Hugging Face's logo

Spaces:
martynka
/
librechat
Paused

App Files
martynka commited on
Commit
74de3b3
·
verified ·
1 Parent(s): cda5d78

Create app-temp.py

Browse files
Files changed (1) hide show
  1. app-temp.py +73 -0
app-temp.py ADDED
@@ -0,0 +1,73 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ from flask import Flask, request, jsonify, render_template
2
+ from pymongo.mongo_client import MongoClient
3
+ from pymongo.server_api import ServerApi
4
+ from werkzeug.security import generate_password_hash
5
+ import os
6
+ import hmac
7
+ from functools import wraps
8
+
9
+ app = Flask(__name__, template_folder='/app/sudo/templates')
10
+ app.secret_key = os.getenv("FLASK_SECRET")
11
+
12
+ # MongoDB connection
13
+ uri = os.getenv("MONGO_URI")
14
+ client = MongoClient(uri, server_api=ServerApi('1'))
15
+ db = client['librechat']
16
+
17
+ ADMIN_SECRET = os.getenv("ADMIN_SECRET")
18
+
19
+ # Authentication decorator
20
+ def require_auth(f):
21
+ @wraps(f)
22
+ def wrapper(*args, **kwargs):
23
+ auth_token = request.headers.get('X-Auth-Token')
24
+ if not auth_token or not hmac.compare_digest(auth_token, ADMIN_SECRET):
25
+ return jsonify({"error": "Unauthorized"}), 403
26
+ return f(*args, **kwargs)
27
+ return wrapper
28
+
29
+ # Routes
30
+ @app.route('/sudo')
31
+ def admin_panel():
32
+ return render_template('index.html')
33
+
34
+ @app.route('/sudo/login', methods=['POST'])
35
+ def login():
36
+ if not hmac.compare_digest(request.json.get('password') or '', ADMIN_SECRET):
37
+ return jsonify({"error": "Invalid credentials"}), 401
38
+ return jsonify({"token": ADMIN_SECRET})
39
+
40
+ @app.route('/sudo/users', methods=['GET'])
41
+ @require_auth
42
+ def list_users():
43
+ users = list(db.users.find({}, {"_id": 0, "username": 1}))
44
+ return jsonify(users)
45
+
46
+ @app.route('/sudo/users', methods=['POST'])
47
+ @require_auth
48
+ def add_user():
49
+ user_data = {
50
+ "username": request.json["username"],
51
+ "password": generate_password_hash(request.json["password"]),
52
+ "role": "user"
53
+ }
54
+ db.users.insert_one(user_data)
55
+ return jsonify({"status": "User added"})
56
+
57
+ @app.route('/sudo/users/<username>', methods=['DELETE'])
58
+ @require_auth
59
+ def delete_user(username):
60
+ result = db.users.delete_one({"username": username})
61
+ if result.deleted_count == 0:
62
+ return jsonify({"error": "User not found"}), 404
63
+ return jsonify({"status": "User deleted"})
64
+ @app.route('/sudo/debug')
65
+ def debug():
66
+ return jsonify({
67
+ "expected_password": os.getenv("ADMIN_SECRET", "NOT_SET!"),
68
+ "flask_secret_set": bool(os.getenv("FLASK_SECRET")),
69
+ "mongo_connected": bool(client)
70
+ })
71
+
72
+ if __name__ == "__main__":
73
+ app.run(host='0.0.0.0', port=5000)