Spaces:
Sleeping
Sleeping
Update main.py
Browse files
main.py
CHANGED
|
@@ -229,38 +229,133 @@ def get_spending_overview():
|
|
| 229 |
except Exception as e:
|
| 230 |
return jsonify({'error': str(e)}), 500
|
| 231 |
|
| 232 |
-
|
| 233 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 234 |
try:
|
| 235 |
verify_admin(request.headers.get('Authorization', ''))
|
| 236 |
|
| 237 |
-
|
| 238 |
users_ref = db.reference('users')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 239 |
|
| 240 |
-
|
| 241 |
-
|
|
|
|
|
|
|
|
|
|
| 242 |
|
| 243 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 244 |
|
| 245 |
return jsonify({
|
| 246 |
-
'
|
| 247 |
-
'
|
| 248 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 249 |
})
|
| 250 |
except Exception as e:
|
| 251 |
-
return jsonify({'error': str(e)}),
|
|
|
|
| 252 |
|
| 253 |
-
# Helper function to verify admin status
|
| 254 |
-
def verify_admin(auth_header):
|
| 255 |
-
if not auth_header.startswith('Bearer '):
|
| 256 |
-
raise ValueError('Invalid token')
|
| 257 |
-
|
| 258 |
-
token = auth_header.split(' ')[1]
|
| 259 |
-
uid = verify_token(token)
|
| 260 |
-
user = auth.get_user(uid)
|
| 261 |
-
|
| 262 |
-
if not user.custom_claims or not user.custom_claims.get('admin'):
|
| 263 |
-
raise PermissionError('Admin access required')
|
| 264 |
|
| 265 |
# User management endpoint for profile
|
| 266 |
@app.route('/api/user/profile', methods=['GET'])
|
|
|
|
| 229 |
except Exception as e:
|
| 230 |
return jsonify({'error': str(e)}), 500
|
| 231 |
|
| 232 |
+
# ... (previous imports remain the same)
|
| 233 |
+
|
| 234 |
+
# ========================================
|
| 235 |
+
# Modified verify_admin function (now checks database is_admin flag)
|
| 236 |
+
# ========================================
|
| 237 |
+
def verify_admin(auth_header):
|
| 238 |
+
if not auth_header.startswith('Bearer '):
|
| 239 |
+
raise ValueError('Invalid token')
|
| 240 |
+
|
| 241 |
+
token = auth_header.split(' ')[1]
|
| 242 |
+
uid = verify_token(token)
|
| 243 |
+
if not uid:
|
| 244 |
+
raise PermissionError('Invalid user')
|
| 245 |
+
|
| 246 |
+
user_ref = db.reference(f'users/{uid}')
|
| 247 |
+
user_data = user_ref.get()
|
| 248 |
+
if not user_data or not user_data.get('is_admin', False):
|
| 249 |
+
raise PermissionError('Admin access required')
|
| 250 |
+
|
| 251 |
+
# ========================================
|
| 252 |
+
# New Admin Endpoints
|
| 253 |
+
# ========================================
|
| 254 |
+
@app.route('/api/admin/overview', methods=['GET'])
|
| 255 |
+
def get_admin_overview():
|
| 256 |
try:
|
| 257 |
verify_admin(request.headers.get('Authorization', ''))
|
| 258 |
|
| 259 |
+
# Get all users
|
| 260 |
users_ref = db.reference('users')
|
| 261 |
+
all_users = users_ref.get() or {}
|
| 262 |
+
users_list = []
|
| 263 |
+
for uid, user_data in all_users.items():
|
| 264 |
+
try:
|
| 265 |
+
auth_user = auth.get_user(uid)
|
| 266 |
+
email = auth_user.email
|
| 267 |
+
except:
|
| 268 |
+
email = "Deleted User"
|
| 269 |
+
users_list.append({
|
| 270 |
+
'uid': uid,
|
| 271 |
+
'email': email,
|
| 272 |
+
'daily_cash': user_data.get('daily_cash', 100),
|
| 273 |
+
'remaining_cash': user_data.get('remaining_cash', 100),
|
| 274 |
+
