Upload 10 files

Dockerfile

@@ -0,0 +1,33 @@
+FROM python:3.9-slim
+
+WORKDIR /app
+
+# Create directories that the application might need to write to or expect to exist.
+# These are created by root during the build.
+RUN mkdir -p /app/templates \
+             /app/static \
+             /app/uploaded_files
+
+# Copy application code
+COPY ./app.py /app/
+COPY ./admin_logic.py /app/ # Added: Copy the new admin logic file
+COPY ./templates/ /app/templates/
+# If you had local static files, you'd copy them here:
+# COPY ./static/ /app/static/
+
+# Grant write permissions to the 'uploaded_files' directory for the user running the app.
+# Hugging Face Spaces (and many other container platforms) often run containers
+# as a non-root user (e.g., UID 1000).
+# We give ownership to user 1000 and group 1000.
+# You could also use `chmod -R 777 /app/uploaded_files` but chown is more specific.
+RUN chown -R 1000:1000 /app/uploaded_files \
+    && chmod -R u+w /app/uploaded_files # Ensure the owner (user 1000) has write permissions \
+    && chown 1000:1000 /app # Also ensure the app directory and log file can be written by user 1000
+
+# Install dependencies
+RUN pip install --no-cache-dir fastapi "uvicorn[standard]" aiofiles Jinja2 python-multipart
+
+EXPOSE 7860
+
+# The log file app.log will be created in /app/ which should be writable by user 1000
+CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]

