Hugging Face's logo

Spaces:
coild
/
dhravani
Running

App Files Community
dhravani / templates /super_admin.html
coild's picture
coild
Upload 50 files
48637d6 verified
raw
history blame contribute delete
18.4 kB
 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Super Admin - COILD Dhravani</title>
<link rel="icon" type="image/x-icon" href="{{ url_for('static', filename='favicon.ico') }}">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet">
<link rel="stylesheet" href="{{ url_for('static', filename='super_admin.css') }}">
<meta name="csrf-token" content="{{ session['csrf_token'] }}">
</head>
<body>
<div class="container-fluid px-3">
<!-- Password Entry Section (initially visible) -->
<div id="passwordSection" class="card mt-5" style="max-width: 500px; margin: auto;">
<div class="card-body">
<h4 class="card-title mb-4">Super Admin Authentication</h4>
<p class="text-muted">
<i class="fas fa-info-circle"></i>
Super admin access requires additional verification.
</p>
<div class="form-group">
<label for="superAdminPassword">Enter Super Admin Password</label>
<input type="password" class="form-control" id="superAdminPassword" autocomplete="off">
</div>
<div class="d-flex justify-content-between mt-3">
<button class="btn btn-primary" id="verifyPasswordBtn">Verify Password</button>
<a href="{{ url_for('admin.admin_interface') }}" class="btn btn-outline-secondary">Back to Admin</a>
</div>
<div id="passwordError" class="alert alert-danger mt-3" style="display: none;"></div>
</div>
</div>
<!-- Main Content Section (initially hidden) -->
<div id="mainContent" style="display: none;">
<div class="d-flex justify-content-between align-items-center pt-3 pb-3">
<h4 class="mb-0">COILD Dhravani Super Admin</h4>
<div class="d-flex align-items-center gap-3">
<span class="text-muted" id="sessionTimer">Session expires in: 30:00</span>
<a href="{{ url_for('admin.admin_interface') }}" class="btn btn-outline-primary">Back to Admin</a>
<a href="{{ url_for('logout') }}" class="btn btn-outline-secondary">Logout</a>
</div>
</div>
<div class="alert alert-warning">
<strong><i class="fas fa-exclamation-triangle"></i> Warning:</strong>
Changes made here affect administrator access to the system. Proceed with caution.
</div>
<div class="admin-card mb-4">
<h3 class="section-title mb-4">
<i class="fas fa-users-cog"></i>
Admin Management
</h3>
<!-- Search User Section -->
<div class="search-section mb-4">
<h5 class="sub-section-title mb-3">
<i class="fas fa-search"></i>
Search User
</h5>
<div class="input-group">
<input type="email"
id="searchEmail"
class="form-control"
placeholder="Enter exact email address..."
pattern="[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}">
<button class="btn btn-outline-primary" id="searchButton">
<i class="fas fa-search"></i> Search
</button>
</div>
<div id="searchResults" class="table-responsive mt-3" style="display: none;">
<table class="table table-hover">
<thead>
<tr>
<th>Email</th>
<th>Name</th>
<th>Current Role</th>
<th>Actions</th>
</tr>
</thead>
<tbody></tbody>
</table>
</div>
</div>
<!-- Current Admins List -->
<div class="admins-section">
<h5 class="sub-section-title mb-3">
<i class="fas fa-user-shield"></i>
Current Admins
</h5>
<div class="table-responsive">
<table class="table table-hover" id="adminsTable">
<thead>
<tr>
<th>Email</th>
<th>Name</th>
<th>Actions</th>
</tr>
</thead>
<tbody></tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
<script>
// Avoid storing password directly - use session management instead
let sessionActive = false;
let sessionStartTime = null;
let sessionTimeout = 1800; // Default 30 minutes (matches server setting)
let sessionTimer = null;
// CSRF token handling
function getCSRFToken() {
return document.querySelector('meta[name="csrf-token"]').getAttribute('content');
}
// Update session countdown timer
function updateSessionTimer() {
if (!sessionActive || !sessionStartTime) return;
const now = Math.floor(Date.now() / 1000);
const elapsedSeconds = now - sessionStartTime;
const remainingSeconds = Math.max(0, sessionTimeout - elapsedSeconds);
if (remainingSeconds <= 0) {
clearInterval(sessionTimer);
alert('Super admin session expired. Please verify your password again.');
location.reload();
return;
}
const minutes = Math.floor(remainingSeconds / 60);
const seconds = remainingSeconds % 60;
document.getElementById('sessionTimer').textContent =
`Session expires in: ${minutes}:${seconds.toString().padStart(2, '0')}`;
// Warn when less than 2 minutes remain
if (remainingSeconds < 120 && remainingSeconds > 115) {
alert('Your super admin session will expire in 2 minutes.');
}
}
// Password verification
document.getElementById('verifyPasswordBtn').addEventListener('click', async function() {
try {
const password = document.getElementById('superAdminPassword').value;
const errorDiv = document.getElementById('passwordError');
if (!password) {
errorDiv.textContent = "Password cannot be empty";
errorDiv.style.display = 'block';
return;
}
errorDiv.style.display = 'none';
this.disabled = true;
this.innerHTML = '<span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span> Verifying...';
const response = await fetch('/admin/super/verify', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-CSRF-Token': getCSRFToken()
},
body: JSON.stringify({ password: password })
});
const data = await response.json();
if (response.ok) {
// Store session info but not the password itself
sessionActive = true;
sessionStartTime = Math.floor(Date.now() / 1000);
sessionTimeout = data.expires_in || 1800;