'last_reset': user_data.get('last_reset'),
|
| 275 |
+
'is_admin': user_data.get('is_admin', False)
|
| 276 |
+
})
|
| 277 |
+
|
| 278 |
+
# Get all transactions
|
| 279 |
+
transactions_ref = db.reference('transactions')
|
| 280 |
+
all_transactions = transactions_ref.get() or {}
|
| 281 |
+
transactions_list = [{'id': tid, **data} for tid, data in all_transactions.items()]
|
| 282 |
+
|
| 283 |
+
return jsonify({
|
| 284 |
+
'users': users_list,
|
| 285 |
+
'transactions': transactions_list,
|
| 286 |
+
'analytics': {
|
| 287 |
+
'total_users': len(users_list),
|
| 288 |
+
'total_transactions': len(transactions_list),
|
| 289 |
+
'total_spent': sum(t['total'] for t in transactions_list)
|
| 290 |
+
}
|
| 291 |
+
})
|
| 292 |
+
except Exception as e:
|
| 293 |
+
return jsonify({'error': str(e)}), 500
|
| 294 |
+
|
| 295 |
+
@app.route('/api/admin/users', methods=['POST'])
|
| 296 |
+
def create_user():
|
| 297 |
+
try:
|
| 298 |
+
verify_admin(request.headers.get('Authorization', ''))
|
| 299 |
+
data = request.get_json()
|
| 300 |
|
| 301 |
+
# Create Firebase auth user
|
| 302 |
+
user = auth.create_user(
|
| 303 |
+
email=data['email'],
|
| 304 |
+
password=data['password']
|
| 305 |
+
)
|
| 306 |
|
| 307 |
+
# Create database user record
|
| 308 |
+
user_ref = db.reference(f'users/{user.uid}')
|
| 309 |
+
user_data = {
|
| 310 |
+
'daily_cash': data.get('daily_cash', 100),
|
| 311 |
+
'remaining_cash': data.get('daily_cash', 100),
|
| 312 |
+
'last_reset': '2000-01-01T00:00:00+00:00', # Force reset on next check
|
| 313 |
+
'is_admin': data.get('is_admin', False)
|
| 314 |
+
}
|
| 315 |
+
user_ref.set(user_data)
|
| 316 |
|
| 317 |
return jsonify({
|
| 318 |
+
'success': True,
|
| 319 |
+
'user': {
|
| 320 |
+
'uid': user.uid,
|
| 321 |
+
'email': user.email,
|
| 322 |
+
**user_data
|
| 323 |
+
}
|
| 324 |
+
}), 201
|
| 325 |
+
except Exception as e:
|
| 326 |
+
return jsonify({'error': str(e)}), 400
|
| 327 |
+
|
| 328 |
+
@app.route('/api/admin/users/<string:uid>/limit', methods=['PUT'])
|
| 329 |
+
def update_user_limit(uid):
|
| 330 |
+
try:
|
| 331 |
+
verify_admin(request.headers.get('Authorization', ''))
|
| 332 |
+
data = request.get_json()
|
| 333 |
+
new_limit = float(data['daily_cash'])
|
| 334 |
+
|
| 335 |
+
user_ref = db.reference(f'users/{uid}')
|
| 336 |
+
user_data = user_ref.get()
|
| 337 |
+
|
| 338 |
+
if not user_data:
|
| 339 |
+
return jsonify({'error': 'User not found'}), 404
|
| 340 |
+
|
| 341 |
+
updates = {'daily_cash': new_limit}
|
| 342 |
+
|
| 343 |
+
# Adjust remaining cash if it exceeds new limit
|
| 344 |
+
current_remaining = user_data.get('remaining_cash', new_limit)
|
| 345 |
+
if current_remaining > new_limit:
|
| 346 |
+
updates['remaining_cash'] = new_limit
|
| 347 |
+
|
| 348 |
+
user_ref.update(updates)
|
| 349 |
+
|
| 350 |
+
return jsonify({
|
| 351 |
+
'success': True,
|
| 352 |
+
'new_daily_cash': new_limit,
|
| 353 |
+
'updated_remaining': updates.get('remaining_cash', current_remaining)
|
| 354 |
})
|
| 355 |
except Exception as e:
|
| 356 |
+
return jsonify({'error': str(e)}), 400
|
| 357 |
+
|
| 358 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 359 |
|
| 360 |
# User management endpoint for profile
|
| 361 |
@app.route('/api/user/profile', methods=['GET'])
|