admin_logic.py

@@ -0,0 +1,216 @@
+import os
+import shutil
+import datetime as dt
+from pathlib import Path
+from typing import List, Optional
+
+from fastapi import APIRouter, Request, Depends, Form, HTTPException, status
+from fastapi.responses import HTMLResponse, RedirectResponse, Response
+from fastapi.templating import Jinja2Templates
+import aiofiles # For async file operations if needed in admin, though mostly sync for listing/deleting
+
+# --- Admin Configuration ---
+BASE_DIR = Path(__file__).resolve().parent
+TEMPLATES_DIR = BASE_DIR / "templates"
+FILES_DIR = BASE_DIR / "uploaded_files"
+LOG_FILE = BASE_DIR / "app.log"
+
+# Ensure directories exist (though app.py also does this)
+FILES_DIR.mkdir(parents=True, exist_ok=True)
+
+templates = Jinja2Templates(directory=str(TEMPLATES_DIR))
+
+# INSECURE: Hardcoded credentials. Use environment variables in production!
+ADMIN_EMAIL = "admin@example.com"
+ADMIN_PASSWORD = "adminpassword" # Store hashed passwords in a real application
+
+ADMIN_SESSION_COOKIE_NAME = "admin_session_id"
+# This should be a very random, long, and secret string in a real app
+ADMIN_SESSION_SECRET_VALUE = "my_super_secret_admin_session_value_for_demo"
+
+admin_router = APIRouter(
+    prefix="/admin",
+    tags=["Admin"]
+)
+
+# --- Admin Authentication Dependencies ---
+async def get_current_admin(request: Request):
+    """
+    Dependency to check if the admin is logged in.
+    Redirects to login page if not authenticated.
+    """
+    session_cookie = request.cookies.get(ADMIN_SESSION_COOKIE_NAME)
+    if session_cookie == ADMIN_SESSION_SECRET_VALUE:
+        return {"email": ADMIN_EMAIL} # Return a dummy admin object
+    
+    # If trying to access a protected page without being logged in, redirect to login
+    # Allow access to login page itself without this check.
+    if request.url.path != "/admin/login" and request.url.path != "/admin/auth":
+        return RedirectResponse(url="/admin/login", status_code=status.HTTP_307_TEMPORARY_REDIRECT)
+    # If on login/auth page, don't raise/redirect, let the route handler proceed
+    return None
+
+
+async def verify_admin_auth(request: Request):
+    """
+    Stricter dependency for protected routes. Raises HTTPException if not authenticated.
+    Used for API-like endpoints or where a redirect isn't the primary action.
+    """
+    admin = await get_current_admin(request)
+    if not admin and request.url.path not in ["/admin/login", "/admin/auth"]: # Check if it's already a redirect response
+         raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Not authenticated",
+            headers={"WWW-Authenticate": "Bearer"}, # Though we are using cookies
+        )
+    if isinstance(admin, RedirectResponse): # if get_current_admin decided to redirect
+        raise HTTPException(
+            status_code=status.HTTP_307_TEMPORARY_REDIRECT,
+            detail="Not authenticated, redirecting.",
+            headers={"Location": "/admin/login"},
+        )
+    return admin
+
+
+# --- Helper Functions for Admin Panel ---
+def get_file_info(file_path: Path):
+    try:
+        if file_path.is_file():
+            stat_info = file_path.stat()
+            return {
+                "name": file_path.name,
+                "size_bytes": stat_info.st_size,
+                "size_human": format_bytes(stat_info.st_size),
+                "modified_at": dt.datetime.fromtimestamp(stat_info.st_mtime).strftime('%Y-%m-%d %H:%M:%S'),
+                "url": f"/download/{file_path.name}" # User-facing download URL
+            }
+    except Exception:
+        return None
+    return None
+
+def format_bytes(bytes_val, decimals=2):
+    if bytes_val == 0: return '0 Bytes'
+    k = 1024
+    dm = decimals if decimals >= 0 else 0
+    sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB']
+    i = 0
+    if bytes_val > 0:
+        i = int(dt.math.floor(dt.math.log(bytes_val) / dt.math.log(k)))
+    return f"{bytes_val / (k**i):.{dm}f} {sizes[i]}"
+
+def get_log_lines(num_lines: int = 200) -> List[str]:
+    if not LOG_FILE.exists():
+        return ["Log file not found or is empty."]
+    try:
+        with open(LOG_FILE, "r", encoding="utf-8") as f:
+            lines = f.readlines()
+            # Display latest lines at the top for easier reading
+            return list(reversed(lines[-num_lines:]))
+    except Exception as e:
+        return [f"Error reading log file: {str(e)}"]
+
+# --- Admin Routes ---
+@admin_router.get("/login", response_class=HTMLResponse)
+async def admin_login_page(request: Request):
+    return templates.TemplateResponse("admin_login.html", {"request": request})
+
+@admin_router.post("/auth")
+async def admin_authenticate(request: Request, email: str = Form(...), password: str = Form(...)):
