Peter (OpenClaw)
a5e2788d57
- admin_routes.py: Robuste Fehlerbehandlung für fehlende 'config' Tabelle - admin_routes.py: Alle Endpunkte mit try/except geschützt - login_routes.py: /admin Route hinzugefügt (fehlte nach Refactoring) - SMTP/LLM/Hours APIs funktionieren jetzt auch ohne bestehende Config Closes: 500er Fehler bei SMTP und LLM Konfiguration
40 lines
1.3 KiB
Python
40 lines
1.3 KiB
Python
"""Login und Captcha Routes"""
|
|
from flask import Blueprint, request, jsonify, session, render_template, redirect
|
|
from auth import generate_captcha, verify_captcha, check_admin_password
|
|
|
|
auth_bp = Blueprint('auth', __name__)
|
|
|
|
@auth_bp.route('/api/captcha', methods=['GET'])
|
|
def get_captcha():
|
|
captcha = generate_captcha()
|
|
return jsonify({"image": captcha["image"], "token": captcha["token"]})
|
|
|
|
@auth_bp.route('/api/admin/login', methods=['POST'])
|
|
def admin_login():
|
|
data = request.get_json() or {}
|
|
password = data.get('password', '')
|
|
|
|
if check_admin_password(password):
|
|
session['user_role'] = 'admin'
|
|
session['login_time'] = __import__('time').time()
|
|
return jsonify({"status": "ok", "role": "admin"})
|
|
return jsonify({"error": "Invalid credentials"}), 401
|
|
|
|
@auth_bp.route('/api/admin/logout', methods=['POST'])
|
|
def admin_logout():
|
|
session.pop('user_role', None)
|
|
session.pop('login_time', None)
|
|
return jsonify({"status": "ok"})
|
|
|
|
@auth_bp.route('/api/session', methods=['GET'])
|
|
def check_session():
|
|
role = session.get('user_role')
|
|
if role:
|
|
return jsonify({"role": role, "logged_in": True})
|
|
return jsonify({"logged_in": False})
|
|
|
|
@auth_bp.route('/admin')
|
|
def admin_dashboard():
|
|
if session.get('user_role') != 'admin':
|
|
return redirect('/')
|
|
return render_template('admin.html') |