from flask import Blueprint, render_template, redirect, url_for, flash, request, current_app from flask_login import login_required, current_user from werkzeug.security import generate_password_hash from app.extensions import db from app.models.user import PortalUser from app.models.app_access import AppAccess from app.models.api_key import ApiKey bp = Blueprint('settings', __name__, url_prefix='/settings') def _sync_user_to_app(app_id, username, role): """ Notify an app's internal /internal/sync-user endpoint so the user is pre-created / role-updated in that app's own DB. Silently swallows errors so it never breaks the portal flow. """ import urllib.request import json registered = {a['id']: a for a in current_app.config.get('REGISTERED_APPS', [])} app_meta = registered.get(app_id) if not app_meta or not app_meta.get('internal_url'): return secret = current_app.config.get('INTERNAL_SYNC_SECRET', '') url = app_meta['internal_url'].rstrip('/') + '/internal/sync-user' body = json.dumps({'username': username, 'role': role}).encode() req = urllib.request.Request( url, data=body, headers={ 'Content-Type': 'application/json', 'X-Internal-Token': secret, }, method='POST', ) try: with urllib.request.urlopen(req, timeout=3): pass except Exception: pass # Best-effort; SSO will sync on first login anyway def _admin_required(f): from functools import wraps from flask_login import current_user from flask import abort @wraps(f) def decorated(*args, **kwargs): if not current_user.is_admin: abort(403) return f(*args, **kwargs) return decorated @bp.route('/') @login_required @_admin_required def index(): users = PortalUser.query.order_by(PortalUser.username).all() registered_apps = current_app.config['REGISTERED_APPS'] return render_template('settings/index.html', users=users, registered_apps=registered_apps) # ── User management ──────────────────────────────────────────────────────────── @bp.route('/users/new', methods=['GET', 'POST']) @login_required @_admin_required def new_user(): registered_apps = current_app.config['REGISTERED_APPS'] if request.method == 'POST': username = request.form.get('username', '').strip() email = request.form.get('email', '').strip() password = request.form.get('password', '') is_admin = request.form.get('is_admin') == 'on' if not username or not email or not password: flash('Username, email and password are required.', 'danger') return render_template('settings/new_user.html', registered_apps=registered_apps) if PortalUser.query.filter_by(username=username).first(): flash('Username already exists.', 'danger') return render_template('settings/new_user.html', registered_apps=registered_apps) user = PortalUser( username=username, email=email, password_hash=generate_password_hash(password), is_admin=is_admin, is_active=True, ) db.session.add(user) db.session.flush() for app in registered_apps: app_id = app['id'] role_val = request.form.get(f'role_{app_id}', 'none').strip() if role_val in ('admin', 'user'): db.session.add(AppAccess(user_id=user.id, app_name=app_id, is_active=True, app_role=role_val)) db.session.commit() # Best-effort: pre-create user in each app that supports sync for app in registered_apps: app_id = app['id'] role_val = request.form.get(f'role_{app_id}', 'none').strip() if role_val in ('admin', 'user'): _sync_user_to_app(app_id, username, role_val) flash(f'User "{username}" created successfully.', 'success') return redirect(url_for('settings.index')) return render_template('settings/new_user.html', registered_apps=registered_apps) @bp.route('/users//access', methods=['POST']) @login_required @_admin_required def update_access(user_id): user = PortalUser.query.get_or_404(user_id) registered_apps = current_app.config['REGISTERED_APPS'] for app in registered_apps: app_id = app['id'] # The UI sends role_ = 'admin' | 'user' | 'none' role_val = request.form.get(f'role_{app_id}', 'none').strip() should_have = role_val in ('admin', 'user') app_role = role_val if role_val in ('admin', 'user') else None existing = AppAccess.query.filter_by(user_id=user.id, app_name=app_id).first() if existing: existing.is_active = should_have existing.app_role = app_role elif should_have: db.session.add(AppAccess(user_id=user.id, app_name=app_id, is_active=True, app_role=app_role)) db.session.commit() # Best-effort: pre-create / update user in each app that supports