+    error_msg: Optional[str] = None
+    if email == ADMIN_EMAIL and password == ADMIN_PASSWORD:
+        response = RedirectResponse(url="/admin/dashboard", status_code=status.HTTP_303_SEE_OTHER)
+        response.set_cookie(
+            key=ADMIN_SESSION_COOKIE_NAME,
+            value=ADMIN_SESSION_SECRET_VALUE,
+            httponly=True, # Makes it inaccessible to JavaScript
+            samesite="lax", # Protects against CSRF to some extent
+            # secure=True, # Uncomment if served over HTTPS
+            max_age=1800 # 30 minutes
+        )
+        return response
+    else:
+        error_msg = "Invalid email or password."
+        return templates.TemplateResponse("admin_login.html", {"request": request, "error": error_msg}, status_code=status.HTTP_401_UNAUTHORIZED)
+
+@admin_router.get("/logout")
+async def admin_logout(request: Request):
+    response = RedirectResponse(url="/admin/login", status_code=status.HTTP_303_SEE_OTHER)
+    response.delete_cookie(ADMIN_SESSION_COOKIE_NAME, httponly=True, samesite="lax") #, secure=True)
+    return response
+
+@admin_router.get("/dashboard", response_class=HTMLResponse)
+async def admin_dashboard(request: Request, admin_user: dict = Depends(get_current_admin)):
+    if isinstance(admin_user, RedirectResponse): return admin_user # Handle redirect from dependency
+    if not admin_user: # Should be caught by dependency, but as a fallback
+        return RedirectResponse(url="/admin/login", status_code=status.HTTP_307_TEMPORARY_REDIRECT)
+    
+    num_files = len([name for name in os.listdir(FILES_DIR) if (FILES_DIR / name).is_file()])
+    log_lines_count = 0
+    if LOG_FILE.exists():
+        with open(LOG_FILE, "r", encoding="utf-8") as f:
+            log_lines_count = sum(1 for _ in f)
+
+    return templates.TemplateResponse("admin_dashboard.html", {
+        "request": request,
+        "num_files": num_files,
+        "log_lines_count": log_lines_count
+    })
+
+@admin_router.get("/files", response_class=HTMLResponse)
+async def admin_files_page(request: Request, admin_user: dict = Depends(get_current_admin)):
+    if isinstance(admin_user, RedirectResponse): return admin_user
+    if not admin_user: return RedirectResponse(url="/admin/login", status_code=status.HTTP_307_TEMPORARY_REDIRECT)
+
+    uploaded_file_objects = []
+    try:
+        for item_name in sorted(os.listdir(FILES_DIR)):
+            item_path = FILES_DIR / item_name
+            info = get_file_info(item_path)
+            if info:
+                uploaded_file_objects.append(info)
+    except Exception as e:
+        # Log this error, maybe show it on the page
+        print(f"Error listing files: {e}") # Replace with proper logging
+        pass # Or raise HTTPException
+        
+    return templates.TemplateResponse("admin_files.html", {
+        "request": request,
+        "files": uploaded_file_objects
+    })
+
+@admin_router.post("/files/delete/{filename}")
+async def admin_delete_file(request: Request, filename: str, admin_user: dict = Depends(verify_admin_auth)):
+    if isinstance(admin_user, RedirectResponse): return admin_user # Should not happen with verify_admin_auth
+    if not admin_user: return RedirectResponse(url="/admin/login", status_code=status.HTTP_307_TEMPORARY_REDIRECT)
+
+    # Sanitize filename again, though it comes from our listed files
+    safe_filename = os.path.basename(filename)
+    file_path = FILES_DIR / safe_filename
+
+    # Extra check to ensure we are deleting within FILES_DIR
+    if not file_path.resolve().is_relative_to(FILES_DIR.resolve()):
+        raise HTTPException(status_code=400, detail="Invalid file path for deletion.")
+
+    if file_path.is_file():
+        try:
+            file_path.unlink()
+            # Optionally, add a success message to be displayed (e.g., via query params or session flash if implemented)
+            # For now, just redirect.
+            return RedirectResponse(url="/admin/files", status_code=status.HTTP_303_SEE_OTHER)
+        except Exception as e:
+            # Log this error
+            raise HTTPException(status_code=500, detail=f"Could not delete file: {str(e)}")
+    else:
+        raise HTTPException(status_code=404, detail="File not found for deletion.")
+
+
+@admin_router.get("/logs", response_class=HTMLResponse)
+async def admin_logs_page(request: Request, admin_user: dict = Depends(get_current_admin)):
+    if isinstance(admin_user, RedirectResponse): return admin_user
+    if not admin_user: return RedirectResponse(url="/admin/login", status_code=status.HTTP_307_TEMPORARY_REDIRECT)
+    
+    logs = get_log_lines(num_lines=500) # Show last 500 lines
+    return templates.TemplateResponse("admin_logs.html", {
+        "request": request,
+        "log_entries": logs
+    })

