ryan/chore
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 5 Releases Wiki Activity
Files
a7ac179e1a3db50f9915d95bd90d7bb034ead224
chore/backend/api/admin_api.py
Ryan Kegel 27f02224ab
All checks were successful
Gitea Actions Demo / build-and-push (push) Successful in 17s
Details
feat: Implement admin role validation and enhance user management scripts
2026-02-08 23:19:30 -05:00

200 lines
6.8 KiB
Python
Raw Blame History

from flask import Blueprint, request, jsonify
from datetime import datetime, timedelta
from tinydb import Query
import jwt
from functools import wraps
from db.db import users_db
from models.user import User
from config.deletion_config import (
ACCOUNT_DELETION_THRESHOLD_HOURS,
MIN_THRESHOLD_HOURS,
MAX_THRESHOLD_HOURS,
validate_threshold
)
from utils.account_deletion_scheduler import trigger_deletion_manually
admin_api = Blueprint('admin_api', __name__)
def admin_required(f):
"""
Decorator to require admin role for endpoints.
"""
@wraps(f)
def decorated_function(*args, **kwargs):
# Get JWT token from cookie
token = request.cookies.get('token')
if not token:
return jsonify({'error': 'Authentication required', 'code': 'AUTH_REQUIRED'}), 401
try:
# Verify JWT token
payload = jwt.decode(token, 'supersecretkey', algorithms=['HS256'])
user_id = payload.get('user_id')
if not user_id:
return jsonify({'error': 'Invalid token', 'code': 'INVALID_TOKEN'}), 401
# Get user from database
Query_ = Query()
user_dict = users_db.get(Query_.id == user_id)
if not user_dict:
return jsonify({'error': 'User not found', 'code': 'USER_NOT_FOUND'}), 404
user = User.from_dict(user_dict)
# Check if user has admin role
if user.role != 'admin':
return jsonify({'error': 'Admin access required', 'code': 'ADMIN_REQUIRED'}), 403
# Pass user to the endpoint
request.current_user = user
except jwt.ExpiredSignatureError:
return jsonify({'error': 'Token expired', 'code': 'TOKEN_EXPIRED'}), 401
except jwt.InvalidTokenError:
return jsonify({'error': 'Invalid token', 'code': 'INVALID_TOKEN'}), 401
return f(*args, **kwargs)
return decorated_function
@admin_api.route('/admin/deletion-queue', methods=['GET'])
@admin_required
def get_deletion_queue():
"""
Get list of users pending deletion.
Returns users marked for deletion with their deletion due dates.
"""
try:
Query_ = Query()
marked_users = users_db.search(Query_.marked_for_deletion == True)
users_data = []
for user_dict in marked_users:
user = User.from_dict(user_dict)
# Calculate deletion_due_at
deletion_due_at = None
if user.marked_for_deletion_at:
try:
marked_at = datetime.fromisoformat(user.marked_for_deletion_at)
due_at = marked_at + timedelta(hours=ACCOUNT_DELETION_THRESHOLD_HOURS)
deletion_due_at = due_at.isoformat()
except (ValueError, TypeError):
pass
users_data.append({
'id': user.id,
'email': user.email,
'marked_for_deletion_at': user.marked_for_deletion_at,
'deletion_due_at': deletion_due_at,
'deletion_in_progress': user.deletion_in_progress,
'deletion_attempted_at': user.deletion_attempted_at
})
return jsonify({
'count': len(users_data),
'users': users_data
}), 200
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500
@admin_api.route('/admin/deletion-threshold', methods=['GET'])
@admin_required
def get_deletion_threshold():
"""
Get current deletion threshold configuration.
"""
return jsonify({
'threshold_hours': ACCOUNT_DELETION_THRESHOLD_HOURS,
'threshold_min': MIN_THRESHOLD_HOURS,
'threshold_max': MAX_THRESHOLD_HOURS
}), 200
@admin_api.route('/admin/deletion-threshold', methods=['PUT'])
@admin_required
def update_deletion_threshold():
"""
Update deletion threshold.
Note: This updates the runtime value but doesn't persist to environment variables.
For permanent changes, update the ACCOUNT_DELETION_THRESHOLD_HOURS env variable.
"""
try:
data = request.get_json()
if not data or 'threshold_hours' not in data:
return jsonify({
'error': 'threshold_hours is required',
'code': 'MISSING_THRESHOLD'
}), 400
new_threshold = data['threshold_hours']
# Validate type
if not isinstance(new_threshold, int):
return jsonify({
'error': 'threshold_hours must be an integer',
'code': 'INVALID_TYPE'
}), 400
# Validate range
if new_threshold < MIN_THRESHOLD_HOURS:
return jsonify({
'error': f'threshold_hours must be at least {MIN_THRESHOLD_HOURS}',
'code': 'THRESHOLD_TOO_LOW'
}), 400
if new_threshold > MAX_THRESHOLD_HOURS:
return jsonify({
'error': f'threshold_hours must be at most {MAX_THRESHOLD_HOURS}',
'code': 'THRESHOLD_TOO_HIGH'
}), 400
# Update the global config
import config.deletion_config as config
config.ACCOUNT_DELETION_THRESHOLD_HOURS = new_threshold
# Validate and log warning if needed
validate_threshold()
return jsonify({
'message': 'Deletion threshold updated successfully',
'threshold_hours': new_threshold
}), 200
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500
@admin_api.route('/admin/deletion-queue/trigger', methods=['POST'])
@admin_required
def trigger_deletion_queue():
"""
Manually trigger the deletion scheduler to process the queue immediately.
Returns stats about the run.
"""
try:
# Trigger the deletion process
result = trigger_deletion_manually()
# Get updated queue stats
Query_ = Query()
marked_users = users_db.search(Query_.marked_for_deletion == True)
# Count users that were just processed (this is simplified)
processed = result.get('queued_users', 0)
# In a real implementation, you'd return actual stats from the deletion run
# For now, we'll return simplified stats
return jsonify({
'message': 'Deletion scheduler triggered',
'processed': processed,
'deleted': 0, # TODO: Track this in the deletion function
'failed': 0 # TODO: Track this in the deletion function
}), 200
except Exception as e:
return jsonify({'error': str(e), 'code': 'SERVER_ERROR'}), 500
Reference in New Issue View Git Blame Copy Permalink