sync for app in registered_apps: app_id = app['id'] role_val = request.form.get(f'role_{app_id}', 'none').strip() if role_val in ('admin', 'user'): _sync_user_to_app(app_id, user.username, role_val) flash(f'Access for "{user.username}" updated.', 'success') return redirect(url_for('settings.index')) @bp.route('/users//delete', methods=['POST']) @login_required @_admin_required def delete_user(user_id): if user_id == current_user.id: flash('You cannot delete your own account.', 'danger') return redirect(url_for('settings.index')) user = PortalUser.query.get_or_404(user_id) db.session.delete(user) db.session.commit() flash(f'User "{user.username}" deleted.', 'success') return redirect(url_for('settings.index')) # ── API key management ───────────────────────────────────────────────────────── @bp.route('/api-keys') @login_required @_admin_required def api_keys(): keys = ApiKey.query.order_by(ApiKey.created_at.desc()).all() registered_apps = current_app.config['REGISTERED_APPS'] users = PortalUser.query.order_by(PortalUser.username).all() return render_template('settings/api_keys.html', keys=keys, registered_apps=registered_apps, users=users) @bp.route('/api-keys/new', methods=['POST']) @login_required @_admin_required def new_api_key(): user_id = request.form.get('user_id', type=int) app_name = request.form.get('app_name', '').strip() description = request.form.get('description', '').strip() if not user_id or not app_name: flash('User and application are required.', 'danger') return redirect(url_for('settings.api_keys')) key = ApiKey( user_id=user_id, key=ApiKey.generate_key(), app_name=app_name, description=description or None, ) db.session.add(key) db.session.commit() flash(f'API key created: {key.key}', 'success') return redirect(url_for('settings.api_keys')) @bp.route('/api-keys//revoke', methods=['POST']) @login_required @_admin_required def revoke_api_key(key_id): key = ApiKey.query.get_or_404(key_id) key.is_active = False db.session.commit() flash('API key revoked.', 'success') return redirect(url_for('settings.api_keys')) # ── Module management ────────────────────────────────────────────────────────── @bp.route('/modules') @login_required @_admin_required def modules(): from app.models.module_config import ModuleConfig from app.services import module_manager registered_apps = current_app.config['REGISTERED_APPS'] cfg_map = {m.app_id: m for m in ModuleConfig.query.all()} module_statuses = [] for app in registered_apps: cfg = cfg_map.get(app['id']) enabled = cfg.enabled if cfg else True running = module_manager.is_running(app['id']) module_statuses.append({ 'app': app, 'enabled': enabled, 'running': running, }) return render_template('settings/modules.html', module_statuses=module_statuses) @bp.route('/modules//toggle', methods=['POST']) @login_required @_admin_required def toggle_module(app_id): from app.models.module_config import ModuleConfig from app.services import module_manager registered_ids = {a['id'] for a in current_app.config['REGISTERED_APPS']} if app_id not in registered_ids: flash('Unknown application.', 'danger') return redirect(url_for('settings.modules')) action = request.form.get('action') # 'enable' or 'disable' if action not in ('enable', 'disable'): flash('Invalid action.', 'danger') return redirect(url_for('settings.modules')) cfg = ModuleConfig.query.filter_by(app_id=app_id).first() if cfg is None: cfg = ModuleConfig(app_id=app_id, enabled=True) db.session.add(cfg) app_meta = next(a for a in current_app.config['REGISTERED_APPS'] if a['id'] == app_id) name = app_meta['name'] if action == 'disable': cfg.enabled = False db.session.commit() module_manager.write_module_state(app_id, False) if module_manager.is_running(app_id): module_manager.stop_service(app_id) flash(f'{name} has been disabled and stopped.', 'success') else: flash(f'{name} has been disabled.', 'success') else: # enable cfg.enabled = True db.session.commit() module_manager.write_module_state(app_id, True) if not module_manager.is_running(app_id): ok = module_manager.start_service(app_id) if ok: flash(f'{name} has been enabled and is starting up.', 'success') else: flash( f'{name} enabled. No launch spec found — ' 'run ./start-dev.sh to start it.', 'warning', ) else: flash(f'{name} is already running and has been re-enabled.', 'success') return redirect(url_for('settings.modules'))