app.py

@@ -0,0 +1,136 @@
+import os
+import shutil
+import aiofiles # For async file operations, good practice with FastAPI
+from fastapi import FastAPI, UploadFile, File, HTTPException, Request
+from fastapi.responses import HTMLResponse, FileResponse, JSONResponse
+from fastapi.staticfiles import StaticFiles
+from fastapi.templating import Jinja2Templates
+from pathlib import Path
+import logging # Added for logging
+from logging.handlers import RotatingFileHandler # Added for logging
+
+# --- Configuration ---
+BASE_DIR = Path(__file__).resolve().parent
+FILES_DIR = BASE_DIR / "uploaded_files"
+STATIC_DIR = BASE_DIR / "static"
+TEMPLATES_DIR = BASE_DIR / "templates"
+LOG_FILE = BASE_DIR / "app.log" # Added for logging
+
+# Create directories if they don't exist
+FILES_DIR.mkdir(parents=True, exist_ok=True)
+STATIC_DIR.mkdir(parents=True, exist_ok=True)
+TEMPLATES_DIR.mkdir(parents=True, exist_ok=True)
+
+# --- Logging Configuration (New) ---
+logger = logging.getLogger("file_app")
+logger.setLevel(logging.INFO)
+# Prevent duplicate logs if uvicorn also logs
+logger.propagate = False 
+
+# File handler
+# Rotate log file if it exceeds 5MB, keep 2 backup files
+file_handler = RotatingFileHandler(LOG_FILE, maxBytes=1024*1024*5, backupCount=2, encoding='utf-8')
+file_formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(module)s:%(lineno)d - %(message)s')
+file_handler.setFormatter(file_formatter)
+logger.addHandler(file_handler)
+
+# Console handler (optional, as uvicorn also logs to console)
+# console_handler = logging.StreamHandler()
+# console_handler.setFormatter(file_formatter)
+# logger.addHandler(console_handler)
+
+logger.info("Application starting up...")
+
+
+app = FastAPI(title="File Uploader/Downloader")
+
+# Mount static files
+# app.mount("/static", StaticFiles(directory=STATIC_DIR), name="static")
+
+# Setup Jinja2 templates
+templates = Jinja2Templates(directory=str(TEMPLATES_DIR))
+
+# --- Import and Mount Admin Router (New) ---
+from admin_logic import admin_router # Make sure admin_logic.py is in the same directory
+app.include_router(admin_router)
+logger.info("Admin panel router included.")
+
+# --- Helper Functions ---
+def sanitize_filename(filename: str) -> str:
+    """Basic filename sanitization."""
+    return os.path.basename(filename).strip()
+
+# --- Routes (Original functionality with added logging) ---
+@app.get("/", response_class=HTMLResponse)
+async def read_root(request: Request):
+    """Serves the main HTML page."""
+    logger.info(f"Root page accessed by {request.client.host}")
+    return templates.TemplateResponse("index.html", {"request": request})
+
+@app.post("/upload/")
+async def upload_file(request: Request, file: UploadFile = File(...)):
+    """Handles file uploads."""
+    original_filename = file.filename
+    logger.info(f"Upload attempt for '{original_filename}' from {request.client.host}")
+
+    if not original_filename:
+        logger.warning(f"Upload failed: No filename provided by {request.client.host}")
+        raise HTTPException(status_code=400, detail="No filename provided.")
+
+    filename = sanitize_filename(original_filename)
+    if not filename: # After sanitization, if it's empty
+        logger.warning(f"Upload failed: Invalid filename '{original_filename}' after sanitization by {request.client.host}")
+        raise HTTPException(status_code=400, detail="Invalid filename after sanitization.")
+
+    file_path = FILES_DIR / filename
+
+    if not file_path.resolve().is_relative_to(FILES_DIR.resolve()):
+        logger.error(f"Upload security violation: Attempted directory traversal for '{filename}' by {request.client.host}")
+        raise HTTPException(status_code=400, detail="Invalid file path (attempted directory traversal).")
+
+    try:
+        async with aiofiles.open(file_path, "wb") as buffer:
+            while content := await file.read(1024 * 1024):  # Read 1MB chunks
+                await buffer.write(content)
+        logger.info(f"File '{filename}' uploaded successfully by {request.client.host}. Size: {file.size} bytes.")
+    except Exception as e:
+        logger.error(f"Could not save file '{filename}' from {request.client.host}: {str(e)}")
+        if file_path.exists():
+            try:
+                file_path.unlink()
+                logger.info(f"Cleaned up partially uploaded file '{filename}'.")
+            except Exception as unlink_e:
+                logger.error(f"Error cleaning up partially uploaded file '{filename}': {unlink_e}")
+        raise HTTPException(status_code=500, detail=f"Could not save file: {str(e)}")
+
+    return JSONResponse(
+        content={
+            "message": "File uploaded successfully",
+            "filename": filename,
+            "download_url": f"/download/{filename}"
+        }
+    )
+
+@app.get("/download/{filename}")
+async def download_file(request: Request, filename: str):
+    """Handles file downloads."""
+    clean_filename = sanitize_filename(filename)
+    logger.info(f"Download attempt for '{clean_filename}' by {request.client.host}")
+
+    if not clean_filename:
+        logger.warning(f"Download failed: Invalid filename '{filename}' by {request.client.host}")
+        raise HTTPException(status_code=400, detail="Invalid filename.")
+
+    file_path = FILES_DIR / clean_filename
+
+    if not file_path.resolve().is_relative_to(FILES_DIR.resolve()) or not file_path.is_file():
+        logger.warning(f"Download failed: File not found or access denied for '{clean_filename}' by {request.client.host}")
+        raise HTTPException(status_code=404, detail="File not found or access denied.")
+    
+    logger.info(f"File '{clean_filename}' downloaded by {request.client.host}")
+    return FileResponse(path=file_path, filename=clean_filename, media_type='application/octet-stream')
+
+if __name__ == "__main__":
+    import uvicorn
+    logger.info("Starting Uvicorn server for local development...")
+    uvicorn.run("app:app", host="0.0.0.0", port=7860, reload=True) # Added reload for easier dev

