librechat

Running

App Files Files

librechat / removed /app-temp.py

martynka

Rename app-temp.py to removed/app-temp.py

9ea577a verified about 1 month ago

raw

history blame

2.29 kB

	from flask import Flask, request, jsonify, render_template
	from pymongo.mongo_client import MongoClient
	from pymongo.server_api import ServerApi
	from werkzeug.security import generate_password_hash
	import os
	import hmac
	from functools import wraps

	app = Flask(__name__, template_folder='/app/sudo/templates')
	app.secret_key = os.getenv("FLASK_SECRET")

	# MongoDB connection
	uri = os.getenv("MONGO_URI")
	client = MongoClient(uri, server_api=ServerApi('1'))
	db = client['librechat']

	ADMIN_SECRET = os.getenv("ADMIN_SECRET")

	# Authentication decorator
	def require_auth(f):
	@wraps(f)
	def wrapper(args, *kwargs):
	auth_token = request.headers.get('X-Auth-Token')
	if not auth_token or not hmac.compare_digest(auth_token, ADMIN_SECRET):
	return jsonify({"error": "Unauthorized"}), 403
	return f(args, *kwargs)
	return wrapper

	# Routes
	@app.route('/sudo')
	def admin_panel():
	return render_template('index.html')

	@app.route('/sudo/login', methods=['POST'])
	def login():
	if not hmac.compare_digest(request.json.get('password') or '', ADMIN_SECRET):
	return jsonify({"error": "Invalid credentials"}), 401
	return jsonify({"token": ADMIN_SECRET})

	@app.route('/sudo/users', methods=['GET'])
	@require_auth
	def list_users():
	users = list(db.users.find({}, {"_id": 0, "username": 1}))
	return jsonify(users)

	@app.route('/sudo/users', methods=['POST'])
	@require_auth
	def add_user():
	user_data = {
	"username": request.json["username"],
	"password": generate_password_hash(request.json["password"]),
	"role": "user"
	}
	db.users.insert_one(user_data)
	return jsonify({"status": "User added"})

	@app.route('/sudo/users/<username>', methods=['DELETE'])
	@require_auth
	def delete_user(username):
	result = db.users.delete_one({"username": username})
	if result.deleted_count == 0:
	return jsonify({"error": "User not found"}), 404
	return jsonify({"status": "User deleted"})
	@app.route('/sudo/debug')
	def debug():
	return jsonify({
	"expected_password": os.getenv("ADMIN_SECRET", "NOT_SET!"),
	"flask_secret_set": bool(os.getenv("FLASK_SECRET")),
	"mongo_connected": bool(client)
	})

	if __name__ == "__main__":
	app.run(host='0.0.0.0', port=5000)