
+
|
| 479 |
+
|
| 480 |
@app.get("/healthz")
|
| 481 |
def healthz():
|
| 482 |
manifest = _manifest()
|