templates/admin_dashboard.html

@@ -0,0 +1,43 @@
+{% extends "admin_layout.html" %}
+
+{% block title %}Dashboard{% endblock %}
+{% block page_title %}Dashboard{% endblock %}
+
+{% block content %}
+<div class="row">
+    <div class="col-md-6">
+        <div class="card text-white bg-primary mb-3">
+            <div class="card-header">Uploaded Files</div>
+            <div class="card-body">
+                <h5 class="card-title">{{ num_files }}</h5>
+                <p class="card-text">Total files currently stored.</p>
+                <a href="{{ url_for('admin_files_page') }}" class="btn btn-light">Manage Files <i class="bi bi-arrow-right-short"></i></a>
+            </div>
+        </div>
+    </div>
+    <div class="col-md-6">
+        <div class="card text-dark bg-warning mb-3">
+            <div class="card-header">Application Logs</div>
+            <div class="card-body">
+                <h5 class="card-title">{{ log_lines_count }}</h5>
+                <p class="card-text">Total lines in the current log file.</p>
+                <a href="{{ url_for('admin_logs_page') }}" class="btn btn-dark">View Logs <i class="bi bi-arrow-right-short"></i></a>
+            </div>
+        </div>
+    </div>
+</div>
+
+<div class="mt-4">
+    <h4>Quick Actions</h4>
+    <ul>
+        <li><a href="{{ url_for('read_root') }}" target="_blank">View User Upload Page</a></li>
+        <!-- Add more quick actions if needed -->
+    </ul>
+</div>
+
+<div class="mt-4">
+    <h4>System Information (Example)</h4>
+    <p>This is a basic admin dashboard. You can expand it with more system information, statistics, or quick management tools.</p>
+    <p><strong>Admin Email:</strong> {{ request.user.email if request.user else "N/A" }} (Note: This is illustrative from dummy user)</p>
+</div>
+{% endblock %}

templates/admin_files.html

@@ -0,0 +1,45 @@
+{% extends "admin_layout.html" %}
+
+{% block title %}Uploaded Files{% endblock %}
+{% block page_title %}Uploaded Files{% endblock %}
+
+{% block content %}
+<div class="table-responsive">
+    <table class="table table-striped table-sm">
+        <thead>
+            <tr>
+                <th scope="col">#</th>
+                <th scope="col">Filename</th>
+                <th scope="col">Size</th>
+                <th scope="col">Last Modified (UTC)</th>
+                <th scope="col">Download URL</th>
+                <th scope="col">Actions</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% if files %}
+                {% for file in files %}
+                <tr>
+                    <td>{{ loop.index }}</td>
+                    <td>{{ file.name }}</td>
+                    <td>{{ file.size_human }}</td>
+                    <td>{{ file.modified_at }}</td>
+                    <td><a href="{{ file.url }}" target="_blank" title="User download link">Link</a></td>
+                    <td>
+                        <form method="post" action="{{ url_for('admin_delete_file', filename=file.name) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete {{ file.name }}?');">
+                            <button type="submit" class="btn btn-danger btn-sm">
+                                <i class="bi bi-trash-fill"></i> Delete
+                            </button>
+                        </form>
+                    </td>
+                </tr>
+                {% endfor %}
+            {% else %}
+            <tr>
+                <td colspan="6" class="text-center">No files uploaded yet.</td>
+            </tr>
+            {% endif %}
+        </tbody>
+    </table>
+</div>
+{% endblock %}

