Upload 3 files

app.py

@@ -24,9 +24,9 @@ app.config['SQLALCHEMY_DATABASE_URI'] = os.environ.get('DATABASE_URL', 'sqlite:/
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'dev-key-change-in-production-xyz123')
 app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=7)
-app.config['SESSION_COOKIE_SECURE'] = False
+app.config['SESSION_COOKIE_SECURE'] = True  # ← HF Spaces uses HTTPS
 app.config['SESSION_COOKIE_HTTPONLY'] = True
-app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
+app.config['SESSION_COOKIE_SAMESITE'] = 'None'  # ← Allow cross-site cookies
 app.config['SQLALCHEMY_ENGINE_OPTIONS'] = {
     'pool_recycle': 300,
     'pool_pre_ping': True,

static/script.js

@@ -1,4 +1,5 @@
-// Navigation Logic
+// ==================== NAVIGATION ====================
+
 function showSection(sectionId) {
     document.querySelectorAll('.section').forEach(el => el.classList.remove('active'));
     document.querySelectorAll('.nav-links li').forEach(el => el.classList.remove('active'));
@@ -6,13 +7,18 @@ function showSection(sectionId) {
     document.getElementById(sectionId).classList.add('active');
     event.target.classList.add('active');
 
-    if(sectionId === 'dashboard') loadStats();
+    if(sectionId === 'dashboard') {
+        loadStats();
+        loadLogs();
+    }
     if(sectionId === 'list') loadApis();
+    if(sectionId === 'keys') loadKeys();
 }
 
-// Load Stats
+// ==================== STATS ====================
+
 async function loadStats() {
-    const res = await fetch('/api/cms/stats');
+    const res = await fetch('/api/cms/stats', { credentials: 'include' });
     const data = await res.json();
     
     document.getElementById('stat-calls').innerText = data.total_calls;
@@ -21,7 +27,8 @@ async function loadStats() {
     document.getElementById('stat-apis').innerText = data.active_apis;
 }
 
-// Create API
+// ==================== CREATE API ====================
+
 document.getElementById('create-form').addEventListener('submit', async (e) => {
     e.preventDefault();
     
@@ -34,18 +41,24 @@ document.getElementById('create-form').addEventListener('submit', async (e) => {
     const res = await fetch('/api/cms/create', {
         method: 'POST',
         headers: {'Content-Type': 'application/json'},
-        body: JSON.stringify(payload)
+        body: JSON.stringify(payload),
+        credentials: 'include'
     });
 
     if(res.ok) {
-        alert('API Created! You can now POST to: http://localhost:5000/user-api/' + payload.route);
+        alert('API Created! You can now POST to: /user-api/' + payload.route);
         document.getElementById('create-form').reset();
         showSection('list');
+    } else {
+        const data = await res.json();
+        alert('Error: ' + data.message);
     }
 });
 
+// ==================== LOGS ====================
+
 async function loadLogs() {
-    const res = await fetch('/api/cms/logs');
+    const res = await fetch('/api/cms/logs', { credentials: 'include' });
     const logs = await res.json();
     const container = document.getElementById('logs-container');
     
@@ -72,24 +85,10 @@ async function loadLogs() {
     container.innerHTML = html;
 }
 
-// Update showSection function to load logs
-function showSection(sectionId) {
-    document.querySelectorAll('.section').forEach(el => el.classList.remove('active'));
-    document.querySelectorAll('.nav-links li').forEach(el => el.classList.remove('active'));
-    
-    document.getElementById(sectionId).classList.add('active');
-    event.target.classList.add('active');
+// ==================== API LIST ====================
 
-    if(sectionId === 'dashboard') {
-        loadStats();
-        loadLogs();
-    }
-    if(sectionId === 'list') loadApis();
-}
-
-// Load API List
 async function loadApis() {
-    const res = await fetch('/api/cms/list');
+    const res = await fetch('/api/cms/list', { credentials: 'include' });
     const apis = await res.json();
     const tbody = document.getElementById('api-table-body');
     
@@ -111,18 +110,21 @@ async function loadApis() {
     });
 }
 
-// Add delete function
 async function deleteApi(id) {
     if(confirm('Are you sure you want to delete this API?')) {
-        await fetch(`/api/cms/delete/${id}`, { method: 'DELETE' });
+        await fetch(`/api/cms/delete/${id}`, { 
+            method: 'DELETE',
+            credentials: 'include'
+        });
         loadApis();
         loadStats();
     }
 }
 
-// API Keys Functions
+// ==================== API KEYS ====================
+
 async function loadKeys() {
-    const res = await fetch('/api/cms/keys');
+    const res = await fetch('/api/cms/keys', { credentials: 'include' });
     const keys = await res.json();
     const tbody = document.getElementById('keys-table-body');
     
@@ -151,7 +153,8 @@ async function createKey() {
     const res = await fetch('/api/cms/keys', {
         method: 'POST',
         headers: {'Content-Type': 'application/json'},
-        body: JSON.stringify({name})
+        body: JSON.stringify({name}),
+        credentials: 'include'
     });
     
     const data = await res.json();
@@ -160,52 +163,48 @@ async function createKey() {
         alert('New API Key Generated:\n\n' + data.key + '\n\nSave this key! It won\'t be shown again.');
         document.getElementById('key-name').value = '';
         loadKeys();
+    } else {
+        alert('Error: ' + data.message);
     }
 }
 
 async function toggleKey(id) {
-    await fetch(`/api/cms/keys/${id}/toggle`, {method: 'POST'});
+    await fetch(`/api/cms/keys/${id}/toggle`, {
+        method: 'POST',
+        credentials: 'include'
+    });
     loadKeys();
 }
 
 async function deleteKey(id) {
     if(confirm('Delete this API Key?')) {
-        await fetch(`/api/cms/keys/${id}`, {method: 'DELETE'});
+        await fetch(`/api/cms/keys/${id}`, {
+            method: 'DELETE',
+            credentials: 'include'
+        });
         loadKeys();
     }
 }
 
-// Export Function
+// ==================== EXPORT ====================
+
 function exportLogs() {
     window.open('/api/cms/export', '_blank');
 }
 
-// Update showSection to handle keys
-function showSection(sectionId) {
-    document.querySelectorAll('.section').forEach(el => el.classList.remove('active'));
-    document.querySelectorAll('.nav-links li').forEach(el => el.classList.remove('active'));
-    
-    document.getElementById(sectionId).classList.add('active');
-    event.target.classList.add('active');
-
-    if(sectionId === 'dashboard') {
-        loadStats();
-        loadLogs();
-    }
-    if(sectionId === 'list') loadApis();
-    if(sectionId === 'keys') loadKeys();
-}
+// ==================== TEST API ====================
 
-// Simple Test Function
 async function testApi(route) {
     const res = await fetch(`/user-api/${route}`, {
         method: 'POST',
         headers: {'Content-Type': 'application/json'},
-        body: JSON.stringify({test: "data"})
+        body: JSON.stringify({test: "data"}),
+        credentials: 'include'
     });
     const data = await res.json();
     alert("Response:\n" + JSON.stringify(data, null, 2));
 }
 
-// Initial Load
+// ==================== INITIAL LOAD ====================
+
 loadStats();