document.getElementById('passwordSection').style.display = 'none';
document.getElementById('mainContent').style.display = 'block';
// Start session timer
updateSessionTimer();
sessionTimer = setInterval(updateSessionTimer, 1000);
// Load admins list
loadAdmins();
} else {
errorDiv.textContent = data.error || "Verification failed";
errorDiv.style.display = 'block';
// Clear password field after failed attempt
document.getElementById('superAdminPassword').value = '';
}
} catch (error) {
document.getElementById('passwordError').textContent = "Error: " + error.message;
document.getElementById('passwordError').style.display = 'block';
} finally {
this.disabled = false;
this.innerHTML = 'Verify Password';
}
});
// Enter key for password field
document.getElementById('superAdminPassword').addEventListener('keyup', function(event) {
if (event.key === 'Enter') {
document.getElementById('verifyPasswordBtn').click();
}
});
// Function to get auth headers (doesn't store password)
function getAuthHeaders() {
return {
'X-CSRF-Token': getCSRFToken()
};
}
// Load admins list
async function loadAdmins() {
try {
const response = await fetch('/admin/super/admins', {
headers: getAuthHeaders()
});
if (!response.ok) {
if (response.status === 401 || response.status === 403) {
// Session expired or unauthorized
alert('Your session has expired or you are not authorized. Please log in again.');
location.reload();
return;
}
throw new Error('Failed to load admins');
}
const data = await response.json();
const tbody = document.querySelector('#adminsTable tbody');
tbody.innerHTML = '';
if (data.users.length === 0) {
tbody.innerHTML = '<tr><td colspan="3" class="text-center">No admins found</td></tr>';
return;
}
data.users.forEach(user => {
// Don't allow removing current user
const isSelf = user.id === '{{ session.user.id }}';
const tr = document.createElement('tr');
tr.innerHTML = `
<td>${user.email}</td>
<td>${user.name || 'N/A'}</td>
<td>
${!isSelf ?
`<button class="btn btn-sm btn-danger remove-admin" data-user-id="${user.id}">
Remove Admin
</button>` :
'<span class="text-muted">Current User</span>'
}
</td>
`;
tbody.appendChild(tr);
});
addRemoveAdminListeners();
} catch (error) {
console.error('Error loading admins:', error);
}
}
// Search functionality
document.getElementById('searchButton').addEventListener('click', async function() {
const email = document.getElementById('searchEmail').value.trim();
if (!email) {
alert('Please enter an email address');
return;
}
try {
const response = await fetch(`/admin/super/users/search?email=${encodeURIComponent(email)}`, {
headers: getAuthHeaders()
});
if (!response.ok) {
if (response.status === 401 || response.status === 403) {
// Session expired or unauthorized
alert('Your session has expired or you are not authorized. Please log in again.');
location.reload();
return;
}
throw new Error('Search failed');
}
const data = await response.json();
const tbody = document.querySelector('#searchResults tbody');
tbody.innerHTML = '';
if (data.users.length === 0) {
tbody.innerHTML = '<tr><td colspan="4" class="text-center">No users found</td></tr>';
} else {
data.users.forEach(user => {
// Don't allow changing own role
const isSelf = user.id === '{{ session.user.id }}';
const tr = document.createElement('tr');
tr.innerHTML = `
<td>${user.email}</td>
<td>${user.name || 'N/A'}</td>
<td>${user.role}</td>
<td>
${(user.role !== 'admin' && !isSelf) ?
`<button class="btn btn-sm btn-primary make-admin" data-user-id="${user.id}">
Make Admin
</button>` :
isSelf ? '<span class="text-muted">Current User</span>' :
'<span class="text-muted">Already Admin</span>'
}
</td>
`;
tbody.appendChild(tr);
});
}
document.getElementById('searchResults').style.display = 'block';
addMakeAdminListeners();
} catch (error) {
console.error('Error searching users:', error);
alert('Error searching users');
}
});
function addMakeAdminListeners() {
document.querySelectorAll('.make-admin').forEach(btn => {
btn.addEventListener('click', async function() {
if(confirm('Make this user an admin?\n\nThis will give them full administrative access to the system.')) {
await updateUserRole(this.dataset.userId, 'admin');
loadAdmins();
document.getElementById('searchEmail').value = '';
document.getElementById('searchResults').style.display = 'none';
}
});
});
}
function addRemoveAdminListeners() {
document.querySelectorAll('.remove-admin').forEach(btn => {
btn.addEventListener('click', async function() {
if(confirm('Remove admin privileges from this user?\n\nThey will be demoted to moderator status.')) {
await updateUserRole(this.dataset.userId, 'moderator');
loadAdmins();
}
});
});
}
async function updateUserRole(userId, newRole) {
try {
const response = await fetch(`/admin/super/users/${userId}/role`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
...getAuthHeaders()
},
body: JSON.stringify({ role: newRole })
});
if (!response.ok) {
if (response.status === 401 || response.status === 403) {
// Session expired or unauthorized
alert('Your session has expired or you are not authorized. Please log in again.');
location.reload();
return false;
}
const error = await response.json();
throw new Error(error.error || 'Failed to update role');
}
const result = await response.json();
return true;
} catch (error) {
alert('Error updating role: ' + error.message);
return false;
}
}
// Clear sensitive data when leaving page
window.addEventListener('beforeunload', function() {
document.getElementById('superAdminPassword').value = '';
sessionActive = false;
sessionStartTime = null;
clearInterval(sessionTimer);
});
</script>
</body>
</html>