templates/admin_layout.html

@@ -0,0 +1,113 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Panel - {% block title %}Dashboard{% endblock %}</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.5/font/bootstrap-icons.css">
+    <style>
+        body {
+            font-size: .875rem;
+        }
+        .sidebar {
+            position: fixed;
+            top: 0;
+            bottom: 0;
+            left: 0;
+            z-index: 100;
+            padding: 48px 0 0;
+            box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1);
+        }
+        .sidebar-sticky {
+            position: relative;
+            top: 0;
+            height: calc(100vh - 48px);
+            padding-top: .5rem;
+            overflow-x: hidden;
+            overflow-y: auto;
+        }
+        .nav-link {
+            font-weight: 500;
+            color: #333;
+        }
+        .nav-link .bi {
+            margin-right: 4px;
+            color: #727272;
+        }
+        .nav-link.active {
+            color: #007bff;
+        }
+        .nav-link:hover .bi,
+        .nav-link.active .bi {
+            color: inherit;
+        }
+        .navbar-brand {
+            padding-top: .75rem;
+            padding-bottom: .75rem;
+            font-size: 1rem;
+            background-color: rgba(0, 0, 0, .25);
+            box-shadow: inset -1px 0 0 rgba(0, 0, 0, .25);
+        }
+        .navbar .navbar-toggler {
+            top: .25rem;
+            right: 1rem;
+        }
+    </style>
+</head>
+<body>
+    <header class="navbar navbar-dark sticky-top bg-dark flex-md-nowrap p-0 shadow">
+        <a class="navbar-brand col-md-3 col-lg-2 me-0 px-3" href="{{ url_for('admin_dashboard') }}">Admin Panel</a>
+        <button class="navbar-toggler position-absolute d-md-none collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#sidebarMenu" aria-controls="sidebarMenu" aria-expanded="false" aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+        <!-- Optional: Search bar or other elements -->
+        <div class="navbar-nav">
+            <div class="nav-item text-nowrap">
+                <a class="nav-link px-3" href="{{ url_for('admin_logout') }}">Sign out</a>
+            </div>
+        </div>
+    </header>
+
+    <div class="container-fluid">
+        <div class="row">
+            <nav id="sidebarMenu" class="col-md-3 col-lg-2 d-md-block bg-light sidebar collapse">
+                <div class="position-sticky pt-3">
+                    <ul class="nav flex-column">
+                        <li class="nav-item">
+                            <a class="nav-link {% if request.url.path == url_for('admin_dashboard') %}active{% endif %}" aria-current="page" href="{{ url_for('admin_dashboard') }}">
+                                <i class="bi bi-house-door-fill"></i> Dashboard
+                            </a>
+                        </li>
+                        <li class="nav-item">
+                            <a class="nav-link {% if request.url.path == url_for('admin_files_page') %}active{% endif %}" href="{{ url_for('admin_files_page') }}">
+                                <i class="bi bi-file-earmark-arrow-up-fill"></i> Uploaded Files
+                            </a>
+                        </li>
+                        <li class="nav-item">
+                            <a class="nav-link {% if request.url.path == url_for('admin_logs_page') %}active{% endif %}" href="{{ url_for('admin_logs_page') }}">
+                                <i class="bi bi-card-list"></i> Application Logs
+                            </a>
+                        </li>
+                         <li class="nav-item mt-auto mb-2">
+                            <a class="nav-link" href="{{ url_for('read_root') }}" target="_blank">
+                                <i class="bi bi-box-arrow-up-right"></i> View Main Site
+                            </a>
+                        </li>
+                    </ul>
+                </div>
+            </nav>
+
+            <main class="col-md-9 ms-sm-auto col-lg-10 px-md-4">
+                <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
+                    <h1 class="h2">{% block page_title %}{% endblock %}</h1>
+                </div>
+                
+                {% block content %}{% endblock %}
+            </main>
+        </div>
+    </div>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+</html>

templates/admin_login.html

@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin Login</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet">
+    <style>
+        body {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            min-height: 100vh;
+            background-color: #f5f5f5;
+        }
+        .form-signin {
+            width: 100%;
+            max-width: 330px;
+            padding: 15px;
+            margin: auto;
+        }
+    </style>
+</head>
+<body>
+    <main class="form-signin text-center">
+        <form method="post" action="{{ url_for('admin_authenticate') }}">
+            <!-- <img class="mb-4" src="/docs/5.3/assets/brand/bootstrap-logo.svg" alt="" width="72" height="57"> -->
+            <h1 class="h3 mb-3 fw-normal">Admin Panel Login</h1>
+
+            {% if error %}
+            <div class="alert alert-danger" role="alert">
+                {{ error }}
+            </div>
+            {% endif %}
+
+            <div class="form-floating mb-2">
+                <input type="email" class="form-control" id="email" name="email" placeholder="name@example.com" required value="admin@example.com">
+                <label for="email">Email address</label>
+            </div>
+            <div class="form-floating">
+                <input type="password" class="form-control" id="password" name="password" placeholder="Password" required value="adminpassword">
+                <label for="password">Password</label>
+            </div>
+
+            <!-- <div class="checkbox mb-3">
+                <label>
+                    <input type="checkbox" value="remember-me"> Remember me
+                </label>
+            </div> -->
+            <button class="w-100 btn btn-lg btn-primary mt-3" type="submit">Sign in</button>
+            <p class="mt-5 mb-3 text-muted">© Your App Name {% now 'local', '%Y' %}</p>
+        </form>
+    </main>
+</body>
+</html>

templates/admin_logs.html

@@ -0,0 +1,21 @@
+{% extends "admin_layout.html" %}
+
+{% block title %}Application Logs{% endblock %}
+{% block page_title %}Application Logs{% endblock %}
+
+{% block content %}
+<div class="mb-3">
+    <p>Showing the last {{ log_entries|length }} log entries (newest first). The full log is in <code>app.log</code>.</p>
+    <a href="{{ url_for('admin_logs_page') }}" class="btn btn-sm btn-outline-secondary"><i class="bi bi-arrow-clockwise"></i> Refresh Logs</a>
+</div>
+
+<div class="log-container bg-light p-3 rounded border" style="max-height: 600px; overflow-y: auto; font-family: monospace; font-size: 0.85em; white-space: pre-wrap; word-break: break-all;">
+    {% if log_entries %}
+        {% for entry in log_entries %}
+            <div>{{ entry.strip() }}</div>
+        {% endfor %}
+    {% else %}
+        <div>No log entries found or log file is empty.</div>
+    {% endif %}
+</div>
+{% endblock %}

templates/index.html

@@ -0,0 +1,173 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>File Uploader</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet">
+    <style>
+        body {
+            padding-top: 40px;
+            padding-bottom: 40px;
+            background-color: #f5f5f5;
+        }
+        .container {
+            max-width: 600px;
+        }
+        .upload-form {
+            background-color: #fff;
+            padding: 30px;
+            border-radius: 8px;
+            box-shadow: 0 0 10px rgba(0,0,0,0.1);
+        }
+        .progress-container {
+            margin-top: 20px;
+            display: none; /* Hidden by default */
+        }
+        #uploadInfo {
+            margin-top: 10px;
+            font-size: 0.9em;
+        }
+        #downloadLinkContainer {
+            margin-top: 20px;
+            display: none; /* Hidden by default */
+        }
+        .loader {
+            border: 5px solid #f3f3f3; /* Light grey */
+            border-top: 5px solid #3498db; /* Blue */
+            border-radius: 50%;
+            width: 30px;
+            height: 30px;
+            animation: spin 1s linear infinite;
+            display: none; /* Hidden by default */
+            margin: 10px auto;
+        }
+        @keyframes spin {
+            0% { transform: rotate(0deg); }
+            100% { transform: rotate(360deg); }
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="upload-form">
+            <h2 class="text-center mb-4">Upload a File</h2>
+            <form id="uploadForm" enctype="multipart/form-data">
+                <div class="mb-3">
+                    <label for="fileInput" class="form-label">Choose file</label>
+                    <input class="form-control" type="file" id="fileInput" name="file" required>
+                </div>
+                <button type="submit" class="btn btn-primary w-100">Upload</button>
+            </form>
+
+            <div class="loader" id="loader"></div>
+
+            <div class="progress-container" id="progressContainer">
+                <div class="progress">
+                    <div id="progressBar" class="progress-bar progress-bar-striped progress-bar-animated" role="progressbar" style="width: 0%;" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100">0%</div>
+                </div>
+                <div id="uploadInfo" class="text-muted"></div>
+            </div>
+
+            <div id="downloadLinkContainer" class="alert alert-success" role="alert">
+                <strong>Success!</strong> File uploaded. <br>
+                Download link: <a href="#" id="downloadLink" target="_blank"></a>
+            </div>
+
+            <div id="errorContainer" class="alert alert-danger mt-3" role="alert" style="display: none;">
+                <strong>Error:</strong> <span id="errorMessage"></span>
+            </div>
+        </div>
+    </div>
+
+    <!-- Bootstrap JS Bundle (Popper.js included) -->
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script>
+    <script>
+        const uploadForm = document.getElementById('uploadForm');
+        const fileInput = document.getElementById('fileInput');
+        const loader = document.getElementById('loader');
+        const progressContainer = document.getElementById('progressContainer');
+        const progressBar = document.getElementById('progressBar');
+        const uploadInfo = document.getElementById('uploadInfo');
+        const downloadLinkContainer = document.getElementById('downloadLinkContainer');
+        const downloadLink = document.getElementById('downloadLink');
+        const errorContainer = document.getElementById('errorContainer');
+        const errorMessage = document.getElementById('errorMessage');
+        let startTime;
+        uploadForm.addEventListener('submit', async function(event) {
+            event.preventDefault();
+            const file = fileInput.files[0];
+            if (!file) {
+                alert('Please select a file to upload.');
+                return;
+            }
+            const formData = new FormData();
+            formData.append('file', file);
+            // Reset UI
+            loader.style.display = 'block';
+            progressContainer.style.display = 'block';
+            progressBar.style.width = '0%';
+            progressBar.textContent = '0%';
+            uploadInfo.textContent = 'Starting upload...';
+            downloadLinkContainer.style.display = 'none';
+            errorContainer.style.display = 'none';
+            startTime = Date.now();
+            const xhr = new XMLHttpRequest();
+            xhr.open('POST', '/upload/', true);
+            xhr.upload.onprogress = function(event) {
+                if (event.lengthComputable) {
+                    const percentComplete = Math.round((event.loaded / event.total) * 100);
+                    progressBar.style.width = percentComplete + '%';
+                    progressBar.textContent = percentComplete + '%';
+                    const elapsedTime = (Date.now() - startTime) / 1000; // seconds
+                    const speed = event.loaded / elapsedTime; // bytes per second
+                    const speedMbps = (speed * 8 / 1000000).toFixed(2); // Mbps
+                    uploadInfo.textContent = `Uploaded ${formatBytes(event.loaded)} of ${formatBytes(event.total)} (${percentComplete}%) at ${speedMbps} Mbps`;
+                }
+            };
+            xhr.onload = function() {
+                loader.style.display = 'none';
+                if (xhr.status === 200) {
+                    const response = JSON.parse(xhr.responseText);
+                    uploadInfo.textContent = 'Upload complete!';
+                    progressBar.classList.remove('progress-bar-animated');
+                    progressBar.classList.add('bg-success');
+                    downloadLink.href = response.download_url;
+                    // The filename in the link text should be the one returned by the server (sanitized)
+                    downloadLink.textContent = response.filename;
+                    downloadLinkContainer.style.display = 'block';
+                } else {
+                    progressBar.classList.remove('progress-bar-animated');
+                    progressBar.classList.add('bg-danger');
+                    try {
+                        const errorResponse = JSON.parse(xhr.responseText);
+                        errorMessage.textContent = errorResponse.detail || `Server error: ${xhr.status}`;
+                    } catch (e) {
+                         errorMessage.textContent = `Server error: ${xhr.status} - ${xhr.statusText}`;
+                    }
+                    errorContainer.style.display = 'block';
+                    uploadInfo.textContent = 'Upload failed.';
+                }
+            };
+            xhr.onerror = function() {
+                loader.style.display = 'none';
+                progressBar.classList.remove('progress-bar-animated');
+                progressBar.classList.add('bg-danger');
+                errorMessage.textContent = 'Network error or server unavailable.';
+                errorContainer.style.display = 'block';
+                uploadInfo.textContent = 'Upload failed.';
+            };
+            xhr.send(formData);
+        });
+        function formatBytes(bytes, decimals = 2) {
+            if (bytes === 0) return '0 Bytes';
+            const k = 1024;
+            const dm = decimals < 0 ? 0 : decimals;
+            const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
+            const i = Math.floor(Math.log(bytes) / Math.log(k));
+            return parseFloat((bytes / Math.pow(k, i)).toFixed(dm)) + ' ' + sizes[i];
+        }
+    </script>
+</body>
+</html>